•Improved filtering functionality. In addition to syslog's facility/priority level filtering, syslog-ngcan perform regular expression filtering against the program name, hostname, text of the message itself, the sender's IP address, and so on.
•TCP transport - In addition to syslogd’s UDP transport, syslog-ngsupports a TCP transport which offers better delivery guarantees.
NOTE: syslog-ng's support for a TCP transport does not imply that it safeguards against all message loss. For example, if the log consolidation server is down, the remote forwarding clients will indeed experience packet loss once their buffers are exceeded (the client-side buffer size is configurable with syslog-ng). TCP can offer better reliability in general, however, and can offer increased security. For example, TCP-based log traffic can be encrypted using ssh.
•Log rotation based on output filenames - Log output filenames can be based on templates names which support macro expansion. For example, if the output filename template contains the month macro, a new filename will created each month.
•Launching programs - A message can trigger a program to be launched, sending the message to its standard input.
•Log forwarding for arbitrary text-based logs - In conjunction with DSAU's clog_tail tool, syslog-ngcan be used to forward and consolidate arbitrary text-based application log files such as Serviceguard’s package log files.
3.2.2syslog Co-existence
The Distributed Systems Administration Utilities configures syslog-ngto co-exist and work alongside the standard syslogd. syslogd continues to handle all the local logging for the system. syslog-ngis used when forwarding messages to a log consolidation system and is used on the log consolidator to receive and filter messages. The following diagrams illustrate the relationship between syslogd and syslog-ng. Figure 3-1depicts the configuration on a syslog-ngclient system that is forwarding logs to a remote log consolidation server.
3.2 Log Consolidation Overview 43