原文地址:http://www.rsyslog.com/doc/rsyslog_ng_comparison.html
初学,试着翻译,如果有什么错误,欢迎大家指出,谢谢!
This comparison page is rooted nearly 5 years in the past and has become severely outdated since then. It was unmaintained for several years and contained false information on both syslog-ng and rsyslog as technology had advanced so much.
这个比较页在过去近5年被根深蒂固,它已经严重的过时。几年来没被维护,并且syslog-ng和rsyslog 技术已经进步了很多的情况下,它包含错误的信息。
This page was initially written because so many people asked about a comparison when rsyslog was in its infancy. So I tried to create one, but it was hard to maintain asboth projects grew and added feature after feature. I have to admit we did not try hard to keep it current -- there were many other priorities. I even had forgetten about this page, when I saw that Peter Czanik blogged about its incorrectness (it must be noted that Peter is wrong on RELP - it is well alive). I now remember that he asked me some time ago about this page, what I somehow lost... I guess he must have been rather grumpy about that :-(
这页最初被写是因为,当rsyslog还处在初期的时候,有很多人问它们之间的比较。所以我尝试写了它,但是随着项目的成长和不断添加功能特色,维护它是很困难的。我必须承认,我们没有很努力地去让它保持正确-----我们有其他优先考虑的事情。我甚至忘记了有这一页东西,当我看到Peter Czanik 博客记录着关于它不正确的一些东西(它应该是记录着Peter在 RELP是错误的---它好好活着)。现在我想起前段时间他问我关于这一页,具体内容我忘记了….我猜想他肯定对此很暴躁:-(
Visiting this page after so many years is interesting, because it shows how much has changed since then. Obviously, one of my main goals in regard to syslog-ng is reached: in 2007, I blogged that the world needs another syslogd in order to have healthy competition and a greate feature set in the free editions. In my opinion, the timeline clearly tells that rsyslog's competition has driven more syslog-ng features from the commercial to the free edition. Also, I found it interesting to see that syslog-ng has adapted rsyslog's licensing scheme, modular design and multi-threadedness. On the other hand, the Balabit folks have obviously done a quicker and better move on log normalization with what they call patterndb (it is very roughly equivalent to what rsyslog has just recently introduced with the help of liblognorm).
很多年之后浏览这页觉得很有意思,因为它展示了从那时候开始很多的变化。很明显,我视为主要的目标之一的syslog-ng在已经达到,2007年,我记录在博客《The world needs another syslogd》以便有一个良性竞争,并且一个很大的特色加入到免费版本。在我看来,时间清楚地说明syslog的竞争已经使更多 syslog-ng 特征 从商业版本到免费版本。同时,我发现很有趣的地方,syslog-ng 已经适应rsyslog的许可证方案,标准设计和多线性。另一方面,Balabit folks对于常规日志已经很明显地做了一个更快更好的移动 ,他们称之为Patterndb(这是大致相当于rsyslog近期刚刚推出的liblognorm的帮助)
To that account, I think the projects are closer together than 5 years ago. I should now go ahead and create a new feature comparison. Given previous experience, I think this does not work out. In the future, we will probably focus on some top features, as Balabit does. However, that requires some time and I have to admit I do not like to drop this page that has a lot of inbound links. So I think I do the useful thing by providing these notes and removing the syslog-ng information. So it can't be wrong on syslog-ng any more. Note that it still contains some incorrect information about rsyslog (it's the state it had 5 years ago!). The core idea is to start with updating the rsyslog feature sheet and from there on work to a complete comparision. Of course, feel free to read on if you like to get some sense of history (and inspiration on what you can still do -- but more ;)).
