Depending on the distribution or system you use, you may get a different open source syslog daemon by default. Some prefer the standard syslogd, others go with rsyslog and others install syslog-ng by default. All of them do what you expect, and manage the syslog process and calls within the server.
Name | Description |
---|---|
syslogd | The first one, originally created in the 80's to handle the syslog protocol. It is still the default on OpenBSD. |
syslog-ng | Created in the late 90's as a robust replacement to to syslogd. Added support for TCP, encryption and many other features. Syslog-ng was the standard and included on Suse, Debian and Fedora for many years. |
rsyslog: | Created in 2004 as a competitor to syslog-ng, because the default syslog daemon on Ubuntu, RHEL and many other distributions. If you have a common and updated Linux distribution, you are likely using rsyslog. |
Each one uses a different configuration file, with their own format and options:
Name | Location |
---|---|
syslogd | etc/syslog.conf |
syslog-ng | /etc/syslog-ng/syslog-ng.conf |
rsyslog: | /etc/rsyslog.conf |
They have a different configuration file and a different syntax - specially syslog-ng. For example, both rsyslog and syslogd support the original syslog syntax on how to store events to files. It follows a standard way of specifying the facility.level, followed by the file to store:
*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;syslog,user.info /var/log/messages
auth.info /var/log/authlog
authpriv.debug /var/log/secure
cron.info /var/cron/log
While syslog-ng created their own syntax, which looks like this:
destination d_syslog { file("/var/log/syslog"); };
destination d_auth { file("/var/log/auth.log"); };
In fact, we think the reason why rsyslog became so popular, replacing syslog-ng on all major distributions (as the default choice), is because they picked the original syslogd syntax.
To send the logs to a remote syslog server, both rsyslog and syslogd use the same syntax (@IPADDRESS for UDP syslog and @@IPADDRESS for TCP syslog):
*.* @REMOTESYSLOG
While syslog-ng has their own format again:
destination d_syslog_tcp {
syslog("192.168.1.118" transport("tcp") port(514)); };
log { source(s_local);destination(d_syslog_tcp); };
Their code bases are vastly different, but they all handle internal syslog messages, log to files (on /var/log) and allow you to send the logs to a remote syslog server. Syslogd and rsyslog are the most used options, with a similar syntax. However, you will likely be fine with either one of them - unless you have complex syslog needs.
We love logs. In this section we will share some articles from our team to help you get better at logging.
Logging for fun and a good night of sleep.
Latest articles from our learning center.
Do you have an idea for an article that is not here? See something wrong? Contact us at support@noc.org
14 days free trial. No credit card required.