syslog-ng
Related pages
Technical features of syslog-ng
The following table provides a detailed list of the features of syslog-ng.
| syslogd | syslog-ng OSE | syslog-ng PE | |
| Receive log messages from | |||
| UNIX domain socket (stream & dgram) | ✔ | ✔ | ✔ |
| UDP | ✔ | ✔ | ✔ |
| TCP | X | ✔ | ✔ |
| UDP6 | depends on the OS | ✔ | ✔ |
| TCP6 | X | ✔ | ✔ |
| named pipe | X | ✔ | ✔ |
| file | X | ✔ | ✔ |
| Kernel log device on Linux, Solaris, BSD | klogd | ✔ | ✔ |
| IBM System i audit journal (QAUDJRN) & operator console journal (QSYSOPR) (via separate agent application) | X | X | ✔ |
| Windows EventLog /log files (via separate agent application) | X | X | ✔ |
| Send log messages to | |||
| UNIX domain sockets (stream & dgram) | X | ✔ | ✔ |
| UDP | ✔ | ✔ | ✔ |
| TCP | X | ✔ | ✔ |
| UDP6 | depends on the OS | ✔ | ✔ |
| TCP6 | X | ✔ | ✔ |
| named pipe | ✔ | ✔ | ✔ |
| file | ✔ | ✔ | ✔ |
| SQL database (MySQL, Microsoft SQL (MSSQL), Oracle, PostgreSQL, SQLite) | X | ✔ | ✔ |
| the standard input of any user-specified program | X | ✔ | ✔ |
| user tty | ✔ | ✔ | ✔ |
| Support for native TLS encryption when using TCP and TCP6 | X | X | ✔ |
| Performance | |||
| Superior performance, on-line collection of about 70000 messages/second (measured with 150-byte-long messages on current server hardware) | X | ✔ | ✔ |
| Message formats | |||
| Support for raw, non-syslog messages | X | ✔ | ✔ |
| Support for RFC3164 message format (BSD) | ✔ | ✔ | ✔ |
| Support for extended RFC3339 (a.k.a. ISO 8601) timestamps | X | ✔ | ✔ |
| Support for some non-standard timestamp formats (Cisco PIX, LinkSys, etc.) | X | ✔ | ✔ |
| Support for microsecond time resolution (precision is user adjustable) | X | ✔ | ✔ |
| Support for timezone information | X | ✔ | ✔ |
| Support for detecting invalid hostnames (enables to accept messages from applications that send imperfectly formatted syslog messages) | X | ✔ | ✔ |
| Support for chained hostname format the records the message path through syslog relays | X | ✔ | ✔ |
| Message processing/filtering | |||
| Support for resolving hostnames from DNS | ✔ | ✔ | ✔ |
| Support for resolving hostnames from file (local IP->host mapping) | X | ✔ | ✔ |
| Cached DNS queries to avoid overloading DNS servers and improved performance | X | ✔ | ✔ |
| Support for normalizing hostnames (ensure that hostnames are all lower case) | X | ✔ | ✔ |
| Messages can target multiple, independent destinations (file, sql, multiple remote server, etc.) at the same time | ✔ | ✔ | ✔ |
| The same filtering operation can direct messages to multiple destinations | X | ✔ | ✔ |
| Support for converting timestamps between timezones | X | ✔ | ✔ |
| Support for flow-controlled log paths: accepting messages from the input is suspended while the destination is full, until the destination can accept messages | X | ✔ | ✔ |
| Support for complex filters, using full bool algebra with and/or/not operators and parenthesis | X | ✔ | ✔ |
| Support for reusable filters: specify a filter once and use it in multiple log paths | X | ✔ | ✔ |
| Support for combined filters: filters can be combined using boolean operations, embedded into each other, etc. | X | ✔ | ✔ |
| Support for content based filtering using POSIX regular expressions | X | ✔ | ✔ |
| Filtering for syslog facility and priority | ✔ | ✔ | ✔ |
| Filtering for hostname | X | ✔ | ✔ |
| Filtering for application | X | ✔ | ✔ |
| Filtering for message contents | X | ✔ | ✔ |
| Filtering for sending IP address | X | ✔ | ✔ |
| Support for discarding messages based on a filter | ✔ | ✔ | ✔ |
| Support for limiting the rate of messages sent to a destination | X | X | ✔ |
| Support for a sorting messages to different destinations, all unfiltered messages are collected in a fallback destination | X | ✔ | ✔ |
| Collect per-destination, per-source and global statistics | X | ✔ | ✔ |
| Features | |||
| Create files and directories automatically, based on message content | X | ✔ | ✔ |
| Create tables, columns and indexes automatically in SQL databases, based on message content | X | ✔ | ✔ |
| Customizable message format using templates and macros | X | ✔ | ✔ |
| Support for automatic log rotation by adding timestamps to logfile and database table names | X | ✔ | ✔ |
| Restart destination programs if they exit | X | ✔ | ✔ |
| Support for buffering messages to hard disk to avoid losing messages in case the destination becomes unreachable | X | X | ✔ |
| Contents of the disk buffer are persistent and saved across syslog-ng restarts | X | X | ✔ |
| Support for mutual, X.509 based authentication when using TLS | X | X | ✔ |
| Support for network link compression when using TLS | X | X | ✔ |
| Support for log files over 2GB | ✔ | ✔ | ✔ |
| Support for spoofing the source IP address when forwarding messages using UDP | X | ✔ | ✔ |
| Multithreaded when using the SQL destination | X | ✔ | ✔ |
| Support for IPv6 | depends on the OS | ✔ | ✔ |
| Send and receive messages from multicast addresses | X | ✔ | ✔ |
| Timestamps may include fractions of a second | X | ✔ | ✔ |
| Can operate as client, relay, or server | ✔ | ✔ | ✔ |
| Other features | |||
| Portability: supports a wide variety of UNIX platforms (Linux, BSDs, Solaris, HP-UX, AIX) | ✔ | ✔ | ✔ |
| Vivid and helpful community on the mailing list | X | ✔ | ✔ |
| Professional-grade documentation | ✔ | ✔ | ✔ |
| Commercial support available | only from some OS vendors | ✔ | ✔ |
| Proven track record (over 10 years of existence and use) | ✔ | ✔ | ✔ |
