Launchpad Entry: sysklogd-to-rsyslog
Packages affected: sysklogd, ryslog
Should rsyslog replace sysklogd in main and as default for new installation?
Rsyslog now replaces sysklogd on new installations in ubuntu.
- Corporate usage of of centralized logging often requires:
- Guaranteed delivery of event: events should not be lost because of some TCP/UDP failure. Sysklogd does not provide this.
- Secured delivery of events: events can contain sensitive information so should be encrypted when sent over the network, sysklogd does not provide this.
- Event analysis framework: Central syslog server should be able to send email alerts on some conditions, sysklogd does not support this
- Database backend: in order to perform rapid searches, a database backend is crucial
- sysklogd Upstream seems weak, if not dead
- Other distros have already made this choice:
- Clara needs a central syslog server that does not lose events to be compliant with industry policies
- Edward is afraid that events sent to his central syslog server may be sniffed and disclose confidential company information
- Ray needs to audit events occurring in his company and craves for indexes searches to do so