This page represents the features available in rsyslog. The list will show in which version the features have been implemented. The list is not yet complete and therefore a first draft.
|Available since Version
|$LocalHostName [name] – this directive permits to overwrite the system hostname with the one specified in the directive. If the directive is given multiple times, all but the last one will be ignored. Please note that startup error messages may be issued with the real hostname. This is by design and not a bug (but one may argue if the design should be changed ;)).
|4.7.4+, 5.7.3+, 6.1.3+.
|support for Hadoop’s HDFS added (via omhdfs)
|module impstat to emit periodic statistics on rsyslog counters
|imptcp, a simplified, Linux-specific and potentielly fastsyslog plain tcp input plugin (NOT supporting TLS!)
|parser module: # pmrfc3164sd (contributed), supports RFC5424 structured data in RFC3164 messages [untested]
|parser module: # pmlastmsg, which supports the notoriously malformed “last message repeated n times” messages from some syslogd’s (namely sysklogd)
|new module type “string generator”, used to speed up output processing. Expected speedup for (typical) rsyslog processing is roughly 5 to 6 percent compared to using string-based templates.
|Support for OS X
|omruleset output module, which provides great flexibility in action processing. THIS IS A VERY IMPORTANT ADDITION, see its doc for why.
|ability to create custom message parsers
|multi-ruleset support to imudp
|added omuxsock, which permits to write message to local Unix sockets this is the counterpart to imuxsock, enabling fast local forwarding
|added imptcp, a simplified, Linux-specific and potentielly fast syslog plain tcp input plugin (NOT supporting TLS!)
|Support for Solaris
|new feature: “.” action type added to support writing files to relative pathes (this is primarily meant as a debug aid)
|so-called “On Demand Debug” mode, in which debug output can be generated only after the process has started, but not right from the beginning. This is assumed to be useful for hard-to-find bugs. Also improved the doc on the debug system.
|ability for the TCP output action to “rebind” its send socket after sending n messages (actually, it re-opens the connection, the name is used because this is a concept very similiar to $ActionUDPRebindInterval). New config directive actionSendTCPRebindInterval added for the purpose. By default, rebinding is disabled. This is considered useful for load balancers.
|capability to fsync() queue disk files for enhanced reliability (also add’s speed, because you do no longer need to run the whole file system in sync mode)
|ability for the UDP output action to rebind its send socket after sending n messages. New config directive $ActionSendUDPRebindInterval added for the purpose. By default, rebinding is disabled. This is considered useful for load balancers.
|new transactional output module interface which provides superior performance (for databases potentially far superior performance)
|generic network stream server (in addition to rather specific syslog tcp server)
|capability to run multiple tcp listeners (on different ports)
|new output plugin omprog, which permits to start program and feed it (via its stdin) with syslog messages. If the program terminates, it is restarted.
|parser testing suite (still needs to be extended, but a good start)
|function support in RainerScript. That means the engine parses and compile functions, as well as executes a few build-in ones. Dynamic loading and registration of functions is not yet supported – but we now have a good foundation to do that later on.
|support for comma-seperated-values (CSV) output generation (via the “csv” property replace option). The CSV format supported is that from RFC 4180.
|testbed for common config errors
|world’s first implementation of syslog-transport-tls
|support for selectively processing messages only during specific timeframes and spooling them to disk otherwise
|native support for sending mail messages
|support for arbitrary complex boolean, string and arithmetic expressions in message filters
|direct support for Firebird/Interbase, OpenTDS (MS SQL, Sybase), SQLLite, Ingres, Oracle, and mSQL via libdbi, a database abstraction layer (almost as good as native)
|ability to monitor text files and convert their contents into syslog messages (one per line)
|ability to send SNMP trap messages
|easy-to-write to plugin interface
|support for on-demand on-disk spooling of messages that can not be processed fast enough (a great feature for writing massive amounts of syslog messages to a database)
|modular design for inputs and outputs – easily extensible via custom plugins
|the sysklogd’s klogd functionality is implemented as the imklog input plug-in. So rsyslog is a full replacement for the sysklogd package
|MySQL and Postgres SQL functionality as a dynamically loadable plug-in
|supports multiple actions per selector/filter condition
|ability to configure backup syslog/database servers – if the primary fails, control is switched to a prioritized list of backups
|ability to use regular expressions in filters
|ability to control repeated line reduction (“last message repeated n times”) on a per selector-line basis
|ability to generate file names and directories (log targets) dynamically, based on many different properties
|support for IPv6
|ability to limit the allowed network senders
|support for sending and receiving compressed syslog messages
|good timestamp format control; at a minimum, ISO 8601/RFC 3339 second-resolution UTC zone
|very experimental and volatile support for syslog-protocol compliant messages (it is volatile because standardization is currently underway and this is a proof-of-concept implementation to aid this effort)
|massively multi-threaded with dynamic work thread pools that start up and shut themselves down on an as-needed basis (great for high log volume on multicore machines)
|native support for writing to Postgres databases
|powerful BSD-style hostname and program name blocks for easy multi-host support
|support for receiving messages via reliable RFC 3195 delivery (a bit clumpsy to build right now…)
|ability to execute shell scripts on received messages
|support for discarding messages based on filters
|ability to filter on any part of the message, not just facility and severity
|native support for writing to MySQL databases
|support for running multiple rsyslogd instances on a single machine
|support for (plain) tcp based syslog
|support for log files larger than 2gb
|ability to filter out messages based on sequence of arrival
|support for TLS-protected syslog (both natively and via stunnel)
|support for file size limitation and automatic rollover command execution
|ability to reformat message contents and work with substrings
|control of log output format, including ability to present channel and priority as visible log data
|supports sub-configuration files, which can be automatically read from directories. Includes are specified in the main configuration file
|ability to preserve the original hostname in NAT environments and relay chains
|control of whether the local hostname or the hostname of the origin of the data is shown as the hostname in the output