• Rsyslog

Rsyslog is an enhanced multi-threaded syslogd with a focus on security and reliability. Among others, it offers support for on-demand disk buffering, reliable syslog over TCP, SSL, TLS and RELP, writing to databases, email alerting. It is a drop-in replacement for syslogd.

rsyslog in Lenny

Starting with Lenny, Debian will use rsyslog instead of sysklogd by default.

Here are some arguments from the discussions 1 2 3:

• rsyslog is a drop in replacement for former syslog (If you have a custom syslog.conf, you can copy it to /etc/rsyslog.conf)

• Support for logging into databases (MySQL and PostgreSQL).
• A real plus is also upstream, who is very responsive and active and it's a pleasure to work with him.
• Automated log rotation.
• Configure remote logging via debconf.
• sysklogd in itself is not bad, but the package has been nearly fully unmaintained for years.

See also

• phpLogCon An optional web interface to visualize all data online.

• http://www.rsyslog.com/doc - Documentation

Migration from syslogd / klogd

Following the discussions on debian-devel http://lists.debian.org/debian-devel/2008/01/msg01002.html there are plans to change the default syslog daemon for lenny to rsyslog http://www.rsyslog.com

An analysis of the current situation :

Suggests:
1.) xwatch: sysklogd
    Besides a small example config file, there is nothing syklogd
    specific in this package.
    Should be changed to $preferred_syslog | system-log-daemon
2.) jffnms: syslog-ng
    Nothing syslog-ng specific in this package. Should be changed to
    $preferred_syslog | system-log-daemon
Recommends:
3.) anacron: sysklogd | system-log-daemon
4.) fcron: sysklogd | system-log-daemon
5.) heartbeat: sysklogd | syslog-ng | system-log-daemon
6.) ldirectord: sysklogd | syslog-ng
    Should be changed to $preferred_syslog | system-log-daemon
7.) nullmailer: sysklogd | system-log-daemon
8.) rlinetd: sysklogd | system-log-daemon
9.) xinetd: sysklogd | system-log-daemon
Depends:
10.) alamin-client: sysklogd | system-log-daemon
11.) alamin-mysql: sysklogd | system-log-daemon
12.) alamin-server: sysklogd | system-log-daemon
     Uses syslog-facility in postinst/prerm. install will not fail if
     syslog-facility is not present.
     Easy to use a fixed syslog-facility or even better provide a
     rsyslog.d snippet.
13.) alamin-smpp: sysklogd | system-log-daemon
14.) fwlogwatch: sysklogd | system-log-daemon
15.) inetutils-ftpd: inetutils-syslogd | system-log-daemon
16.) inetutils-inetd: inetutils-syslogd | system-log-daemon
17.) inetutils-talkd: inetutils-syslogd | system-log-daemon
18.) inetutils-telnetd: inetutils-syslogd | system-log-daemon
19.) klogd: sysklogd | system-log-daemon
20.) logcheck: sysklogd | system-log-daemon | syslog-ng
     Has used syslogd-listfiles in postinst, was removed again 2002
21.) psad: syslogd | syslog-ng | metalog
     Should be changed to $preferred_syslog | system-log-daemon
22.) request-tracker3.6: sysklogd | system-log-daemon
23.) snort: sysklogd | system-log-daemon
     Has used syslogd-listfiles years again, was removed again
24.) snort-common: sysklogd | system-log-daemon
25.) snort-mysql: sysklogd | system-log-daemon
26.) snort-pgsql: sysklogd | system-log-daemon
27.) snort-rules-default: sysklogd | system-log-daemon
28.) sympa: sysklogd (>= 1.3-27) | system-log-daemon
     Uses syslog-facility in postrm/postinst to setup a custom facility
     to log to /var/log/sympa.log. Doesn't fail to install if
     syslog-facility is not found, will log to /var/log/messages
     instead. Could easily ship a rsyslog.d snippet.

For 1.), 2.), 6.) and 21.) there are already bugs filed: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=goal-rsyslog;users=biebl@debian.org

For 12.) and 28.) wishlist bugs providing a config file snippet for /etc/rsyslog.d/ will be filed.

And finally, if it is approved that rsyslog should be become the default system-log-daemon, wishlist bugs against the remaining packages to change the dependency to rsylog | system-log-daemon, where appropriate will be filed.

Remaining steps:

• Document the change by preparing a patch for the release notes

  • rsyslog from version 3.14.1 on, uses high precision timestamps. This change should be documented or disabled, if affected packages can't be fixed until the lenny release. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475303 (this change was reverted in 3.14.2-2 and high precision timestamp will remain disabled for lenny)

• Get the priorities fixed by a ftpmaster (assistant)

Concerns were raised by Guillem Jover about the size of rsyslog:

rsyslogd seems to have a lot of features, and it's a bit big compared
to other implementations, do normal users need all that stuff?
Sysadmins can easily change it, and I bet most of the users do not
care much what syslogd is installed as long as it's just logging.
The list of syslogd sorted by Installed-Size:
Package: socklog-run
Installed-Size: 148
Package: sysklogd
Installed-Size: 212
Package: inetutils-syslogd
Installed-Size: 216
Package: syslog-ng
Installed-Size: 552
Package: rsyslog
Installed-Size: 672

As a consequence, the HTML documentation in rsyslog was split into a separate package rsyslog-doc. The resulting size of rsylog as of version 2.0.1-2 is 258k.