- Syslog-ng
syslog-ng is an
open source implementation of theSyslog protocol for UNIX and UNIX-like systems. It extends the original syslogd model with content-based filtering, rich filtering capabilities, flexible configuration options and adds important features to syslog, like using TCP for transport.Protocol
syslog-ng uses the quasi-standard
BSD syslog protocol, specified in RFC 3164. As the text of RFC 3164 is vague and is just an informational description and not a standard, various incompatible extensions of it emerged. syslog-ng tries hard to interoperate with a wide variety of devices, and the format of relayed messages can be customized.The most important extensions of the original protocol endorsed by syslog-ng are:
* ISO 8601 timestamp with millisecond granularity and timezone information
* the addition of the name of relays in the host fields to make it possible to track the path a given message has traversed
* reliable transport using TCP
* TLS encryption (Premium edition [cite web |url=http://www.balabit.com/network-security/syslog-ng/features/
title=Feature comparison
accessdate=2008-03-14] )
* logging directly into a database (Premium edition)History
The syslog-ng project began in 1998, when Balázs Scheidler, the primary author of syslog-ng, ported the existing nsyslogd code to Linux. The 1.0.x branch of syslog-ng was still based on the nsyslogd sources and are available in the syslog-ng source archive.
Right after the release of syslog-ng 1.0.x, a reimplementation of the code base started to address some of the shortcomings of nsyslogd and to address the licensing concerns of Darren Reed, the original nsyslogd author. This reimplementation was named stable in the October of 1999 with the release of 1.2.0. This time around, syslog-ng depended on some code originally developed for
lsh by Niels Möller.Three major releases (1.2, 1.4 and 1.6) were using this code base, the last release of the 1.6.x branch in February 2007. In this period of about 8 years, syslog-ng became one of the most popular alternative syslog implementations.
In a volunteer based effort, yet another rewrite was started back in 2001, dropping lsh code and using the more widely available GLib library. This rewrite of the codebase took its time, the first stable release of 2.0.0 happened in October of 2006.
Development efforts are focused in improving the 2.0.x branch, support for 1.6.x is expected to be dropped in the near future (as of May 2007).
BalaBit , the company behind syslog-ng started a parallel, commercial fork of syslog-ng, called syslog-ng Premium Edition. Portions of the commercial income are used to sponsor development of the free version.Distributions
syslog-ng is part of a number of different Linux and Unix distributions. Among others:
*SUSE Linux
* Debian GNU/Linux
*Gentoo Linux
* Fedora (until version 8, wherersyslog is used)
*Archlinux
*Hewlett-Packard 'sHP-UX Related RFCs & Working Groups
* RFC 3164 - The BSD syslog Protocol
References
External links
* [http://www.balabit.com/network-security/syslog-ng/ syslog-ng homepage]
* [http://nms.gdd.net/index.php/PHP-Syslog-NG Php-syslog-ng - a web interface and reporting tool for syslog-ng data]
* [http://www.campin.net/syslog-ng/faq.html syslog-ng FAQ]
* [http://www.loganalysis.org/ LogAnalysis Community website]
* [http://www.360is.com/02-syslogng.htm Recommendation and analysis of syslog-ng in secure environments]
* [http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/index.html syslog-ng documentation]
* [http://www.syslog.org/wiki/Syslog-ng/Syslog-ngWiki syslog-ng support wiki & forum]
* Syslog-ng and vlogger meet, http://www.feweb.net/syslog_and_vlogger.htm
Wikimedia Foundation. 2010.
