sysklogd-to-rsyslog
Launchpad Entry: sysklogd-to-rsyslog
Created: NickBarcet
Contributors:
Packages affected: sysklogd, ryslog
Summary
Should rsyslog replace sysklogd in main and as default for new installation?
Release Note
Rsyslog now replaces sysklogd on new installations in ubuntu.
Rationale
- Corporate usage of of centralized logging often requires:
- Guaranteed delivery of event: events should not be lost because of some TCP/UDP failure. Sysklogd does not provide this.
- Secured delivery of events: events can contain sensitive information so should be encrypted when sent over the network, sysklogd does not provide this.
- Event analysis framework: Central syslog server should be able to send email alerts on some conditions, sysklogd does not support this
- Database backend: in order to perform rapid searches, a database backend is crucial
- sysklogd Upstream seems weak, if not dead
- Other distros have already made this choice:
Fedora has led the way of distributions in this sense and was the first to do the switch to rsyslog.
Debian has made the same choice in lenny.
Use Cases
- Clara needs a central syslog server that does not lose events to be compliant with industry policies
- Edward is afraid that events sent to his central syslog server may be sniffed and disclose confidential company information
- Ray needs to audit events occurring in his company and craves for indexes searches to do so
Assumptions
Design
Implementation
UI Changes
Code Changes
Migration
Test/Demo Plan
Unresolved issues
BoF agenda and discussion
sysklogd-to-rsyslog (last edited 2009-01-22 16:07:05 by 82-69-40-219)