Whenever I present syslog-ng at a conference or I stand next to a booth, people often ask me why should they use syslog-ng instead of one of its competitors. So let me summarize what the users and developers of syslog-ng typically consider as its most important values.
Documentation
Yes, I know, this is not syslog-ng itself. However, talking to some of our most active and loyal users, one common feedback was that they had chosen syslog-ng because of the quality of its documentation. Syslog-ng have always had very detailed and (usually) up-to-date documentation. Unfortunately though, there has been a period when our documentation has fallen victim of resource shortages for a while. However, as soon as these resource shortages have been taken care of, bringing our documentation up to pace has been at the top of our list.
Enterprise software
“Enterprise” is quite an overused word and I know plenty of people who stop reading anything when this word appears. So, I am open to suggestions what to use instead of it… :-) However, right now, “enterprise” is what best describes our approach in a single word. And what does “enterprise” software mean for us? Well, continuous development while maintaining stability and compatibility as much as possible in all aspects of syslog-ng. Namely, in its configuration, platform support and features.
Configuration
When it comes to syslog-ng configuration, let me use yet another overused expression: “evolution, instead of revolution”. The syslog-ng project started in 1998, so it is over 25 years old now. But no matter when you started using syslog-ng, you can still use your knowledge of it from many years ago. Of course, this does not mean that syslog-ng stayed completely the same, as its configuration has been extended in many ways over the years. However, its basic structure has not changed. If there were any important and / or incompatible changes, the version string at the beginning of the configuration allows syslog-ng to provide you with a meaningful list of changes and recommendations affecting your config.
Platform support
One of the original goals of syslog-ng was to support a wide variety of platforms. Because of this, all major BSD, Linux and UNIX platforms of their times were supported, except probably for SGI. Of course the list of supported platforms has changed throughout the years: some of the platforms (like HP/UX or DEC) have disappeared, while others (like Solaris) are on life support only, due to a lack of interest. At the same time, new platforms have also appeared, like MacOS or AIX. Syslog-ng works on these operating systems running on x86, ARM, POWER, MIPS, s390, or RiscV architectures (and also on architectures I have never even heard about before…).
Testing all variants before each git commit would be of course quite an overhead. Because of this, the code is tested “only” on a smaller subset of platforms: namely, on Linux, FreeBSD and MacOS on x86 and ARM architectures. Besides, I also regularly run tests on some 32-bit systems and POWER as well.
Features
As you could guess by now, we take every precaution to make sure that new features or bug fixes do not have any unfavorable side effects on the rest of syslog-ng. Thousands of automatic test cases help us to make sure of that. And while most of us use one of the latest desktop Linux distributions for development, we are also aware that most of our users run syslog-ng on old enterprise Linux distributions. While RHEL 10 is already available, many banks or HPC clusters are still running on ancient distros, like RHEL 8, or just introducing RHEL 9. From private discussions, I am aware that some of these still have many machines on RHEL 7 and run the latest syslog-ng 4.x version compiled in-house… :-)
I already mentioned platform support. Supporting old (but not end-of-life) operating systems is also important for our users. It is a major PITA sometimes, but users expect most syslog-ng features to be available on all platforms and operating system versions. That said, when a feature is based on a relatively new Linux kernel feature, then ancient distros or other operating systems are unfortunately out of luck.
What is next?
In short, syslog-ng is used in a variety of environments: large sites with a mature infrastructure, smaller sites, or startups as well. And no matter what, we keep developing in an “enterprise” style to ensure that:
-
There are no half-baked new features.
-
We support a wide variety of platforms.
-
We support the majority of syslog-ng features also on older operating system versions.
This ensures that even when your organization matures, you can still keep using syslog-ng.
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.