For me, the most compelling differences in favoe of syslog-ng are; 1. Streaming live logs to an application. In our environment we stream the logs into applications that identify critical events adn then send the events into nagios for alerting, acknowledgement and reporting. We also send critical events into out trouble ticket system. Intrusion detection etc. 2. The ability to have the pattern database. it isn't just about collecting logs. Anyone can do that. Its about mining the logs for the important things, and the unknown things. The pattern database is critical in this effort. Evan Rempel syslogng@feystorm.net wrote:
Well I dont know what all features rsyslog has, but syslog-ng has all the ones you mentioned. The sql support and solaris are both available in the OSE, and the disk based buffering is available in PE. What does rsyslog have that syslog-ng doesnt? Just curious.
-Patrick
Sent: Thursday, August 12, 2010 9:00:46 AM From: Christophe Brocas <christophe.brocas@cnamts.fr> To: syslog-ng@lists.balabit.hu Subject: [syslog-ng] Syslog-NG OSE : a more and more difficult choice to make.
Hello everybody,
I really enjoy the syntax, the stability, the flexibility and the so clear and accurate documentation of Syslog-NG OSE. This is why I write this post, I love the product, my message is definitively not a troll.
Despite above positive aspects, it is more and more difficult to choose Syslog-NG OSE in corporate environment where you have Linux platforms and others Unix flavors. Rsyslog comes with security and performance features (sql driver, disk based bufferring, Solaris port etc) inside whose can only be acquired through Premium Syslog-NG Edition.
If in the future, Rsyslog provides an AIX port on PPC architecture, I really think it will be an ended story for Syslog-NG on corporate environment : it will no more exist a technical reason to stay with an open source under powered solution like Syslog-NG OSE or to buy a solution while it exists an opensource solution with same / more features.
I really understand everybody has to earn its life, really. But the current situation in the open source syslog products area is quite difficult for Syslog-NG, that's why I wanted to point the above facts in corporate environment out to you. I don't know how to do : more appliances, more closed products, more consulting ... but the 2 flavors (free and paid) of Syslog-NG are imho an each day harder choice to defend.
It is the message from a Syslog-NG user that would like to be able to promote and use it in its company for a long time.
Thank you for your reading.
Bye Christophe
-- Evan Rempel Senior Systems Administrator 250.721.7691 Unix Services, University Systems, University of Victoria