github-starred/awesome-sysadmin
2
0
Fork 0
mirror of https://github.com/awesome-foss/awesome-sysadmin.git synced 2026-03-09 03:33:05 -05:00
Code Issues 104 Packages Projects Releases Wiki Activity

[PR #468] log management: add rsyslog #1108

New Issue
Closed
opened 2025-11-19 21:08:54 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-19 21:08:54 -06:00
Owner
Copy Link

Original Pull Request: https://github.com/awesome-foss/awesome-sysadmin/pull/468

State: closed
Merged: Yes

Thank you for taking the time to work on a PR for Awesome-Sysadmin!

To ensure your PR is dealt with swiftly please check the following:

  • Your additions are Free software
  • Software your are submitting is not your own, unless you have a healthy ecosystem with a few contributors (which aren't your sock puppet accounts).
  • Submit one item per pull request. This eases reviewing and speeds up inclusion.
  • Format your submission as follows, where Demo and Clients are optional.
    Do not add a duplicate Source code link if it is the same as the main link.
    Keep the short description under 80 characters and use sentence case
    for it, even if the project's webpage or readme uses another capitalisation.
    Demo links should only be used for interactive demos, i.e. not video demonstrations.
    - [Name](http://homepage/) - Short description, under 250 characters, sentence case. ([Demo](http://url.to/demo), [Source Code](http://url.of/source/code), [Clients](https://url.to/list/of/related/clients-or-apps)) `License` `Language`
  • Additions are inserted preserving alphabetical order.
  • Additions are not already listed at awesome-selfhosted
  • The Language tag is the main server-side requirement for the software. Don't include frameworks or specific dialects.
  • You have searched the repository for any relevant issues or PRs, including closed ones.
  • Any category you are creating has the minimum requirement of 3 items.
  • Any software project you are adding to the list is actively maintained.
  • The pull request title is informative, unlike "Update README.md".
    Suggested titles: "Add aaa to bbb" for adding software aaa to section bbb,
    "Remove aaa from bbb" for removing, "Fix license for aaa", etc.

Please take some time to answer the following questions as best you can:

  • Why is it awesome?

Rsyslog is a mature, fast, full-featured syslog daemon. It is written in C and has very few dependencies. It has been the default syslog daemon in Debian for many years.

  • Have you used it? For how long?

Yes, since 2015 for personal projects, and 2018 for work-related projects.

  • Is this in a personal or professional setup?

Both.

  • How many devices/users/services/... do you manage with it?

Up to a few dozen hosts (rsyslog clients) forwarding logs to a central rsyslog or graylog aggregator, with message rates between 10 and thousands of messages per second.

  • Biggest pros/cons compared to other solutions?

Pros: It is the the default in Debian and requires no additional configuration for simple, isolated hosts. It has extensive documentation. It is very light on resources. Configuring additional functionality such as log filtering, forwarding, logging to separate files, aggregating logs from multiple files, changing log format... is very simple and well documented. It just works and gets out of the way. As raw text files, syslog logs are easy to manipulate using standard Unix/Linux tools (grep, sed, awk, tail...).

Cons: As a syslog daemon, it handles unstructured log data, and may require additional parsing tools if more complex log analysis is required. Starting with Debian 12, rsyslog will no longer be installed by default, instead systemd-journald will be used [1], so this may mark the beginning of progressively phasing out syslog-based logging services.

  • Any other comments about your use case, things you've found excellent, limitations you've encountered... ?

I mostly use it to forward logs to a central location/log analyzer using TCP/SSL (either graylog, or a central rsyslog daemon), and to aggregate multiple log files to a central log using the imfile module. I have found no significant limitations, at worst some trial-and-error when it comes to parsing extrenal multi-line log files. For quick local log viewing and analysis, I use https://docs.lnav.org/en/latest/ on rsyslog's logs.

