分类: LINUX
2008-03-03 21:09:12
The syslog-ng application is a flexible and highly scalable system logging
application that is ideal for creating centralized logging solutions. The main
features of syslog-ng are summarized below.
# 注释 :syslog-ng 应用程序是一个灵活、高扩展性的系统日志工具,主要是用于解决集中日志记录的工具。它的主要特点有 :
# -)1、可靠的日志传输。syslog-ng 允许你发送日志到远程的日志服务器上。传输过程使用 TCP ,区别于 syslog 的 UDP ,可以确保不会丢失数据
# -)2、通过使用 SSL/TLS 来加密日志传输过程。不过这个功能只有在 premium 版本才提供。
# -)3、基于磁盘的缓冲。syslog-ng 可以在网络连接失效时先把日志写入硬盘,等网络连接恢复时再传输到日志服务器上,而且确保日志的顺序不会混乱。
不过这个功能也是 premium 版本才提供的。
# -)4、直接数据库访问。能够把日志直接存入数据库,以便进行搜索及配合日志分析应用程序。支持 MySQL、Oracle、PostgreSQL、SQLIife ,同样也是 premium 才支持
# -)5、支持多种操作系统。包括 Linux、Unix、BSD、Solaris、HP-UX、AIX 等。甚至还可以通过代理和 Windows 主机进行通信
# -)6、过滤器和归类。syslog=ng 应用程序可以根据收的喔的日志的内容进行排序、或者根据源ip、应用程序、优先级等。可以通过宏自动建立目录、文件、数据库。
支持 regex 和布尔表达式,确保只转发你想要的内容
# -)7、支持 ipv4 和 ipv6
Reliable log transfer: The syslog-ng application enables you to send the log messages of your hosts to remote servers. The logs of different servers can be collected and stored centrally on dedicated log servers. Transferring log messages using the TCP protocol ensures that no messages are lost.
Secure logging using SSL/TLS: Log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng Premium Edition uses the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows the mutual authentication of the host and the server using X.509 certificates.
Disk-based message buffering: The Premium Edition of syslog-ng stores messages on the local hard disk if the central log server or the network connection becomes unavailable. The syslog-ng application automatically sends the stored messages to the server when the connection is reestablished, in the same order the messages were received. The disk buffer is persistent – no messages are lost even if syslog-ng is restarted.
Direct database access: Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The Premium Edition of syslog-ng supports the following databases: MySQL, Oracle, PostgreSQL, and SQLite.
Heterogeneous environments: The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, and AIX. An agent is available to transfer logs from Microsoft Windows hosts to the central syslog-ng server.
Filter and classify: The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.
IPv4 and IPv6 support: The syslog-ng application can operate in both IPv4 and IPv6 network environments; it can receive and send messages to both types of networks.
