Rsyslog

Rsyslog is an open source implementation of the syslog protocol for Unix and Unix -like systems. It extends the original syslogd model with content- based filtering, comprehensive applications for filters, flexible configuration options and adds important features such as TCP transmission protocol added.

Protocol

Rsyslog makes use of the quasi - standards of the BSD syslog protocol, which is specified in RFC 3164. Since the content of RFCs is somewhat inaccurate and only an informal description is instead a standard, several incompatible offshoot appeared on the market. Rsyslog supports many of these offshoots. The format of forwarded messages can be customized.

The most important offshoot of the original protocol are supported by rsyslog:

  • ISO 8601 timestamp with distinction of milliseconds and time zone information
  • To trace back the addition of the name of a relay station in the host field, to make it possible to route the message
  • Reliable transport over TCP
  • Support of GSSAPI and TLS
  • Direct logging using different database connections
  • Support for the new syslog RFC series of IETF
  • Support for buffered modes of operation, in which messages are buffered locally if the receiver is not ready yet

History

The rsyslog project began in 2004 when Rainer Gerhards, the primary author of rsyslog, decided a new and powerful syslog daemon to write to that can compete with syslog- ng, because, and, according to the statement of the author, " A new player a monoculture can prevent and will ensure freedom of choice. "

Distributions

Rsyslog is available for various Unix systems and Linux distributions, among others:

  • Debian (since Debian 5.0 comes rsyslog as default syslog for use )
  • Red Hat Enterprise Linux ( RHEL6 Since rsyslog is the default syslogd )
  • Fedora ( Since November 2007 is the default syslogd rsyslog the Fedora Project )
  • FreeBSD
  • Ubuntu (since version 9.10 (October 2009) is the default syslogd rsyslog )
  • Gentoo
  • OpenSUSE (since version 11.2 (December 2009) is the default syslogd rsyslog )
  • Solaris

Rsyslog is currently not available for the following platforms:

  • AIX

Related RFCs and working groups

  • RFC 3164 - The BSD syslog Protocol
  • RFC 5424 - The syslog protocol ( RFC 3164 replaces )
Internet Engineering Task Force Daemon (computing) Syslog-ng IBM AIX
695529
de