Differences between revisions 10 and 11
Revision 10 as of 2011-05-12 09:48:02
Size: 6087
Comment: Añadidos enlaces externos
Revision 11 as of 2012-02-29 15:08:25
Size: 1648
Editor: MichaelBiebl
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
See the [[http://www.debian.org/releases/lenny/i386/release-notes/ch-whats-new.de.html#system-changes|Lenny release notes]].
Line 17: Line 18:
==== See also ==== == See also ==
Line 20: Line 21:



== Migration from syslogd / klogd ==

Following the discussions on debian-devel http://lists.debian.org/debian-devel/2008/01/msg01002.html there are plans to change the default syslog daemon for [[DebianLenny|lenny]] to rsyslog http://www.rsyslog.com

An analysis of the current situation :

{{{
Suggests:
1.) xwatch: sysklogd
    Besides a small example config file, there is nothing syklogd
    specific in this package.
    Should be changed to $preferred_syslog | system-log-daemon
2.) jffnms: syslog-ng
    Nothing syslog-ng specific in this package. Should be changed to
    $preferred_syslog | system-log-daemon
Recommends:
3.) anacron: sysklogd | system-log-daemon
4.) fcron: sysklogd | system-log-daemon
5.) heartbeat: sysklogd | syslog-ng | system-log-daemon
6.) ldirectord: sysklogd | syslog-ng
    Should be changed to $preferred_syslog | system-log-daemon
7.) nullmailer: sysklogd | system-log-daemon
8.) rlinetd: sysklogd | system-log-daemon
9.) xinetd: sysklogd | system-log-daemon
Depends:
10.) alamin-client: sysklogd | system-log-daemon
11.) alamin-mysql: sysklogd | system-log-daemon
12.) alamin-server: sysklogd | system-log-daemon
     Uses syslog-facility in postinst/prerm. install will not fail if
     syslog-facility is not present.
     Easy to use a fixed syslog-facility or even better provide a
     rsyslog.d snippet.
13.) alamin-smpp: sysklogd | system-log-daemon
14.) fwlogwatch: sysklogd | system-log-daemon
15.) inetutils-ftpd: inetutils-syslogd | system-log-daemon
16.) inetutils-inetd: inetutils-syslogd | system-log-daemon
17.) inetutils-talkd: inetutils-syslogd | system-log-daemon
18.) inetutils-telnetd: inetutils-syslogd | system-log-daemon
19.) klogd: sysklogd | system-log-daemon
20.) logcheck: sysklogd | system-log-daemon | syslog-ng
     Has used syslogd-listfiles in postinst, was removed again 2002
21.) psad: syslogd | syslog-ng | metalog
     Should be changed to $preferred_syslog | system-log-daemon
22.) request-tracker3.6: sysklogd | system-log-daemon
23.) snort: sysklogd | system-log-daemon
     Has used syslogd-listfiles years again, was removed again
24.) snort-common: sysklogd | system-log-daemon
25.) snort-mysql: sysklogd | system-log-daemon
26.) snort-pgsql: sysklogd | system-log-daemon
27.) snort-rules-default: sysklogd | system-log-daemon
28.) sympa: sysklogd (>= 1.3-27) | system-log-daemon
     Uses syslog-facility in postrm/postinst to setup a custom facility
     to log to /var/log/sympa.log. Doesn't fail to install if
     syslog-facility is not found, will log to /var/log/messages
     instead. Could easily ship a rsyslog.d snippet.
}}}
For 1.), 2.), 6.) and 21.) there are already bugs filed: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=goal-rsyslog;users=biebl@debian.org

For 12.) and 28.) wishlist bugs providing a config file snippet for /etc/rsyslog.d/ will be filed.

And finally, if it is approved that rsyslog should be become the default system-log-daemon, wishlist bugs against the remaining packages to change the dependency to rsylog | system-log-daemon, where appropriate will be filed.

Remaining steps:

 * Document the change by preparing a patch for the release notes
  * rsyslog from version 3.14.1 on, uses high precision timestamps. This change should be documented or disabled, if affected packages can't be fixed until the lenny release. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475303 (this change was reverted in 3.14.2-2 and high precision timestamp will remain disabled for lenny)
 * Get the priorities fixed by a ftpmaster (assistant)
Concerns were raised by Guillem Jover about the size of rsyslog:

{{{
rsyslogd seems to have a lot of features, and it's a bit big compared
to other implementations, do normal users need all that stuff?
Sysadmins can easily change it, and I bet most of the users do not
care much what syslogd is installed as long as it's just logging.
The list of syslogd sorted by Installed-Size:
Package: socklog-run
Installed-Size: 148
Package: sysklogd
Installed-Size: 212
Package: inetutils-syslogd
Installed-Size: 216
Package: syslog-ng
Installed-Size: 552
Package: rsyslog
Installed-Size: 672
}}}
As a consequence, the HTML documentation in rsyslog was split into a separate package rsyslog-doc. The resulting size of rsylog as of version 2.0.1-2 is 258k.


== Links Externos ==
* http://www.rsyslog.com/doc/rsyslog_conf.html - rsyslog.conf configuration file

* http://wiki.rsyslog.com/index.php/Configuration_Samples - Configuration Samples (rsyslog)

* http://www.makeinstall.es/2011/05/gestion-de-archivos-de-registro-del.html - [Tutorial] Gestión de archivos de registro del sistema
 * http://www.rsyslog.com/doc/rsyslog_conf.html - rsyslog.conf configuration file
 * http://wiki.rsyslog.com/index.php/Configuration_Samples - Configuration Samples (rsyslog)

Rsyslog is an enhanced multi-threaded syslogd with a focus on security and reliability. Among others, it offers support for on-demand disk buffering, reliable syslog over TCP, SSL, TLS and RELP, writing to databases, email alerting. It is a drop-in replacement for syslogd.

rsyslog in Lenny

Starting with Lenny, Debian will use rsyslog instead of sysklogd by default. See the Lenny release notes.

Here are some arguments from the discussions 1 2 3:

  • rsyslog is a drop in replacement for former syslog (If you have a custom syslog.conf, you can copy it to /etc/rsyslog.conf)

  • Support for logging into databases (MySQL and PostgreSQL).
  • A real plus is also upstream, who is very responsive and active and it's a pleasure to work with him.
  • Automated log rotation.
  • Configure remote logging via debconf.
  • sysklogd in itself is not bad, but the package has been nearly fully unmaintained for years.

See also