From 4568079aab0fa718b3cd0f7b0e23467de40ac3ca Mon Sep 17 00:00:00 2001
From: Rainer Gerhards RSyslog - History
+
+Rsyslog is a GPL-ed, enhanced syslogd. Among others, it offers support for
+reliable syslog over TCP, writing to
+MySQL databases and fully configurable output formats (including great timestamps).
+Rsyslog was initiated by Rainer Gerhards. It has
+been forked from the sysklogd standard package.
+The goal of the
+rsyslog project is to provide a more configurable and reliable
+syslog deamon while retaining drop-in replacement capabilities for stock syslogd. By "reliable", we mean support for reliable transmission
+modes like TCP or RFC 3195 (syslog-reliable).
+We do NOT imply that the sysklogd package is unreliable. In fact, the
+opposite is the case and we assume that for the time being the well-used
+sysklogd package offers better program reliability than our
+brand-new modifications to it.
+
+
The name "rsyslog" stems back to the +planned support for syslog-reliable. Ironically, the initial release +of rsyslog did NEITHER support syslog-reliable NOR tcp based syslog. +Instead, it contains enhanced configurability and other enhancements +(like database support). The reason for this is that full support for +RFC 3195 would require even more changes and especially fundamental architectural +changes. Also, questions asked on the loganalysis list and at other +places indicated that RFC3195 is NOT a prime priority for users, but +rather better control over the output format. So here we are, with +a rsyslod that covers a lot of enhancements, but not a single one +of these that made its name ;) Since version 0.9.2, receiving syslog messages +via plain tcp is finally supported, bringing rsyslogd a bit closer to its name. +
+The next enhancement scheduled is support for the new syslog-protocol +internet draft format, not the least to see how easy/complicated it is +to implement. We already know that some subleties of syslog-protocol will +require at least one considerable architectural change to the syslogd +and this might delay things a little. Our immediate goal is to receive +feedback and get the bugs out of the current release. Only after that +we intend to advance the code and introduce new features. +
+The database support was included so that our web-based syslog interface +can be used. This is another open source project which can be found +under http://www.liblogging.org (this +site needs serious redesign!). We highly recommend having a look at +it. It might not work for you if you expect thousands of messages per +second (because your database won't be able to provide adequate performance), +but in many cases it is a very handy analysis and troubleshooting tool. + +
+Rsyslogd supports an enhanced syslog.conf file format, and also works +with the standard syslog.conf. In theory, it should be possible to simply replace +the syslogd binary with the one that comes with rsyslog. Of course, in order +to use any of the new features, you must re-write your syslog.conf. To learn +how to do this, please review our commented sample.conf +file. It outlines the enhancements over stock syslogd. +
If you are interested in the IHE +environment, you might be interested to hear that rsyslog supports message with +sizes of 32k and more. This feature has been tested, but by default is turned off +(as it has some memory footprint that we didn't want to put on users not +actually requiring it). Search the file syslogd.c and search for "IHE" - you +will find easy and precise instructions on what you need to change (it's just +one line of code!). +
Be sure to visit Rainer's syslog block +to get some more insight into the development of rsyslog and syslog in general.
+