From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050921 Red Hat/1.0.7-1.4.1 Firefox/1.0.7 Description of problem: One of the things we have to do at our sites is remove the Red Hat/Fedora syslog services and replace them with syslog-ng. The TCP part, the better message congestion issues, and the better ability to group logging together is really needed by larger sites. [We have found that the lossiness of regular syslog can get black marks on reviews.] A long time ago, it was proposed for inclusion around Red Hat Linux 6.0 but was considered too unstable and some other issues. Could it be evaluated again for either for replacing the older syslog system or working the syslog system so that alternatives could cover it with syslog-ng in extras? What issues would need to be done to help this along? This is very useful for our various groups to meet US Government FISMA logging requirements. Trying to use syslog for more than 100 boxes causes too much data to be lost which means we are out of compliance. Version-Release number of selected component (if applicable): syslog-ng-1.6.8 How reproducible: Always Steps to Reproduce: The loss of syslog data shows up when we have more than 50 or so boxes reporting to a syslog server. In trying to log all the new audit data to a central box we find we can lose data with less machines. Our requirements for a logging system is to be able to handle 255 or so machines logging audit to syslog-ng. Additional info:
Is syslog-ng on the roadmap yet? I'm considering replacing the standard syslog with syslog-ng because: 1) I need reliable syslog (over TCP). 2) The standard syslog doesn't relay. I want to bounce or proxy syslogs through a centraly server point on their way to a management framework. It simplifies my network topology. Also, the flexibility offered by syslog-ng is appreciated.
It seems unlikely that syslog-ng would be added to Fedora Core based on the comments in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154974 (RHEL report but arguments apply to FC too) Some additional work on syslog is being done as per https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178855 which makes it easier to optionally do what syslog-ng does. I would leave the finally decision upto rel eng
Sigh, 178855 is closed to the public.
Ok, The second bugzilla reports says essentially the same things as the first one.
Actually syslogd has been replaced by rsyslog in F8, but we also ship syslog-ng. The old syslog package is no longer shipped as far as I can see. So I think this should probably have been closed some time ago.