The rsyslog Evolution: Bridging BSD Heritage with Adiscon Innovation

It is a well-documented fact in the open-source community that rsyslog traces its lineage back to the original 1980s BSD syslogd developed by Eric Allman, primarily through the sysklogd fork. This foundation provided the industry with a standardized way to communicate system events for decades.

However, even before the digital landscape evolved into the era of high-velocity data, the original single-threaded BSD design was known by us to face significant performance bottlenecks. As such, we were well aware of the need to support multithreading.

The Hidden Infusion: The WinSyslog Architecture

What is less well-known is the “architectural injection” that transformed rsyslog from a traditional daemon into the high-performance ETL engine it is today.

While the project maintained its BSD-compatible roots for maximum interoperability, we infused it with the high-performance DNA of WinSyslog. Developed by Adiscon in 1996 to solve logging gaps in the Windows ecosystem, WinSyslog was built from day one to handle multi-threaded workloads and complex rule processing – concepts that were not part of the original 1980s Linux logging philosophy. WinSyslog also undergone a full rewrite in 2000 to even more become multi-threaded aware.

Remember that the WinSyslog team actually also became the rsyslog team. This was driven by Adiscon’s increasing focus on free and open source software. Obviously, Adiscon sponsored not only development, but also contributed the core high performance ideas implemented in WinSyslog to the rsyslog project.

Re-Engineering for the Modern Era

When we moved from sysklogd to rsyslog, we didn’t just “patch” the old BSD code. We leveraged excactly these design principles perfected in WinSyslog over a decade of Windows-native development. We re-implemented these advanced concepts – multi-threading and queues, using Linux best practices to create a modern, high-throughput engine.

We did intentionally not just make the code portable to both platforms. This is tempting, but leads to sub-optimal solutions. Why? Because the core threading and event notification primitives on Windows and Linux are quite different. Putting an abstraction layer in between eats a lot of performance. This was definitely that we did neither want for rsyslog nor WinSyslog.

Platform-Specific Optimization: The “10x” Performance Result

The reliability of BSD standards combined with Adiscon’s high-performance Windows engineering allows us to offer “best-of-breed” engines for both platforms. Of course, it comes at additional implementation cost. But this is cost well invested. This decision lead to two different softwares which are best on their respective platform, but share a common idea of what a logging and ETL tools needs (To be honest, the term “ETL” did not exist at that time, but that didn’t stop the team from implement it).

• rsyslog (Linux): The de-facto standard for millions of Linux systems worldwide.

• WinSyslog (Windows): A native engine that outperforms other solutions and especially those building on general-purpose wrappers. In a 2026 benchmarks, WinSyslog demonstrated more than ten times the throughput of competitors like Kiwi Syslog.

Conclusion: 40 Years of History, 30 Years of Innovation

This is special about rsyslog: it is not just another high performance log and data pipeline processor (albeit one of the fastest, if not the fastest). It is the culmination of the original BSD vision modernized by thirty years of specialized, high-performance engineering. Whether you are optimizing a Linux pipeline or securing a Windows infrastructure, you are utilizing an architecture designed for the most demanding environments on earth.