Should rsyslog replace sysklogd in main and as default for new installation?

Release Note

Rsyslog now replaces sysklogd on new installations in ubuntu.


  • Corporate usage of of centralized logging often requires:
    • Guaranteed delivery of event: events should not be lost because of some TCP/UDP failure. Sysklogd does not provide this.
    • Secured delivery of events: events can contain sensitive information so should be encrypted when sent over the network, sysklogd does not provide this.
    • Event analysis framework: Central syslog server should be able to send email alerts on some conditions, sysklogd does not support this
    • Database backend: in order to perform rapid searches, a database backend is crucial
  • sysklogd Upstream seems weak, if not dead
  • Other distros have already made this choice:

Use Cases

  • Clara needs a central syslog server that does not lose events to be compliant with industry policies
  • Edward is afraid that events sent to his central syslog server may be sniffed and disclose confidential company information
  • Ray needs to audit events occurring in his company and craves for indexes searches to do so




UI Changes

Code Changes


Test/Demo Plan

Unresolved issues

BoF agenda and discussion


sysklogd-to-rsyslog (last edited 2009-01-22 16:07:05 by 82-69-40-219)