Rsyslog is a rocket-fast system for log processing.
It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transform them, and output to the results to diverse destinations.
It can deliver over one million messages per second to local destinations when limited processing is applied (based on v7, December 2013). Even with remote destinations and more elaborate processing the performance is usually considered “stunning”.
It has a strong enterprise focus but also scales down to small systems. It supports, among others, MySQL, PostgreSQL, failover log destinations, ElasticSearch, syslog/tcp transport, fine grain output format control, high precision timestamps, queued operations and the ability to filter on any message part.
- TCP, SSL, TLS, RELP
- MySQL, PostgreSQL, Oracle and more
- Filter any part of syslog message
- Fully configurable output format
- Suitable for enterprise-class relay chains
– omfile: provide more helpful error message on file write errors
now contains actual file name plus a link to probable causes for this type
– imfile: emit error on startup if no working directory is set
When the work directory has not been set or is invalid, state files
are created in the root of the file system. This is neither expected
nor desirable. We now complain loudly about this fact. For backwards
compatibility reasons, we still need to support running imfile in
– dnscache: add global parameter dnscache.default.ttl
This permits to control default TTL for cache entries. If set
to 0, the DNS cache is effectively disabled.
– omelasticsearch: new parameter rebindinterval
Thanks to Richard Megginson for the patch.
Copyright (C) Rainer Gerhards
lead rsyslog developer