Features

This page represents the features available in rsyslog. The list will show in which version the features have been implemented. The list is not yet complete and therefore a first draft.

FeatureAvailable since Version
$LocalHostName [name] – this directive permits to overwrite the system hostname with the one specified in the directive. If the directive is given multiple times, all but the last one will be ignored. Please note that startup error messages may be issued with the real hostname. This is by design and not a bug (but one may argue if the design should be changed ;)).4.7.4+, 5.7.3+, 6.1.3+.
support for Hadoop’s HDFS added (via omhdfs)5.7.1
module impstat to emit periodic statistics on rsyslog counters5.7.0
imptcp, a simplified, Linux-specific and potentielly fastsyslog plain tcp input plugin (NOT supporting TLS!)6.1.0
parser module: # pmrfc3164sd (contributed), supports RFC5424 structured data in RFC3164 messages [untested]5.5.6
parser module: # pmlastmsg, which supports the notoriously malformed “last message repeated n times” messages from some syslogd’s (namely sysklogd)5.5.6
new module type “string generator”, used to speed up output processing. Expected speedup for (typical) rsyslog processing is roughly 5 to 6 percent compared to using string-based templates.5.5.6
Support for OS X5.5.2
omruleset output module, which provides great flexibility in action processing. THIS IS A VERY IMPORTANT ADDITION, see its doc for why.5.3.4
ability to create custom message parsers5.3.4
multi-ruleset support to imudp5.3.2
added omuxsock, which permits to write message to local Unix sockets this is the counterpart to imuxsock, enabling fast local forwarding4.7.3
added imptcp, a simplified, Linux-specific and potentielly fast syslog plain tcp input plugin (NOT supporting TLS!)4.7.3
Support for Solaris4.7.1
new feature: “.” action type added to support writing files to relative pathes (this is primarily meant as a debug aid)4.6.2
so-called “On Demand Debug” mode, in which debug output can be generated only after the process has started, but not right from the beginning. This is assumed to be useful for hard-to-find bugs. Also improved the doc on the debug system.4.5.7
ability for the TCP output action to “rebind” its send socket after sending n messages (actually, it re-opens the connection, the name is used because this is a concept very similiar to $ActionUDPRebindInterval). New config directive actionSendTCPRebindInterval added for the purpose. By default, rebinding is disabled. This is considered useful for load balancers.4.5.1
capability to fsync() queue disk files for enhanced reliability (also add’s speed, because you do no longer need to run the whole file system in sync mode)4.5.0
ability for the UDP output action to rebind its send socket after sending n messages. New config directive $ActionSendUDPRebindInterval added for the purpose. By default, rebinding is disabled. This is considered useful for load balancers.4.3.2
new transactional output module interface which provides superior performance (for databases potentially far superior performance)5.1.0
generic network stream server (in addition to rather specific syslog tcp server)4.3.2
capability to run multiple tcp listeners (on different ports)4.3.1
new output plugin omprog, which permits to start program and feed it (via its stdin) with syslog messages. If the program terminates, it is restarted.4.3.0
parser testing suite (still needs to be extended, but a good start)4.1.6
function support in RainerScript. That means the engine parses and compile functions, as well as executes a few build-in ones. Dynamic loading and registration of functions is not yet supported – but we now have a good foundation to do that later on.4.1.6
support for comma-seperated-values (CSV) output generation (via the “csv” property replace option). The CSV format supported is that from RFC 4180.4.1.6
testbed for common config errors3.21.1
world’s first implementation of syslog-transport-tls3.19.0
support for selectively processing messages only during specific timeframes and spooling them to disk otherwise3.17.0
native support for sending mail messages3.17.0
support for arbitrary complex boolean, string and arithmetic expressions in message filters3.12.0
direct support for Firebird/Interbase, OpenTDS (MS SQL, Sybase), SQLLite, Ingres, Oracle, and mSQL via libdbi, a database abstraction layer (almost as good as native)3.11.2
ability to monitor text files and convert their contents into syslog messages (one per line)3.11.2
ability to send SNMP trap messages3.11.1
easy-to-write to plugin interface3.11.1
support for on-demand on-disk spooling of messages that can not be processed fast enough (a great feature for writing massive amounts of syslog messages to a database)
modular design for inputs and outputs – easily extensible via custom plugins3.10.0
the sysklogd’s klogd functionality is implemented as the imklog input plug-in. So rsyslog is a full replacement for the sysklogd package3.10.0
MySQL and Postgres SQL functionality as a dynamically loadable plug-in1.19.0
supports multiple actions per selector/filter condition1.18.0
ability to configure backup syslog/database servers – if the primary fails, control is switched to a prioritized list of backups1.18.0
ability to use regular expressions in filters1.17.0
ability to control repeated line reduction (“last message repeated n times”) on a per selector-line basis1.15.1
ability to generate file names and directories (log targets) dynamically, based on many different properties1.15.0
support for IPv61.14.0
ability to limit the allowed network senders1.13.5
support for sending and receiving compressed syslog messages1.13.0
good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone1.12.2
very experimental and volatile support for syslog-protocol compliant messages (it is volatile because standardization is currently underway and this is a proof-of-concept implementation to aid this effort)1.12.2
massively multi-threaded with dynamic work thread pools that start up and shut themselves down on an as-needed basis (great for high log volume on multicore machines)1.12.0
native support for writing to Postgres databases1.12.0
powerful BSD-style hostname and program name blocks for easy multi-host support1.11.1
support for receiving messages via reliable RFC 3195 delivery (a bit clumpsy to build right now…)1.11.0
ability to execute shell scripts on received messages1.10.1
support for discarding messages based on filters1.10.0
ability to filter on any part of the message, not just facility and severity1.10.0
native support for writing to MySQL databases0.9.6
support for running multiple rsyslogd instances on a single machine0.9.5
support for (plain) tcp based syslog0.9.2
support for log files larger than 2gb0.9.0
ability to filter out messages based on sequence of arrival
support for TLS-protected syslog (both natively and via stunnel)
support for file size limitation and automatic rollover command execution
ability to reformat message contents and work with substrings
control of log output format, including ability to present channel and priority as visible log data
supports sub-configuration files, which can be automatically read from directories. Includes are specified in the main configuration file
ability to preserve the original hostname in NAT environments and relay chains
control of whether the local hostname or the hostname of the origin of the data is shown as the hostname in the output
Scroll to top