Red Hat Bugzilla – Bug 170663
Would like to get syslog-ng to replace syslog in Fedora Core
Last modified: 2014-03-16 22:56:24 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050921 Red Hat/1.0.7-1.4.1 Firefox/1.0.7
Description of problem:
One of the things we have to do at our sites is remove the Red
Hat/Fedora syslog services and replace them with syslog-ng. The TCP
part, the better message congestion issues, and the better ability to
group logging together is really needed by larger sites. [We have
found that the lossiness of regular syslog can get black marks on
reviews.] A long time ago, it was proposed for inclusion around Red
Hat Linux 6.0 but was considered too unstable and some other issues.
Could it be evaluated again for either for replacing the older syslog
system or working the syslog system so that alternatives could cover
it with syslog-ng in extras? What issues would need to be done to help
This is very useful for our various groups to meet US Government FISMA logging requirements. Trying to use syslog for more than 100 boxes causes too much data to be lost which means we are out of compliance.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
The loss of syslog data shows up when we have more than 50 or so boxes reporting to a syslog server. In trying to log all the new audit data to a central box we find we can lose data with less machines. Our requirements for a logging system is to be able to handle 255 or so machines logging audit to syslog-ng.
Is syslog-ng on the roadmap yet? I'm considering replacing the standard syslog
with syslog-ng because:
1) I need reliable syslog (over TCP).
2) The standard syslog doesn't relay. I want to bounce or proxy syslogs through
a centraly server point on their way to a management framework. It simplifies
my network topology.
Also, the flexibility offered by syslog-ng is appreciated.
It seems unlikely that syslog-ng would be added to Fedora Core based on the
comments in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154974 (RHEL
report but arguments apply to FC too)
Some additional work on syslog is being done as per
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178855 which makes it
easier to optionally do what syslog-ng does.
I would leave the finally decision upto rel eng
Sigh, 178855 is closed to the public.
Ok, The second bugzilla reports says essentially the same things as the first one.
Actually syslogd has been replaced by rsyslog in F8, but we also ship syslog-ng.
The old syslog package is no longer shipped as far as I can see.
So I think this should probably have been closed some time ago.