Bug 170663 - Would like to get syslog-ng to replace syslog in Fedora Core
Summary: Would like to get syslog-ng to replace syslog in Fedora Core
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: distribution
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Bill Nottingham
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-10-13 17:14 UTC by Stephen John Smoogen
Modified: 2014-03-17 02:56 UTC (History)
6 users (show)

Fixed In Version: F8
Clone Of:
Environment:
Last Closed: 2007-12-06 23:18:25 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Stephen John Smoogen 2005-10-13 17:14:10 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050921 Red Hat/1.0.7-1.4.1 Firefox/1.0.7

Description of problem:
One of the things we have to do at our sites is remove the Red
Hat/Fedora syslog services and replace them with syslog-ng. The TCP
part, the better message congestion issues, and the better ability to
group logging together is really needed by larger sites. [We have
found that the lossiness of regular syslog can get black marks on
reviews.] A long time ago, it was proposed for inclusion around Red
Hat Linux 6.0 but was considered too unstable and some other issues.

Could it be evaluated again for either for replacing the older syslog
system or working the syslog system so that alternatives could cover
it with syslog-ng in extras? What issues would need to be done to help
this along?

This is very useful for our various groups to meet US Government FISMA logging requirements. Trying to use syslog for more than 100 boxes causes too much data to be lost which means we are out of compliance.

Version-Release number of selected component (if applicable):
syslog-ng-1.6.8

How reproducible:
Always

Steps to Reproduce:
The loss of syslog data shows up when we have more than 50 or so boxes reporting to a syslog server. In trying to log all the new audit data to a central box we find we can lose data with less machines. Our requirements for a logging system is to be able to handle 255 or so machines logging audit to syslog-ng.

Additional info:
Comment 1 Jake Garver 2006-06-19 18:02:51 UTC 
Is syslog-ng on the roadmap yet?  I'm considering replacing the standard syslog
with syslog-ng because:
1) I need reliable syslog (over TCP).
2) The standard syslog doesn't relay.  I want to bounce or proxy syslogs through
a centraly server point on their way to a management framework.  It simplifies
my network topology.

Also, the flexibility offered by syslog-ng is appreciated.
Comment 2 Rahul Sundaram 2006-07-20 01:04:12 UTC 

It seems unlikely that syslog-ng would be added to Fedora Core based on the
comments in https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154974 (RHEL
report but arguments apply to FC too)

Some additional work on syslog is being done as per
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178855 which makes it
easier to optionally do what syslog-ng does.

I would leave the finally decision upto rel eng
Comment 3 Stephen John Smoogen 2006-07-20 14:52:00 UTC 
Sigh, 178855 is closed to the public.
Comment 4 Rahul Sundaram 2006-07-20 15:24:17 UTC 

Ok, The second bugzilla reports says essentially the same things as the first one.
Comment 5 Jason Tibbitts 2007-12-06 23:18:25 UTC 
Actually syslogd has been replaced by rsyslog in F8, but we also ship syslog-ng.
 The old syslog package is no longer shipped as far as I can see.

So I think this should probably have been closed some time ago.
Note You need to log in before you can comment on or make changes to this bug.