到这个帐户,我认为这个项目比5年前更加联结紧密。我应该现在开始创建一个新性能比较表。根据以前的经验,我认为这不起效。在未来,我们将很可能聚焦在一些高端特点,比如Balabit之类的。然而,还需要一些时间并且我必须承认,我不喜欢删除这个有很多入站链接的页。所以我认为我 提供这些笔记并且移除syslog-ng的信息 是件有益的事情。所以syslog-ng不能有任何错误。注意:它仍然包含关于rsyslog一些不正确的信息(它还停留在5年前)。核心理念要开始与更新rsyslog特征,并从这里工作到一个完整的比较。当然,如果你想得到一些历史的原理(和灵感,你可以继续这么做,更多),你可以继续阅读下去。
Thanks,
Rainer Gerhards
Feature特性 | rsyslog | syslog-ng |
Input Sources 输入源 | ||
UNIX domain socket | yes | |
UDP | yes | |
TCP | yes | |
RELP | yes | |
RFC 3195/BEEP | yes(via im3195) | |
kernel log | yes | |
file | yes | |
mark message generator as an optional input 标记信息产生者作为一个参数输入 | yes | |
windows Event Log | via a Windows event logging software such as EventReporter or MonitorWare Agent (both commercial software,both fund rsyslog development) 通过Windows事件日志软件,例如EventReporter或MonitorWare Agent都是商业软件都是rsyslog发展基本会 | |
Network(protocol Support) | 网络协议支持 | |
support fo (plain )tcp based syslog 支持tcp基础的syslog | yes | |
support for GSS-API 支持GSS-API | yes | |
ability to limit the allowed network senders (syslog ACLs) 能限制允许网络发送者(syslog ACLs) | yes | |
support for syslog-transport-tls based framing on syslog/tcp connections 在syslog/tcp连接时,支持syslog-transport-tls基础框架 | yes | |
udp syslog | yes | |
syslog over RELP truly reliable message delivery (Why is plain tcp syslog not reliable?) 日志通过RELP进行真实可以的信息传输(为什么是简单的tcp 日志 而不是可靠的?) | yes | |
on the wire(zlib)message compression 在电线信息压缩 | yes | |
support for receiving messages via reliable RFC 3195 delivery 支持通过可靠的RFC 3195传输接收信息 | yes | |
support for TLS/SSL-protected syslog 支持TLS/SSL协议日志 | natively (since 3.19.0) via stunnel 从3.19.0开始通过stunnel | |
support for IETF's new syslog-protocol draft 支持IETF的新系统日志协议草稿 | yes | |
support for IETF's new syslog-transport-tls draft 支持IETF的新 syslog-transport-tls 草稿 | yes (since 3.19.0 - world's first implementation 实现 ) | |
support for IPv6 支持IPv6 | yes | |
native ability to send SNMP traps 自带能发送SNMP traps | yes | |
ability to preserve the original hostname in NAT environments and relay chains 能在NAT环境和传递链时保留原服务器 | yes | |
Message Filtering 信息过滤 | ||
Filtering for syslog facility and priority 过滤syslog设备和优先权 | yes | |
Filtering for hostname 过滤主机名 | yes | |
Filtering for application 过滤应用 | yes | |
Filtering for message contents 过滤信息正文 | yes | |
Filter for sending IP address 过滤发送IP地址 | yes | |
ability to filter on any other message field not mentioned above (including substrings and the like) 能过滤其他信息领域 不包含以上的(包括 子串和类似的东西) | yes | |
support for complex filters,using full boolean algebra with and/or/not operators and parenthesis 支持复制的过滤,用布尔运算符(and/or/not操作符和括号) | yes | |
Support for reusable filters:specify a filter once and use it in multiple selector lines 支持可重用的过滤器:指定一个过滤器一次,用它在多个选择线 | no | |
support for arbritrary complex arithmetic and string expressions inside filters 支持arbritrary烦杂的数学表达式和字符串内过滤器 | yes | |
ability to use regular expression in filters 在过滤器中使用常规表达式 | yes | |
support for discarding messages based on filters 支持在过滤器的基础上丢弃信息 | yes | |
ability to filter out messages based on sequence of appearing 能过滤掉序列信息 | yes | |
powerful BSD-style hostname and program name blocks for easy multi-host support 强大的BSD-style主机名和程序块多个网域支持容易 | yes | |
Supported Database Outputs 数据库输出支持 | ||
MySQL | yes(native ommysql , omlibdbi) | |
PostgreSQL | yes(native ompgsql,omlibdbi) | |
Oracle | yes (omlibdbi) | |
SQLite | yes (omlibdbi) | |
