|Original author(s)||Rainer Gerhards|
|Stable release||7.4.9 / January 22, 2014|
|Preview release||8.1.5 / January 24, 2014|
|License||GNU General Public License v3|
Rsyslog is an open source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IP network. It implements the basic syslog protocol, extends it with content-based filtering, rich filtering capabilities, flexible configuration options and adds important features such as using TCP for transport.
Rsyslog uses the quasi-standard BSD syslog protocol, specified in RFC 3164. As the text of RFC 3164 is an informational description and not a standard, various incompatible extensions of it emerged. Rsyslog supports many of these extensions. The format of relayed messages can be customized.
The most important extensions of the original protocol supported by rsyslog are:
- ISO 8601 timestamp with millisecond granularity and timezone information
- the addition of the name of relays in the host fields to make it possible to track the path a given message has traversed
- reliable transport using TCP
- support GSS-API and TLS
- logging directly into various database engines.
- support for RFC 5424, RFC 5425, RFC 5426
- support for RELP
- support for buffered operation modes where messages are buffered locally if the receiver is not ready
- complete input/output support for systemd journal
The rsyslog project began in 2004, when Rainer Gerhards, the primary author of rsyslog, decided to write a new strong syslog daemon to compete with syslog-ng, because, according to the author, "A new major player will prevent monocultures and provide a rich freedom of choice." Rainer Gerhards worked on rsyslog inside his own company, Adiscon GmbH.
rsyslog is available for a number of Unix systems and Linux distributions, among others:
- Fedora (In November 2007, rsyslog has become the default syslogd for the Fedora project) Fedora was the first major distribution to adopt this software; however, since Fedora 20 "Heisenbug" (released on December 17 2013) the default syslog has been replaced by journald.
- openSUSE (default since 11.2; November 2009)
- Debian GNU/Linux (As of Debian 5.0, rsyslog has become the default syslog)
- Red Hat Enterprise Linux (from RHEL 5)
- SUSE Linux Enterprise Server (from SLES 11 SP 2 )
- Arch Linux
Related RFCs and working groups
- RFC 3164 - The BSD syslog Protocol (obsoleted by RFC 5424)
- RFC 5424 - The Syslog Protocol (obsoletes RFC 3164)
- RFC 5425 - Transport Layer Security Mapping for Syslog
- RFC 5426 - Transmission of Syslog Messages over UDP
- "Why does the world need another syslog?". August 12, 2007. Retrieved June 7, 2009.
- "Platforms". Retrieved June 7, 2009.
- "Debian 5.0 release notes". February 14, 2009. Retrieved February 16, 2009. "The package rsyslog takes over as default system and kernel logging daemon for Debian 5.0, replacing syslogd and klogd."
- "Release Notes for SUSE Linux Enterprise Server 11 Service Pack 2". Retrieved August 3, 2012. "syslog-ng will be replaced with rsyslog"