As useful and ubiquitous as syslog is, it’s beginning to show its age. Modern Unix and Unix-like systems are considerably more complex than they were when syslog was invented, and they have outgrown both syslog’s limited facilities and its primitive network-forwarding functionality.
Syslog-ng (“syslog new generation”) is an attempt to increase syslog’s flexibility by adding better message filtering, better forwarding, and eventually (though not quite yet), message integrity and encryption. In addition, Syslog-ng supports remote logging over both the TCP and UDP protocols. Syslog-ng is the brainchild of and is primarily developed and maintained by Balazs (“Bazsi”) Scheidler.
Lest you think Syslog-ng is untested or untrusted,
it’s already been incorporated into Debian GNU/Linux
2.2 “Potato” as a binary package
(in the “admin” section). Syslog-ng
is in fact both stable and popular. Furthermore, even though its
advanced security features are still works in progress, Syslog-ng can
be used in conjunction with TCP
“tunneling” tools such as
authenticate or encrypt log messages sent to remote hosts.
The non-Debian users among you may not wish to wait for your distribution of choice to follow suit with its own binary package of Syslog-ng. Let’s start, then, with a brief description of how to compile and install Syslog-ng from source.
First, you need to obtain the latest Syslog-ng source code. As of this writing, ...