Microsoft SQL (Open TDS) | yes (omlibdbi) | |
Sybase (Open TDS) | yes (omlibdbi) | |
Firebird/Interbase | yes (omlibdbi) | |
Ingres | yes (omlibdbi) | |
mSQL | yes (omlibdbi) | |
Enterprise Features 企业特性 | ||
support for on-demand on-disk spooling of messages 支持磁盘上的设备,需要的信息 | yes | |
ability to limit disk space used by spool files 能力限制磁盘空间用于卷文件 | yes | |
each action can use its own, independant set of spool files 你的每一个动作可以用自己独立组卷文件 | yes | |
different sets of spool files can be placed on different disk 不同的卷文件可以被放置在不同的磁盘 | yes | |
ability to process spooled messages only during a configured timeframe (e.g. process messages only during off-peak hours, during peak hours they are enqueued only) 处理信息能力线轴仅在设定的时间表(如过程信息,只有在离峰时间高峰时间,他们入队唯一的) | yes r the main queue and each action queue) | |
ability to configure backup syslog/database servers 能配置后备syslog/database服务器 | yes | |
Professional Support 专业支持 | yes | |
Config File 配置文件 | ||
config file format | compatible to legacy syslogd but ugly 兼容以前的日志,但很丑 | |
ability to include config file from within other config files 能在配置文件中包含其他配置文件 | yes | |
ability to include all config files existing a specific directory 能包含一个特殊目录中存在的所有配置文件 | yes | |
Extensibility 扩展性 | ||
Functionality split in separately loadable modules 分裂的功能独立加载模块 | yes | |
Support for third-party input plugins 支持第三方输入插件 | yes | |
Support for third-part output plugins 支持第三方输出插件 | yes | |
Other Features 其他特性 | ||
ability to generate file names and directories (log targets) dynamically 能够动态地生成文件名和目录(日志目标) | yes | |
control of log output format, including ability to present channel and priority as visible log data 控制的日志输出格式,包括当浏览日志数据的时候有现在的通道和优先级 | yes | |
native ability to send mail messages 自带发送邮件信息 | yes(ommail,introduced in .3.17.0) | |
good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone 良好的时间格式控制;最小程序上,ISO 8601/RFC 3339 second-resolution UTC 区域 | yes | |
ability to reformat message contents and work with substrings 能格式化信息内容和工作的子串 | yes | |
support for log files larger than 2gb 支持最大2GB的日志文件 | yes | |
support for log file size limitation and automatic rollover command execution 支持日志文件大小限制和自动翻转命令执行 | yes | |
support for running multiple syslogd instances on a singale machine 支持多种syslogd实例运行在单一的机器 | yes | |
ability to execute shell scripts on received messages 能在接收信息时执行SHELL脚本 | yes | |
ability to pipe messages to a continously running program 在不间断程序运行时能管道输送信息 | ||
massively multi-threaded for tomorrow's multi-core machines | yes | |
ability to control repeated line reduction ("last message repeated n times") on a per selector-line basis | yes | |
supports multiple actions per selector/filter condition | yes | |
web interface | phpLogCon | |
using text files as input source | yes | |
rate-limiting output actions | yes | |
discard low-priority messages under system stress | yes | |
flow control (slow down message reception when system is busy) | yes (advanced, with multiple ways to slow down inputs depending on individual input capabilities, based on watermarks) | |
rewriting messages | yes | |
output data into various formats | yes | |
ability to control "message repeated n times" generation | yes | |
license | GPLv3 (GPLv2 for v2 branch) | |
supported platforms | Linux, BSD, anecdotical seen on Solaris; compilation and basic testing done on HP UX | |
DNS cache | ||