sysklogd-to-rsyslog

Differences between revisions 1 and 2
Revision 1 as of 2008-11-26 09:09:48
Size: 3372
Editor: mx
Comment:
Revision 2 as of 2009-01-22 16:07:05
Size: 3374
Editor: 82-69-40-219
Comment: typos
Deletions are marked like this. Additions are marked like this.
Line 26: Line 26:
 * Other distro have already made this choice:  * Other distros have already made this choice:
Line 28: Line 28:
  * Debian has made the [[http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/c26b7f36b4f54caa/7a18c76338e9fdc6?lnk=gst&q=rsyslog+sysklogd#7a18c76338e9fdc6|same choice in leny]].   * Debian has made the [[http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/c26b7f36b4f54caa/7a18c76338e9fdc6?lnk=gst&q=rsyslog+sysklogd#7a18c76338e9fdc6|same choice in lenny]].

Summary

Should rsyslog replace sysklogd in main and as default for new installation?

Release Note

Rsyslog now replaces sysklogd on new installations in ubuntu.

Rationale

  • Corporate usage of of centralized logging often requires:
    • Guaranteed delivery of event: events should not be lost because of some TCP/UDP failure. Sysklogd does not provide this.
    • Secured delivery of events: events can contain sensitive information so should be encrypted when sent over the network, sysklogd does not provide this.
    • Event analysis framework: Central syslog server should be able to send email alerts on some conditions, sysklogd does not support this
    • Database backend: in order to perform rapid searches, a database backend is crucial
  • sysklogd Upstream seems weak, if not dead
  • Other distros have already made this choice:

Use Cases

  • Clara needs a central syslog server that does not lose events to be compliant with industry policies
  • Edward is afraid that events sent to his central syslog server may be sniffed and disclose confidential company information
  • Ray needs to audit events occurring in his company and craves for indexes searches to do so

Assumptions

Design

Implementation

UI Changes

Code Changes

Migration

Test/Demo Plan

Unresolved issues

BoF agenda and discussion


CategorySpec

sysklogd-to-rsyslog (last edited 2009-01-22 16:07:05 by 82-69-40-219)