syslog-ng Ücretsiz Sürüm ve Premium Sürüm

syslog-ng ücretsiz açık kaynak sürüm (syslog-ng OSE) tüm dünyada en fazla kullanılan kayıt sistemlerinden birisidir. Selefi olduğu eski syslogd sunucusuna göre TCP bazlı güvenli veri transfer protokol (RLTP) desteği, TLS kullanabilme, kayıtları doğrudan MySQL veya PostgreSQL veritabanına kaydetme, gibi üstünlükleri vardır. Buna karşın sadece syslog-ng Premium sürüm (syslog-ng PE) ileri seviye bazı özelliklere sahiptir. Bunlar disk üzerinde kayıtları tamponlayabilme, kriptolu kayıt dosyası kullanabilme, veya Microsoft Windows ve IBM System i desteklemek gibi...

Aşağıda syslogd, syslog-ng OSE, ve syslog-ng Premium Sürüm (PE) karşılaştırmasının en temel ayrıştırıcıları gösterilmiştir.


syslog-ngOSE

  • RLTP TCP Güvenli Transfer
  • İçeriğe göre filtreleme
  • Veritabanına kayıt tutma
  • TLS desteği
  • Kriptolu, imzalı, zaman damgalı kayıt
  • -
  • -
  • -

syslog-ng Detaylı Karşılaştırma

  syslogd syslog-ng OSE syslog-ng PE
Receive log messages from      
UNIX domain socket (stream & dgram)
UDP
UDP using the IETF-syslog protocol standard (RFC5424) -
TCP -
TCP using the IETF-syslog protocol standard (RFC5424) -
UDP6 depends on the OS
TCP6 -
TLS-encrypted channels -
TLS using the IETF-syslog protocol standard (RFC5424) -
Named pipe -
File -
Standard output (stdout) of an application -
Kernel log device on Linux, Solaris, BSD klogd
Collect process accounting logs on Linux - -
File with wildchars in its filename or path - -
Handle multi-line messages like Apache Tomcat or Oracle log messages - -
IBM System i audit journal (QAUDJRN) & operator console journal (QSYSOPR) (via separate agent application) - -
Windows Event Log containers / log files (via separate agent application) - -
       
Send log messages to      
UNIX domain sockets (stream & dgram) -
UDP
UDP using the IETF-syslog protocol standard (RFC5424) -
TCP -
TCP using the IETF-syslog protocol standard (RFC5424) -
UDP6 depends on the OS
TCP6 -
Named pipe
File
Encrypted, compressed, timestamped, and indexed binary file - -
SQL database (MySQL, Microsoft SQL (MSSQL), Oracle, PostgreSQL, SQLite) -
The standard input of any user-specified program -
User tty
Support for native TLS encryption when using TCP, TCP6, or the IETF-syslog protocol -
Send messages to a secondary log server if the primary is unaccessible (client-side failover) - -
       
Performance      
Superior performance, on-line collection of about 75000 messages/second (measured with 150-byte-long messages on entry-level server hardware) -
Message formats      
Support for raw, non-syslog messages -
Support for RFC3164 message format (BSD)
Support for the IETF-syslog message format (RFC5424) -
Support for extended RFC3339 (a.k.a. ISO 8601) timestamps -
Support for some non-standard timestamp formats (Cisco PIX, LinkSys, etc.) -
Support the extended Cisco IOS timestamp format - -
Support for microsecond time resolution (precision is user adjustable) -
Support for timezone information -
Support for detecting invalid hostnames (enables to accept messages from applications that send imperfectly formatted syslog messages) -
Support for chained hostname format the records the message path through syslog relays -
       
Message processing/filtering      
Support for resolving hostnames from DNS
Support for resolving hostnames from file (local IP->host mapping) -
Cached DNS queries to avoid overloading DNS servers and improved performance -
Support for normalizing hostnames (ensure that hostnames are all lower case) -
Messages can target multiple, independent destinations (file, sql, multiple remote server, etc.) at the same time
The same filtering operation can direct messages to multiple destinations -
Segment the text of the message into name=value pairs using parsers -
Use the results of parsing as macros -
Define default values for macros -
Rewrite selected parts of the message -
Support for conditional rewriting: modify a message only if a certain condition is met -
Support for modifying macros using template functions -
Set the value of a name=value pair -
Support for converting timestamps between timezones -
Support for flow-controlled log paths: accepting messages from the input is suspended while the destination is full, until the destination can accept messages -
Support for complex filters, using full bool algebra with and/or/not operators and parenthesis -
Support for reusable filters: specify a filter once and use it in multiple log paths -
Re-use the results of filtering, parsing, and rewriting to create embedded logpaths -
Support for combined filters: filters can be combined using boolean operations, embedded into each other, etc. -
Support for content based filtering using POSIX regular expressions -
Support for content based filtering using PCRE regular expressions -
Support for substring matches in regular expressions -
Filtering for syslog facility and priority
Filtering for hostname -
Filtering for application -
Filtering for message contents -
Filtering for sending IP address -
Filtering for any SD metadata when using the IETF-syslog protocol -
Filtering on message tags -
Support for discarding messages based on a filter
Support for limiting the rate of messages sent to a destination -
Support for a sorting messages to different destinations, all unfiltered messages are collected in a fallback destination -
Collect per-destination, per-source and global statistics -
Collect statistics for dynamic objects like pattern database rules, classification results, and so on -
The statistics can be requested any time using a unix-domain socket -
       
Pattern database      
Identify messages based on a pattern database -
Extract important information from the messages into name-value pairs -
Filtering on name-value pairs extracted from the message or received from the pattern database -
Correlate log messages based on pattern database rules real-time -
Trigger actions for identified messages or correlation results -
       
Features      
Create files and directories automatically, based on message content -
Create tables, columns and indexes automatically in SQL databases, based on message content -
Customizable message format using templates and macros -
Segment and modify message content -
Support for automatic log rotation by adding timestamps to logfile and database table names -
Restart destination programs if they exit -
Restart source programs if they exit -
Support for buffering messages to hard disk to avoid losing messages in case the destination becomes unreachable - -
Contents of the disk buffer are persistent and saved across syslog-ng restarts - -
Support for mutual, X.509 based authentication when using TLS -
Support for network link compression when using TLS -
Support for log files over 2GB
Support for spoofing the source IP address when forwarding messages using UDP -
Multithreaded when using the SQL destination -
Support for IPv6 depends on the OS
Send and receive messages from multicast addresses -
Timestamps may include fractions of a second -
Can operate as client, relay, or server
Extendable, plugin-based architecture -
       
Configuration format      
High flexibility -
Clean, readable configuration format -
Include configuration sections and snippets from other files -
Ability to define reusable configuration blocks -
Ability to generate configuration files dynamically -
       
Other features      
Portability: supports a wide variety of UNIX platforms (Linux, BSDs, Solaris, HP-UX, AIX, Tru64). OSE is mainly provided as a source-code release, syslog-ng PE has binaries for the following platforms .
Windows support - -
Vivid and helpful community on the mailing list -
Professional-grade documentation
Commercial support available only from some OS vendors
Proven track record (over 10 years of existence and use)
Multithreading -
Sending SNMP traps - -
SQL source - -
RLTP (Reliable Log Transfer Protocol) - -
Reliable disk buffer - -
MongoDB output -
JSON output and parser -
AMQP output - -