Translation(s): 中文普通话 - English - Français - Italiano


Rsyslog is an open source program for transferring log messages over an IP network for UNIX and Unix systems. It implements the core syslog protocol, and extends it with content-based filtering, advanced filtering features, flexible configuration options, and adds features such as the use of TCP, SSL, and RELP for transport. Rsyslog is a direct substitute for syslogd. Rsyslog offers high performance, security features and modular design. Rsyslog can allow us to store log messages in a MySQL, MariaDB, MongoDB or PostgreSQL database that can be configured with dbconfig-common for easy configuration via debconf. The log data can be exploited by a complementary program. The rotation of the log messages is automated.

History of Rsyslog in Debian

Deprecation in Bookworm

In Bookworm, since the persistent journal from Systemd's journald has been activated and most log messages would end up being written twice on disk, the rsyslog package has been demoted from the Important to the Optional priority, which means it is no longer installed by default in a base Debian system (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018788).

It is still possible to install the rsyslog package and it will work as usual (note that messages sent to /dev/log will travel through Systemd's journald, you might want to remove the /var/log/journal folder to prevent journald from using its own message persistence logic).

Previous releases

The rsyslogd service was integrated with the rsyslog package from Debian Lenny to replace the old syslog daemon sysklogd. The existing logging rules in syslog.conf can be simply copied to /etc/rsyslog.conf or to the /etc/rsyslog.conf.d directory. Sysklogd has been unmaintained for many years. Debian Lenny release notes

Some arguments in favor of Rsyslog in the following discussions :

See also


CategorySoftware | CategorySystemAdministration