**Original Pull Request:** https://github.com/awesome-foss/awesome-sysadmin/pull/468 **State:** closed **Merged:** Yes --- <!-- DO NOT DELETE THE TEXT BELOW. Please make sure relevant boxes are checked [x] --> Thank you for taking the time to work on a PR for Awesome-Sysadmin! To ensure your PR is dealt with swiftly please check the following: - [x] Your additions are [Free software](https://en.wikipedia.org/wiki/Free_software) - [x] Software your are submitting is not your own, unless you have a healthy ecosystem with a few contributors (which aren't your sock puppet accounts). - [x] Submit one item per pull request. This eases reviewing and speeds up inclusion. - [x] Format your submission as follows, where `Demo` and `Clients` are optional. Do not add a duplicate `Source code` link if it is the same as the main link. Keep the short description under 80 characters and use [sentence case](https://en.wikipedia.org/wiki/Letter_case#Sentence_case) for it, even if the project's webpage or readme uses another capitalisation. `Demo` links should only be used for interactive demos, i.e. not video demonstrations. ``- [Name](http://homepage/) - Short description, under 250 characters, sentence case. ([Demo](http://url.to/demo), [Source Code](http://url.of/source/code), [Clients](https://url.to/list/of/related/clients-or-apps)) `License` `Language` `` - [x] Additions are inserted preserving alphabetical order. - [x] Additions are not already listed at [awesome-selfhosted](https://github.com/awesome-foss/awesome-sysadmin) - [x] The `Language` tag is the main **server-side** requirement for the software. Don't include frameworks or specific dialects. - [x] You have searched the repository for any relevant [issues](https://github.com/awesome-foss/awesome-sysadmin/issues) or [PRs](https://github.com/awesome-foss/awesome-sysadmin/pulls), including closed ones. - [x] Any category you are creating has the minimum requirement of 3 items. - [x] Any software project you are adding to the list is actively maintained. - [x] The pull request title is informative, unlike "Update README.md". Suggested titles: "Add aaa to bbb" for adding software aaa to section bbb, "Remove aaa from bbb" for removing, "Fix license for aaa", etc. -------------- Please take some time to answer the following questions as best you can: <!-- Failure to answer these questions in a useful and unbiased way will result in your submission being rejected. --> - **Why is it awesome?** Rsyslog is a mature, fast, full-featured syslog daemon. It is written in C and has very few dependencies. It has been the default syslog daemon in Debian for many years. - **Have you used it? For how long?** Yes, since 2015 for personal projects, and 2018 for work-related projects. - **Is this in a personal or professional setup?** Both. - **How many devices/users/services/... do you manage with it?** Up to a few dozen hosts (rsyslog clients) forwarding logs to a central rsyslog or graylog aggregator, with message rates between 10 and thousands of messages per second. - **Biggest pros/cons compared to other solutions?** **Pros:** It is the the default in Debian and requires no additional configuration for simple, isolated hosts. It has extensive [documentation](https://www.rsyslog.com/doc/v8-stable/). It is very light on resources. Configuring additional functionality such as log filtering, forwarding, logging to separate files, aggregating logs from multiple files, changing log format... is very simple and well documented. It just works and gets out of the way. As raw text files, syslog logs are easy to manipulate using standard Unix/Linux tools (`grep, sed, awk, tail`...). **Cons:** As a [syslog](https://en.wikipedia.org/wiki/Syslog) daemon, it handles unstructured log data, and may require additional parsing tools if more complex log analysis is required. Starting with Debian 12, rsyslog will no longer be installed by default, instead `systemd-journald` will be used [[1]](https://wiki.debian.org/Rsyslog), so this may mark the beginning of progressively phasing out syslog-based logging services. - **Any other comments about your use case, things you've found excellent, limitations you've encountered... ?** I mostly use it to forward logs to a central location/log analyzer using TCP/SSL (either graylog, or a central rsyslog daemon), and to aggregate multiple log files to a central log using the [`imfile`](https://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html) module. I have found no significant limitations, at worst some trial-and-error when it comes to parsing extrenal multi-line log files. For quick local log viewing and analysis, I use https://docs.lnav.org/en/latest/ on rsyslog's logs.
GiteaMirror added the pull-request label 2025-11-19 21:08:54 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
addition
curation
discussion
duplicate
enhancement
feedback needed
fix
help wanted
invalid
non-free
not awesome enough
pull-request
Mirrored from GitHub Pull Request
 question / discussion
reviewers wanted
tools
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/awesome-sysadmin#1108
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?