Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Protocol 2 History 3 Features 4 Distributions 5 Portability 6 Related RFCs & working groups 7 See also 8 References

syslog-ng

●Deutsch ●Français ●日本語 Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

syslog-ng
Original author(s)	Balázs Scheidler
Initial release	1998

Stable release	4.7.1^[1] / 19 April 2024; 2 months ago (19 April 2024)

Repository	github.com/syslog-ng/syslog-ng
Operating system	Unix-like
Type	System logging
License	Core: LGPL Plugins: GPLv2
Website	www.syslog-ng.com/products/open-source-log-management/

syslog-ng is a free and open-source implementation of the syslog protocol for Unix and Unix-like systems. It extends the original syslogd model with content-based filtering, rich filtering capabilities, flexible configuration options and adds important features to syslog, like using TCP for transport. As of today,^[when?] syslog-ng is developed by Balabit IT Security Ltd. It has three editions with a common codebase. The first is called syslog-ng Open Source Edition (OSE) with the license LGPL. The second is called Premium Edition (PE) and has additional plugins (modules) under a proprietary license. The third is called Storebox (SSB), which comes as an appliance with a Web-based UI as well as additional features including ultra-fast-text search, unified search, content-based alerting and a premier tier support.^[2]

In January 2018, syslog-ng, as part of Balabit, was acquired by One Identity under the Quest Software umbrella. The syslog-ng team remains an independent business within the One Identity organization and continues under the syslog-ng brand.

Protocol[edit]

syslog-ng uses the standard BSD syslog protocol, specified in RFC 3164. As the text of RFC 3164 is an informational description and not a standard, some incompatible extensions of it emerged. Since version 3.0 syslog-ng also supports the syslog protocol specified in RFC 5424. syslog-ng interoperates with a variety of devices, and the format of relayed messages can be customized.

Extensions to the original syslog-ng protocol include:

ISO 8601 timestamps with millisecond granularity and time zone information
The addition of the name of relays in additional host fields, to make it possible to track the path of a given message
Reliable transport using TCP
TLS encryption (Since 3.0.1 in OSE ^[3])

History[edit]

The syslog-ng project began in 1998, when Balázs Scheidler, the primary author of syslog-ng, ported the existing syslog code to Linux. The 1.0.x branch of syslog-ng was still based on the syslog sources and are available in the syslog-ng source archive.

Right after the release of syslog-ng 1.0.x, a reimplementation of the code base started to address some of the shortcomings of syslog and to address the licensing concerns of Darren Reed, the original syslog author. This reimplementation was named stable in the October 1999 with the release of version 1.2.0. This time around, syslog-ng depended on some code originally developed for lsh by Niels Möller.

Three major releases (1.2, 1.4 and 1.6) were using this code base, the last release of the 1.6.x branch in February 2007. In this period of about 8 years, syslog-ng became one of the popular alternative syslog implementations.

In a volunteer based effort, yet another rewrite was started back in 2001, dropping lsh code and using the more widely available GLib library. This rewrite of the codebase took its time, the first stable release of 2.0.0 happened in October 2006.

Development efforts were focused on improving the 2.0.x branch; support for 1.6.x was dropped at the end of 2007. Support for 2.x was dropped at the end of 2009, but it is still used in some Linux distributions.^[4]^[5] Balabit, the company behind syslog-ng, started a parallel, commercial fork of syslog-ng, called syslog-ng Premium Edition. Portions of the commercial income are used to sponsor development of the free version.

Syslog-ng version 3.0 was released in the fourth quarter of 2008.

Starting with the 3.0 version developments efforts were parallel on the Premium and on the Open Source Editions. PE efforts were focused on quality, transport reliability, performance and encrypted log storage. The Open Source Edition efforts focused on improving the flexibility of the core infrastructure to allow more and more different, non-syslog message sources.

Both the OSE & PE forks produced two releases (3.1 and 3.2) in 2010.

Features[edit]

syslog-ng provides a number of features in addition to transporting syslog messages and storing them in plain text log files:

The ability to format log messages using Unix shell-like variable expansion (can break cross-platform log format compatibility)
The use of this shell-like variable expansion when naming files, covering multiple destination files with a single statement
The ability to send log messages to local applications
Support for message flow-control in network transport
Logging directly into a database (since syslog-ng OSE 2.1)
Rewrite portions of the syslog message with set and substitute primitives (since syslog-ng OSE 3.0)
Classify incoming log messages and at the same time extract structured information from the unstructured syslog message (since syslog-ng OSE 3.0)
Generic name–value support: each message is just a set of name–value pairs, which can be used to store extra information (since syslog-ng OSE 3.0)
The ability to process structured message formats transmitted over syslog, like extract columns from CSV formatted lines (since syslog-ng OSE 3.0)
The ability to correlate multiple incoming messages to form a more complex, correlated event (since syslog-ng OSE 3.2);^[6]

Distributions[edit]

syslog-ng is available on a number of different Linux and Unix distributions. Some install it as the system default, or provide it as a package that replaces the previous standard syslogd. Several Linux distributions that used syslog-ng have replaced it with rsyslog.^{[citation needed]}

openSUSE used it as default prior to openSUSE 11.2, and is still available
SLES used it prior to SUSE Linux Enterprise Server 12
Debian GNU/Linux used syslogd and klogd prior to 5.0; post-5.0 ("Lenny"), rsyslog is used^[7]
Gentoo Linux
Fedora used it prior to Fedora 10
Arch Linux used it as default prior to the adoption of systemd in 2012
Hewlett-Packard's HP-UX
FreeBSD port
ACygwin port is available for Microsoft Windows

Portability[edit]

syslog-ng is highly portable to many Unix systems, old and new alike. A list of the currently known to work Unix versions are found below:

Linuxoni386, ARM, PowerPC, SPARC and x86-64 CPUs
FreeBSD 7.x - 9.x on i386 and x86-64 CPUs
AIX 5, 6 and 7 on IBM Power microprocessors
HP-UX 11iv1, 11iv2 and 11iv3 on PA-RISC and Itanium CPUs
Solaris 8, 9, 10 on SPARC, x86-64 and i386 CPUs
Tru64 5.1b on Alpha CPUs

The list above is based on BalaBit's current first hand experience, other platforms may also work, but your mileage may vary.

Related RFCs & working groups[edit]

RFC 3164 - The BSD syslog protocol
RFC 5424 - The Syslog Protocol
RFC 5425 - Transport Layer Security (TLS) Transport Mapping for Syslog
RFC 5426 - Transmission of Syslog Messages over UDP

References[edit]

^ "Release 4.7.1". 19 April 2024. Retrieved 25 April 2024.

^ "Syslog-ng - Log Management Solutions".

^ "Changelog 3.0.1". Retrieved 2009-01-21.

^ "Debian syslog-ng package". Retrieved 2011-11-11.

^ "SLES syslog-ng documentation" (PDF). Archived from the original (PDF) on 2011-08-13. Retrieved 2011-11-11.

^ "Correlating lo messages with syslog-ng". Retrieved 2011-11-11.

^ "Chapter 2. What's new in Debian GNU/Linux 5.0". Retrieved 2010-05-22.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Syslog-ng&oldid=1234771025" Categories: ●Free network-related software ●Internet protocols ●Internet Standards ●Linux security software ●Network management ●System administration Hidden categories: ●Articles with short description ●Short description matches Wikidata ●All articles with vague or ambiguous time ●Vague or ambiguous time from October 2019 ●All articles with unsourced statements ●Articles with unsourced statements from February 2021 ●This page was last edited on 16 July 2024, at 02:06 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view