Comparing syslogd, syslog-ng OSE, and syslog-ng PE

What does syslog-ng PE offer over syslogd?

The syslogd application is the standard system logging application used by network devices like switches and routers, as well as servers running operating systems based on Unix, including Linux, HP-UX, BSD, Solaris, and AIX, but excluding Microsoft Windows. The implementations of syslogd on the different operating systems are in part system-specific, while syslog-ng has higher portability, using the same codebase on every platform. Regarding reliability, syslogd does nothing to ensure that the sent messages really arrive to the server. It uses the unreliable UDP network protocol, meaning that messages can get lost on the network without the sender or the server ever noticing it. Additionally, syslogd simply drops messages when the server is unavailable or overloaded. It does not have the ability to encrypt the messages, and the server can output the logs only into text files.

What does syslog-ng PE offer over syslog-ng OSE?

The syslog-ng Open Source Edition (syslog-ng OSE) application is the most popular and widespread alternative system logging application used in the world, having replaced syslogd on tens of thousands of systems. It has several features surpassing syslogd, including reliable message transferring using the TCP protocol, the ability to send log messages directly to an SQL database like MySQL or PostgreSQL, and the possibility to control the flow of messages to handle minor server outages. But only syslog-ng PE has the more advanced features of buffering the messages on the hard disk, natively supporting message encryption (TLS), and support for Microsoft Windows operating systems.

The following table summarizes the main differences between the syslogd, syslog-ng Open Source Edition (OSE), and syslog-ng Premium Edition (PE). For a more in-depth technical comparison, see the detailed feature comparison between syslogd, syslog-ng OSE, and syslog-ng PE.