What is the difference between syslog, rsyslog and syslog-ng?
Solution 1:
Basically, they are all the same, in the way they all permit the logging of data from different types of systems in a central repository.
But they are three different project, each project trying to improve the previous one with more reliability and functionalities.
The Syslog project was the very first project. It started in 1980. It is the root project to Syslog protocol. At this time Syslog is a very simple protocol. At the beginning it only supports UDP for transport, so that it does not guarantee the delivery of the messages.
Next came syslog-ng in 1998. It extends basic syslog protocol with new features like:
- content-based filtering
- Logging directly into a database
- TCP for transport
- TLS encryption
Next came Rsyslog in 2004. It extends syslog protocol with new features like:
- RELP Protocol support
- Buffered operation support
Let's say that today they are three concurrent projects that have grown separately upon versions, but also grown in parallel regarding what the neighbors was doing.
I personally think that today syslog-ng is the reference in most cases, as it is the most mature project offering the main features you may need, in addition to an easy and comprehensive setup and configuration.
Solution 2:
these are 3 different kind of log managers : it enables your system to collect filter, and transmit/store logs.
Syslog(daemon also namedsysklogd) is the default LM in common Linux distributions. Light but not very flexible, you can redirect log flux sorted by facility and severity to files and over network (TCP, UDP).rsyslogis an "advanced" version ofsysklogdwhere the config file remains the same (you can copy asyslog.conffile directly intorsyslog.confand it works) ; but you have a lot of new cool stuff coming with it :- You can listen to TCP/UDP/... connections, with restrictions (ports, Source IPs)
- You can load a lot of modules
- You can discriminate the log filtering by program, source, message, pid etc. (for instance, each message tagged with the message "connexion closed" to the file closed.log)
- You can discard message after one or more rules Visit http://www.rsyslog.com which is very good indeed
Syslog-ng is "Next-Gen". I think it's the best way to manage logs : everything is object (source, destination, filter, and the very forwarding rule) and the syntax is clear. I doubt in terms of functionality that
rsyslogandsyslog-ngare different.
Solution 3:
From where can I get the source code for syslog()
This is provided by glibc or the libc implementations on other Unix flavors. This call basically submits your message to the syslog unix domain socket /dev/log. This socket is normally created by the system logger (e.g. rsyslog, syslog-ng, nxlog, etc).
Solution 4:
They're all syslog daemons, where rsyslog and syslog-ng are faster and more feature-rich replacements for the (mostly unmaintained) traditional syslogd. syslog-ng started from scratch (with a different config format) while rsyslog was originally a fork of syslogd, supporting and extending its syntax. In recent years, rsyslog started supporting a newer config format as well. By now, it's really hard to compare the two without getting into the very specifics and starting flame wars.
Syslog in general is quite confusing as it can be multiple things. I had a shot at disambiguating here: https://sematext.com/blog/2017/01/30/what-is-syslog-daemons-message-formats-and-protocols/