:: Re: [DNG] Everyone OK for using the…
Top Page
Delete this message
Reply to this message
Author: Rick Moen
Date:  
To: dng
Subject: Re: [DNG] Everyone OK for using the logger program for runit logging?
Quoting Steve Litt (slitt@???):

> Is logger just another sister of syslog-ng and rsyslog?


If we're talking about the same 'logger' tool, then no:

The Linux logger command provides an easy way to add log files to
/var/log/syslog — from the command line, from scripts, or from other
files.

https://www.networkworld.com/article/3274570/linux/using-logger-on-linux.html

> Does the Devuan project have an official preference between rsyslog,
> syslog-ng, logger, or some other program that handles additions to
> logs? If no official preference, can you come up with an UNofficial
> preference so I can incorporate it into daemon supervision?


I'm only half-informed (well, 2/3 informed) about this topic, but my
understanding of this matter is as follows:

1. The early 1990s Linux project at first inherited from BSD to
original Syslog codebase (project launched in 1980). Syslog established
the standard Syslog wire (i.e., network) logging protocol (see RFC
3164), initially using only UDP transport, i.e., no guaranteed delivery
and the standard configuration syntax. Later, TCP transport was
retrofitted. The daemon's usual name was sysklogd. It's still around;
maintenance has become a little spotty.

2. rsyslog arrived in 2004 as a very compatible, extended replacement
to Syslog. It added filtering rules (as to types of messages to
discard), much finer control of the network protocol, extensive optional
modules, etc. It was drop-compatible, e.g. a Syslog syslog.conf could
be just cp'd to rsyslog.conf and nothing would break.

3. syslog-ng arrived earlier, 1998, but was a greater departure.
It also had content-based filtering, ability to log directly into
a database, and built-in TLS encryption for the syslog protocol.
(Last I checked, TLS was still less-well integrated for rsyslog.)
syslog-ng defaults to a _different_ syntax of config file, (ISTR
it now also can use Syslog-standard config syntax, but wouldn't swear to
that.)

4. nxlog got invented by some guy in 2011 as a multiplatform logger,
but all I'm going to say about it is that 'NXLog Community Edition' is
claimed to be open source but is under a one-off licence that
deliberately encumbers third-party commercial rights.

5. msyslog (Modular Syslog) is still around
(https://sourceforge.net/projects/msyslog/) but seems to have never
really caught on as a Syslog replacement.

6. Poettering wrote journald in 2010.


The mainstream choices (disregarding journald) in 2018 are rsyslog and
syslog-ng, period. A case could be made for either. I _think_
rsyslog remains more common. I've personally only encountered
syslog-ng in embedded logging appliances manufactured by Hungarian firm
Balabit, which also is the primary code maintainer for the open source
codebase, offering an enhanced proprietary version to customers.
Consequently, syslog-ng can be considered a case of 'open core' in the
sense that syslog-ng is always at risk of being the disregarded
stepchild because more effort is put into the proprietary 'Premium Edition'.
(This is part of the reason I personally continue to favour rsyslog,
but not vehemently.)

2007 comparison:
https://web.archive.org/web/20170612021518/http://blog.gerhards.net/2007/08/why-does-world-need-another-syslogd.html