[logs] Seeking advise on syslogd features

From: Rainer Gerhards (rgerhards@private)
Date: Fri Sep 26 2003 - 01:47:18 PDT

  • Next message: Rainer Gerhards: "RE: [logs] Newbie questions - remote logging integration"

    Hi list,
    I am happy to say that we have finally decided to build an enhanced
    syslogd for Linux (and hopefully other *nixes). As some of you may know,
    we have a good track record on Windows in this regard and I am confident
    we can add value to the *nix community, too.
    I am right now in the design phase and looking for some advise. I would
    appreciate any and all suggestions! The syslogd will be open source,
    most probably under GPL (but not decided yet).
    My current plans are to release a 1.0 version of our linux syslog
    - based on syslogd from sysklogd package and our liblogging
    - supporting UDP & RFC TCP & most probably legacy TCP (syslog-ng,
    Adiscon, Kiwi to name those I know for sure)
    The main point of this release will be RFC3195 support for reliable
    syslog over TCP. From the developer's point of view, it will be the
    initial release that works both as a proof of concept as well as
    foundation for further work (even though 2.0 will most probably be
    largely rewritten).
    For 2.0, I plan many of the features our Windows-based products offer,
    like logging to database, improved actions,
    high-performance-multi-threaded message queue manger and so on. This is
    planned to be a rewrite, not a port.
    I would like to receive feedback from the community to aid me in my
    design and prioritization. While it would be nice to put all and
    everything in, there are some obvious resource constrainst, especially
    as we can't earn money from the software itself. While funding for the
    project is fortunately available now, it is limited. I try to direct
    this limited funds into the best solution.
    So my main question is WHAT the community (you ;)) thinks are the most
    important features. Those that we should set on top of the todo list. I
    would, anyhow, also like to hear about features you would like to see
    but you find to be not so important. The reason is I try to build an as
    complete as possible picture - this will allow me to base design
    decision on the broad picture, even though things will not get
    implemented immediately.
    As I side note, I would also appreciate any suggestions on what you
    would find an acceptable way to raise funds not only for the initial
    development as well as ongoing maintenance AND enhancement of the
    We are releatively new to open source (actually monitoring things
    somewhat deeper for around a year now). I have to admit that I only
    slowly begin to understand some of the funding methods, and I for sure
    do not have a clear or comprehensive picture. For example, I am asking
    myself if selling support is the only option or if some functionality
    (e.g. database integration) could be sold at a moderate price. Please
    bear with me - I am not trying to trick you into anything. This is a
    honest request from a newbie in this area. The intent is to learn what
    is generally accepted and considered to be fair.
    Again, I would appreciate any comments. Please don't hesitate to comment
    if you "just" have some technical comments. In fact, these are the most
    important ones to me at this time.
    Many thanks,
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Fri Sep 26 2003 - 17:07:12 PDT