Differences between different logger daemons

faets · n00b Joined: 29 Jun 2002 Posts: 2 Location: land oz of.

I was killing time while waiting for "emerge system" to finish on my iBook and decided to find out exactly what is the difference between the various system log daemons listed in the 1.2 install instructions.

I couldn't find any discussion in the forums, and I couldn't find any specific discussions using google. So I ended up just checking out the blurbs as posted by the various maintainers on Freshmeat.net. For future reference I'll post a quick rundown here...

sysklogd:
This is the stock standard logger daemon supplied with the majority of linux distributions. It does all the things you'd expect of a logger daemon. I'm sure it set the de facto standard and it just looks like it doesn't offer anything special.

syslog-ng:
Syslogd replacement for the "new generation". Among what seems to be its funkier features are regular expression based filtering and the ability to forward logs, over TCP connections, to a remote host.

metalog:
The install instructions mentions metalog is popular with "power users". Its features, like syslog-ng, included log forwarding and filtering but it claims it is easier to configure and is aimed at improving upon syskloogds performance.

The only logger I have had any experience with is sysklogd but based on the blurbs I went with metalog. I'd be interested in what others have to say about the pros/cons of the various loggers.

SubZero · n00b Joined: 09 Jun 2002 Posts: 17 Location: Brazil

I was just reading your post to decide with one is best.

I'm seeing that the logs generated by metalog has a strange value for the timestamp, so I can't run it with qmailanalog.

I will try syslog-ng and see if it is compatible with others log analyzers.

legoleg · n00b Joined: 05 Jul 2002 Posts: 14

There's a decent description of each in the Security Guide. Go here to see it. It starts right after code listing 6.... hope this helps.

Oleg
_________________
Where is my sig?

Wilhelm · Tux's lil' helper Joined: 27 May 2003 Posts: 149

I stepped over from metalog to sysklogd because metalog doesn't do syslog remote logging.

I believe sysklogd to be the only one but when metalog adds remote logging i'm back

strolls · n00b Joined: 17 Mar 2003 Posts: 18

Wilhelm · Tux's lil' helper Joined: 27 May 2003 Posts: 149

jthj · Posted: Fri Feb 13, 2004 9:35 pm Post subject:

Is there a good site with some documentation or tutorials on how the filtering works in syslog-ng?
_________________
01001010 01010100 01001000 01001010

michaelb · Posted: Fri Feb 13, 2004 9:51 pm Post subject:

Many. A little googling will turn up more than you could ever read. You might want to start with this one.
_________________
Behold, The power of SEARCH!