[olug] syslog server

Christopher Cashell topher-olug at zyp.org
Wed Jan 26 16:47:46 UTC 2011


On Wed, Jan 26, 2011 at 10:25 AM, Craig Wolf <CJWolf at mpsomaha.org> wrote:
> What are people using for a syslog server out there?

Syslog-NG.  Splunk is pretty slick for searching and reporting, too,
depending on volume.

rsyslog has improved hugely over the past few years, and it has a
great feature set (to the point where it's roughly on par with
Syslog-NG in most areas, beats it in one or two, and falls short in a
handful of places).  Unfortunately, it also has one of the worst
configuration files I've ever seen.  Their goal of maintaining
compatibility with legacy syslog.conf was good for improving adoption
(and that's good, as rsyslog is light years ahead of the old syslogd),
but the added features in rsyslog make the config file an ugly mess.
Rainer Gerhards, rsyslog's main developer, has talked about a new
config file format, and even did some preliminary write-ups and work
on it, but the last I heard it sounded like they were going to dump it
and stick with the old syslog.conf based setup for now.

As great as the feature set is, and as impressive as rsyslog is under
the hood, the config makes me want to kill myself, especially after
how clean, flexible, and usable Syslog-NG's config format is.

I'll use rsyslog on simple systems that do little more than forward
their logs to a central Syslog server (running Syslog-NG).  For
everything else, I'll stick with Syslog-NG until rsyslog comes up with
a new config format.

> Craig Wolf

-- 
Christopher



More information about the OLUG mailing list