El mar., 5 feb. 2019 a las 10:40, Peter Viskup via rsyslog
(<rsyslog@lists.adiscon.com>) escribió:
>
> To be honest,
> the main reason Debian chosen rsyslog as primary syslog daemon was
> that it does work with "standard syslog" configuration (more
> information can be read on https://wiki.debian.org/Rsyslog ).
> Nevertheless in newest versions of rsyslog you are always recommended
> to move to "rainer-script" configuration.
Just to get the facts straight: we recommend this for more complex
things, only. Simple things are still very well done in sysklogd
format. See
https://www.rsyslog.com/doc/v8-stable/configuration/conf_formats.html > Latest open-sourced versions of syslog-ng provide the TLS encryption
> for message forwarding.
>
> Have a look on comparison of syslog-ng releases to have some quick reference.
> https://www.balasys.hu/en/network-security/syslog-ng/opensource-logging-system/features/comparison
>
> Both provide "reliable" syslog forwarding. Rsyslog open-sourced,
> syslog-ng closed-sourced within enterprise support.
>
> If your budget is large enough, you can pay for enterprise support.
> https://www.rsyslog.com/professional-services/enterprise-support/
> https://support.oneidentity.com/syslog-ng-premium-edition
Yes, but you overlook that for syslog-ng you actually NEED to purchase
the "perimium edition" while for rsyslog you get all the software, all
features as part of the open source offering. The support package is
purely optional. For enterprise environments it usually pays quickly,
especially as it is so little money for a real enterprise (syslog-ng
is quite different according to the number I have).
BUT: I think a main difference is that rsyslog still is, and always
has been, a pure, traditional open source project. We depend on the
community, we give the software for free, the community even provides
great help for free. We do not request contributor license agreements
or anything else that comes with the now ever-popular freemium/open
core models that seem to infiltrate the open source movement. I am not
bashing the syslog-ng guys here. They are cool and they do real good
things. It's more a general political thingy: do we really depend
solely on software that is controlled by very big multi-nationals
(syslog-ng nowadays belongs to Quest Software) or do we want to use
community projects? If you are solely for "free beer", that may
probably not matter. If you still believe in "free speech", than you
will go along with some rough edges on community projects - and
hopefully contribute to iron them out. If you don't know about what I
am talking ... oh man, so far we have already come ;-)
>
> From my feeling on rsyslog it seems that this project has serious
> issues with project management. More regression occur last year, even
> last stable versions were released with serious bugs.
That really makes me disappointed. We have invested a tremendous
amount of time within the last 18..24 month to improve CI, testing and
all that. I was initially rather skeptic that this effort is actually
useful, but really have been convinced it is. Is it just so that you
notice some bad things the past year? Bad things that did not happen
before? I would really be interested in a more precise view.
I would also be really interested in which bugs you mean. I can
envision one or two but this sounds like a lot more.
As a side-note, with the decline of real open source software I also
see a decline in community participation. Around 5 to 7 years ago,
folks actually helped testing and trying out the software before we
crafted a final release. That was very useful. This has severely
changed since then. Nobody uses the devel versions, which was the main
reason why we gave up on them.
> But that's fruit
> of our today's "agile development" mania. There are long standing
> issues with TLS encryption still waiting for fix.
Which ones? I would be very interested to know, because we just wrote
openssl drivers to get around the restrictions, especially in error
reporting, that GnuTLS imposed on us. I am not aware of anything
serious right now (overlooked?). A lot of issue have been opened for
things that are actually done like specified in the relevant standards
(RFC5425), like certless authentication. We love standards. But we
finally gave up on this one and have a a PR active and almost ready
for merge that enables this useless and highly insecure mode.
Rainer
> Even when not having
> experience with syslog-ng in large environments, it seems to me like
> more mature project. Last year the Balabit company (originated in
> Hungary), responsible for syslog-ng development, was bought by One
> Identity.
> https://www.oneidentity.com/balabit-acquisition/
>
> To have a better feeling, you can check the list of issues for both projects
> https://github.com/balabit/syslog-ng/issues
> https://github.com/rsyslog/rsyslog/issues
>
> After that you might be able to do serious decision.
>
> Peter
>
> On Mon, Feb 4, 2019 at 7:46 AM vishal via rsyslog
> <rsyslog@lists.adiscon.com> wrote:
> >
> > Hi,
> > I am evaluating rsyslog and syslogng for our project.
> > Though aware of some of the differences and pros and cons, but still
> > would like to know the differences which users have faced and evaluated
> > in terms of ease of use, robustness, handling huge volumes of logs and
> > deployment scenarios (single host to multi host cluster) , and if there
> > are any other important areas to be considered.
> >
> > The general deployment would be,
> >
> > Log sources -> rsyslog/syslogng -> elasticsearch
> >
> >
> > Thanks.
> >
> >
> > _______________________________________________
> > rsyslog mailing list
> > http://lists.adiscon.net/mailman/listinfo/rsyslog
> > http://www.rsyslog.com/professional-services/
> > What's up with rsyslog? Follow https://twitter.com/rgerhards
> > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow
https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.