RSyslog - Features

This page lists both current features as well as those being considered for future versions of rsyslog. If you think a feature is missing, drop Rainer a note. Rsyslog is a vital project. Features are added each few days. If you would like to keep up of what is going on, you can also subscribe to the rsyslog mailing list.

Current Features

• native support for writing to MySQL databases
• support for (plain) tcp based syslog - much better reliability
• support for sending and receiving compressed syslog messages
• support for receiving messages via reliable RFC 3195 delivery
• control of log output format, including ability to present channel and priority as visible log data
• good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone
• ability to reformat message contents and work with substrings
• support for log files larger than 2gb
• support for file size limitation and automatic rollover command execution
• support for running multiple rsyslogd instances on a single machine
• support for ssl-protected syslog (via stunnel)
• ability to filter on any part of the message, not just facility and severity
• support for discarding messages based on filters
• ability to execute shell scripts on received messages
• control of whether the local hostname or the hostname of the origin of the data is shown as the hostname in the output
• ability to preserve the original hostname in NAT environments and relay chains
• ability to limit the allowed network senders
• powerful BSD-style hostname and program name blocks for easy multi-host support
• multi-threaded - currently experimental
• very experimental and volatile support for syslog-protocol compliant messages (it is volatile because standardization is currently underway and this is a proof-of-concept implementation to aid this effort)
• experimental support for syslog-transport-tls based framing on syslog/tcp connections
• a copy of klogd.c has been included under the name of rklogd for those Linux systems that need one. So rsyslog is a full replacement for the sysklogd package

Upcoming Features

• support for native SSL enryption of plain tcp syslog sessions. This will most probably happen based on syslog-transport-tls.
• even more enhanced multi-threading
• support for RFC 3195 as a sender - planned
• pcre filtering - maybe (depending on feedback)  - simple regex already partly added. So far, this seems sufficient so that there is no urgent

To see when each feature was added, see the rsyslog change log (online only).