A new system log daemon for Fedora [LWN.net]

Fedora 8 will be using Rsyslog instead of sysklogd. In fact, rsyslog is already in rawhide. The Fedora wiki site notes that sysklogd seems to be dead upstream and there are many new features that people have been requesting. Rsyslog seems to be the package that best meets the requirements of a feature-full yet backward compatible system log daemon.

The list of rsyslog features includes native support for writing to MySQL databases, support for (plain) tcp based syslog, support for sending and receiving compressed syslog messages, support for receiving messages via reliable RFC 3195 delivery, the ability to generate file names and directories dynamically, control of log output format, good timestamp format control, the ability to reformat message contents and work with substrings, support for log files larger than 2gb, support for file size limitation and automatic rollover command execution, support for running multiple rsyslogd instances on a single machine, support for ssl-protected syslog (via stunnel), the ability to filter on any part of the message, the ability to use regular expressions in filters, support for discarding messages based on filters, the ability to execute shell scripts on received messages, control of whether the local hostname or the hostname of the origin of the data is shown as the hostname in the output, the ability to preserve the original hostname in NAT environments and relay chains, the ability to limit the allowed network senders, powerful BSD-style hostname and program name blocks for easy multi-host support, multi-threaded, experimental support for syslog-transport-tls based framing on syslog/tcp connections, a copy of klogd.c has been included under the name of rklogd for those Linux systems that need one, support for IPv6, the ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis, and more. Rsyslog is actively maintained and new features are added every few days.

The biggest issue in Fedora so far seem to be the upgrade path and how to replace sysklogd gracefully. Hopefully this will be resolved (or at least well documented) before the final Fedora 8 release. Those who do a clean install of Fedora 8 should have no problems whatsoever.

(Log in to post comments)

A new system log daemon for Fedora

Posted Jul 19, 2007 2:54 UTC (Thu) by miguelzinho (subscriber, #40535) [Link]

I don't get where is the trouble to replace a syslog daemon. In my machines I always remove sysklogd with syslog-ng. Every program logs to /dev/log as usual, so, what's up?

By the way I use Debian, and I really don't know why use sysklogd as default until today too, at least Fedora is pushing something new.

A new system log daemon for Fedora

Posted Jul 19, 2007 6:38 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

syslog-ng has some significant performance problems compared to the plain old sysklogd package in at lease some situations.

in addition syslog-ng is also significantly more complex code then sysklogd, and that's useually not a good thing.

on the other hand, I definantly agree that upstream seems to be dead, in addition the debian package also seems to be dead (there are a number of requests and patches in the debian bug tracker, but none of them are makeing it into a release.

I looked at rsyslog a couple of years ago and quickly went back to sysklogd, It sounds like it's time to take another look.

A new system log daemon for Fedora

Posted Jul 20, 2007 1:11 UTC (Fri) by mbiebl (subscriber, #41876) [Link]

I packaged rsyslog for Debian a few days ago. If there is interest I can make these packages public and possibly also upload them to the Debian archive.

A new system log daemon for Fedora

Posted Jul 20, 2007 3:36 UTC (Fri) by hmh (subscriber, #3838) [Link]

Do that only if you are going to take care of it with enough paranoia and dedication to handle an extremely critical piece of system infrastructure. And set up a team of at least three very active DDs to take care of it.

But if you manage to do that, we might be able to finally get rid of that utter piece of crap of a default kernel and system log daemon we have in Debian...

Editor, please!

Posted Jul 24, 2007 3:37 UTC (Tue) by roelofs (guest, #2599) [Link]

That middle paragraph really needs to be refactored into a few smaller sentences

Or an itemized list, which I suspect is what it was in the first place. (And yes, I too nearly turned blue and passed out from anoxia before getting to the end of it. Whoo! Like running a marathon. ;-) )

Greg

Grumpy old man comment

Posted Jul 20, 2007 23:11 UTC (Fri) by smoogen (subscriber, #97) [Link]

Argh.. I had been hoping that syslog-ng would be put in.. even if it meant learning a new configuration file method. Looking at seth vidals pages on the syntax changes that you have to 'wedge' into rsyslog to do things like syslog-ng.. it makes me grumpy.

I would be interested in knowing what the performance problems with syslog-ng are. We had over 2000 systems using syslog-ng+stunnel to remotely log to server... and it seemed ok-ish... with a lot less lost messages that we used to get.

Now if rsyslog gets native SSL encryption versus wrapping with stunnel.. I would be really less grumpy.