syslog-ng to replace syslogd

nathan r. hruby nhruby at uga.edu
Sat Aug 21 01:00:56 UTC 2004 

On Fri, 20 Aug 2004, seth vidal wrote:


> Which is why I advocate bringing in syslog-ng, if not as a replacement
> at least as an option for a syslog daemon.

I would be ok with it as an alternative or in Extras.

>
> syslog-ng supports regexs on logs, splitting on hostname, separate
> scripts per instance, tcp, alternate ports, stunnel wrapping of the
> whole daemon.
>

Yes, it certainly rocks.  However, the config syntax is decidedly *not*
user friendly.  I have seen experienced admins goof up plain 'ol sysklogd
config syntax and I can see their mind boggle at syslog-ng's syntax, much
less some newbie or fancy-pants DBA.  I think it'd be a large support load
and awful harsh transition for a good number of people, sysklogd currently
mimics the general feel of syslog.conf on a good number of other
platforms....

My suggestions (in no order of importance):
- ship syslog-ng as an alternative or in extras
- ship a syslog-ng config editor that makes things easy for the 80% of the
   people in the world who aren't using central syslogging.
- Find / support / ship an alternate secure and robust syslogd that is
   easy on the end user (I offered metalog as an example, but there many
   others too)
- Write a new *client* end syslogd that has all the features a client
   would need but is still small and  easy to configure for local logging,
   allowing people to use something with higher power on central servers.
   (this, I think, as an excellent side project should someone want to
   cover it because there's nothing like this presently)

> it's head and shoulders above syslogd and I can personally say I've been
> running it on our central loghost for > 4 yrs now w/o a problem.
>

Right, but that's the problem.  Not everyone (or every box) is running as
a syslog server, which is where most of syslog-ng's power shines.  For the
end user or small shop this is overload.

Am I saying this will never work?  No.  But the transition isn't as easy
as replacing X with Y for a lot of people.  Thought needs to go into the
transition and end product as well as security.

-n
-- 
-------------------------------------------
nathan hruby <nhruby at uga.edu>
uga enterprise information technology services
production systems support
metaphysically wrinkle-free
-------------------------------------------

More information about the fedora-devel-list mailing list