[syslog-ng] syslog-ng plugins

Balazs Scheidler bazsi at balabit.hu
Sat Mar 6 16:01:16 CET 2010


This is a repost of my blog article which I've found important enough to
post here as well. The original article is at:


It is about a git branch in the syslog-ng OSE 3.1 git repository, as
such it is available at:


Plugins branch updated

Since the last post, I could hack a couple of hours on the plugins
branch, which now compiles. The plugin framework is capable for
supporting a quite important core functionality: all socket like
sources/destinations are now found in an external plugin called

The reason I've started with afsocket is to make syslog-ng a bit less
dependant on OpenSSL. A couple of distributions didn't include syslog-ng
3.0 in their current releases, because it uses OpenSSL from /usr, while
syslog-ng should remain in the root directory.

By separating afsocket from the syslog-ng core, I can compile afsocket
with and without TLS support, which can be put into separate packages.
Thus syslog-ng can operate without OpenSSL.

And the same plugin framework will enable me to create a wide variety of
plugins. My ideas:
      * Plugins for all syslog-ng components (source, destination,
        filter, rewrite, parser)
      * Python scriptability (a simple correllation engine in Python?)
      * macro transformation functions, for example: $(stripslashes
        $macro), usable anywhere in templates and stripslashes a plugin
        that is invoked whenever such an expansion occurs
      * Hooks for transforming the log message as it enters syslog-ng
        (to fix parsing errors for example),
Do you have other ideas? Please post them as comments or as emails to
the mailing list.

Again, this functionality is experimental, and I'm still going to rebase
the current code and will probably be integrated to syslog-ng 3.2. I got
to release 3.1 final first though. :)


More information about the syslog-ng mailing list