On Tue, 31 Jan 2017, Radu Gheorghe wrote:
Hello,
I wrote a blog post, frankly out of being annoyed on hearing "syslog
can't handle more than 1K, syslog can't do this, can't do that".
Which, to be fair, stems from the long and somewhat vague and
confusing history that syslog has.
So this blog post tries to disambiguate the word "syslog" and clarify
the myths I heard around it:
https://sematext.com/blog/2017/01/30/what-is-syslog-daemons-message-formats-and-protocols/
If you think there's anything wrong, missing... exceptionally good :)
or anything that you'd like to say or ask around the article, I'd love
to hear it. Either here, in the blog post comments, over personal
Email or Twitter... however you feel comfortable.
Thanks in advance and best regards,
Radu
I think it's worth noting that rsyslog has replaced sysklogd on most Linux
distros at this point
You say that syslog-ng is more portable, but rsyslog is available on Linux,
*BSD, AIX, Solaris. so while there may be platforms that syslog-ng is on that
rsyslog isn't, do they matter?
rsyslog does have a (non-free) windows version
re: 1k limit, I think it's worth saying that the reason for that limit was so
that the message would fit in a single 1K packet. It has always been a "should"
not a "must" and all the modern log daemons have allowed larger sizes. It's
still a good idea to keep UDP messages to a single packet, but with jumbo
packets, that's a lot larger than 1k
TCP is also able to be encrypted.
re: relp, it's probably worth a footnote that the reason it exists is that TCP
can still loose data
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
