Hello Christophe, First of all, thanks for your email. I really appreciate honest opinions, and although not all of your points are accurate, messages like this actually has an influence on syslog-ng direction. On Thu, 2010-08-12 at 17:00 +0200, Christophe Brocas wrote:
Hello everybody,
I really enjoy the syntax, the stability, the flexibility and the so clear and accurate documentation of Syslog-NG OSE. This is why I write this post, I love the product, my message is definitively not a troll.
Despite above positive aspects, it is more and more difficult to choose Syslog-NG OSE in corporate environment where you have Linux platforms and others Unix flavors. Rsyslog comes with security and performance features (sql driver, disk based bufferring, Solaris port etc) inside whose can only be acquired through Premium Syslog-NG Edition.
This is not completely true, the platforms supported by syslog-ng are by no means less than the premium edition. We don't build binaries of the OSE edition for all of PE's platforms, but the code is the same, everyone is free to build it on his/her platform of choice. In fact a number of binary download site do have syslog-ng binaries (sunfreeware for Solaris, perzl.org for AIX) and we also work together with the maintainers of these sites on updating OSE packages in these repositories, just like we worked hard to update the syslog-ng package in Linux distributions. syslog-ng OSE had the SQL destination feature since 2.1, first released in January 2008. The only missing item in your list is disk based buffering. This is true, but also quite easy to work around: * write everything to a local file and * set up the same file as a source driver So while it may seem that rsyslog has more hype around it, it isn't true, that it surpasses syslog-ng OSE in all ways. Also, I feel important to note that syslog-ng has been refocused in recent years and now it also cares about the content of the messages. It is not merely a transport for syslog messages anymore and I think this certainly is ahead of what rsyslog provides. This is what those parsers & rewrite rules are about, and also in the recent 3.2 release it also introduces support for binary but structured source files (it can read Process Accounting logs). Doing things like receiving SNMP traps as name-value pairs and polling SQL tables for new logs are in the pipe. I'd like to push out an update to the current syslog-ng OSE roadmap at the webpage, but anyway, here are my plans for the near future: 1) syslog-ng OSE 3.2 is out as an alpha release, but I don't expect too much problems there, I guess 3.2.0 can be released latest in a month. syslog-ng was rearchitected to be plugin based and other important changes were applied (see my last blog posts for more details). 2) syslog-ng OSE 3.3/syslog-ng PE 4.0 is going to be developed in parallel, * OSE 3.3 will focus on performance * PE 4.0 is going to be the last long-term-support release ("stable" as we call it) based on the current, forked syslog-ng OSE codebase 3) syslog-ng PE and OSE will be merged into PE 4.1, this means that existing core (e.g. non-plugin) features of the PE will be migrated to the OSE and core-wise they will become equivalent. This will mean that the "wildcard log files" and the recent multiline feature will definitely go to the OSE version. The disk buffer however is still undecided.
If in the future, Rsyslog provides an AIX port on PPC architecture, I really think it will be an ended story for Syslog-NG on corporate environment : it will no more exist a technical reason to stay with an open source under powered solution like Syslog-NG OSE or to buy a solution while it exists an opensource solution with same / more features.
I would really question that rsyslog has the same or more features. In some areas it surpasses syslog-ng, in others it is lacking.
I really understand everybody has to earn its life, really. But the current situation in the open source syslog products area is quite difficult for Syslog-NG, that's why I wanted to point the above facts in corporate environment out to you. I don't know how to do : more appliances, more closed products, more consulting ... but the 2 flavors (free and paid) of Syslog-NG are imho an each day harder choice to defend.
Well, don't look at the functionality only. In the PE edition there are: * binaries for 27 platforms (and growing) * thorough testing for each release * long term support Apart from the few feature differences, PE really makes it easier to deploy syslog-ng in enterprise environment. If you have 3 different platforms (Solaris, Linux, AIX), possibly multiple versions of these, how long does it take to compile syslog-ng on them? And what if there's a bug/security issue and you need to rebuild? It is exactly the same set of incentives that for example RedHat uses in its Enterprise Linux offering. The difference is that we also have some additional features, because certainly an Operating System is applicable to more situations, the market is larger and the number of people willing to pay solely for services is larger. With syslog-ng, this is not true. But, please read my recent blog post (also posted to this list).
It is the message from a Syslog-NG user that would like to be able to promote and use it in its company for a long time.
Hopefully I could at least blur the picture somewhat. It is not black & white. -- Bazsi