Insider 2020-02: Portability; secure logging; Mac support; RPM;

Dear syslog-ng users,

This is the 78th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


Keeping syslog-ng portable

I define syslog-ng as an “Enhanced logging daemon with a focus on portability and high-performance central log collection”. One of the original goals of syslog-ng was portability: running the same application on a wide variety of architectures and operating systems. After one of my talks mentioning syslog-ng, I was asked how we ensure that syslog-ng stays portable when all the CI infrastructure focus on 64bit x86 architecture and Linux. You can learn my answer from:

Why choose syslog-ng over rsyslog

A question I often receive is ‘what are the differences between rsyslog and syslog-ng?’ It’s a little tricky to answer. First, because my experience is mostly with syslog-ng, and because there are many similarities between the two projects. This is where the syslog-ng users help me. They can clearly explain from firsthand experience why they chose syslog-ng. The following blog post includes some of the most common reasons why they choose syslog-ng.

Secure logging with syslog-ng

In his presentation at FOSDEM, Stephan Marwedel mentioned a new syslog-ng feature he is working on, namely “(...) the design, implementation, and configuration of the secure logging service. Its aim is to provide tamper evident logging, i.e., to adequately protect log records of an information system against tampering and to provide a sensor indicating attack attempts.” (Marwedel, S. Secure logging with syslog-ng. (n.d.). Retrieved from more about the presentation, and access the slides at A pull request implementing this feature was already sent to syslog-ng on GitHub. You can follow its progress at

State of syslog-ng on Mac

Mac support is a returning question among syslog-ng users, especially when I talk to users in the US. For recent releases, each commit is automatically tested on macOS. However, there is not much information available on Mac support. Recently, I bought a MacBook to be able to test and document syslog-ng on Mac. Here are my first experiences and some future plans.

Installing the latest syslog-ng on openSUSE, RHEL and other RPM distributions

The syslog-ng application is included in all major Linux distributions, and you can usually install syslog-ng from the official repositories. If the core functionality of syslog-ng meets your needs, use the package in your distribution repository (yum install syslog-ng), and you can stop reading here. However, if you want to use the features of newer syslog-ng versions, for example, sending log messages to Elasticsearch or Apache Kafka, you have to either compile syslog-ng from source, or install it from unofficial repositories. This post explains how to do that.



Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit:

Related Content