Translation(s): 中文普通话 - English - Français - Italiano
Rsyslog is an open source program for transferring log messages over an IP network for UNIX and Unix systems. It implements the core syslog protocol, and extends it with content-based filtering, advanced filtering features, flexible configuration options, and adds features such as the use of TCP, SSL, and RELP for transport. Rsyslog is a direct substitute for syslogd. Rsyslog offers high performance, security features and modular design. Rsyslog can allow us to store log messages in a MySQL, MariaDB, MongoDB or PostgreSQL database that can be configured with dbconfig-common for easy configuration via debconf. The log data can be exploited by a complementary program. The rotation of the log messages is automated.
History of Rsyslog in Debian
Deprecation in Bookworm
In Bookworm, since the persistent journal from Systemd's journald has been activated and most log messages would end up being written twice on disk, the rsyslog package has been demoted from the Important to the Optional priority, which means it is no longer installed by default in a base Debian system (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018788).
It is still possible to install the rsyslog package and it will work as usual (note that messages sent to /dev/log will travel through Systemd's journald, you might want to remove the /var/log/journal folder to prevent journald from using its own message persistence logic).
Previous releases
The rsyslogd service was integrated with the rsyslog package from Debian Lenny to replace the old syslog daemon sysklogd. The existing logging rules in syslog.conf can be simply copied to /etc/rsyslog.conf or to the /etc/rsyslog.conf.d directory. Sysklogd has been unmaintained for many years. Debian Lenny release notes
Some arguments in favor of Rsyslog in the following discussions :
https://lists.debian.org/debian-devel/2008/01/thrd3.html#01002
https://lists.debian.org/debian-release/2008/07/msg00117.html
See also
Rsyslog official website : https://www.rsyslog.com
Documentation Version 8 : https://www.rsyslog.com/doc/v8-stable/
General documentation : https://www.rsyslog.com/doc/master/index.html
Configuration documentation : https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Configuration examples : https://www.rsyslog.com/doc/v8-stable/configuration/examples.html
Rsyslog Debug Support : https://www.rsyslog.com/doc/v8-stable/troubleshooting/debug.html
Using the syslog receiver module : https://www.rsyslog.com/using-the-syslog-receiver-module/
Encrypting Traffic Syslog with TLS (SSL) [short version] : https://www.rsyslog.com/doc/v8-stable/tutorials/tls.html
Encrypting Traffic Syslog with TLS (SSL) : https://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html
Install a Centralized Log Server with Rsyslog in Debian 9 : https://www.howtoforge.com/tutorial/rsyslog-centralized-log-server-in-debian-9/
Manual pages: rsyslogd.8, rsyslog.conf.5
The rsyslog-doc package installs rsyslog's HTML documentation to /usr/share/doc/rsyslog-doc/