The syslog-ng Insider 2022-05: directions;  EPEL 9; throttle; regexp-parser;

Dear syslog-ng users,

This is the 101st issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.


syslog-ng on the long term: a draft on strategic directions

Balázs Scheidler, founder of the syslog-ng project, describes five possible strategic directions:

“In the past few weeks I performed a round of discussions/interviews with syslog-ng users. I also spent time looking at other products and analyst reports on the market. Based on all this information I’ve come up with a list of potential strategic directions for syslog-ng to tackle. Focusing on these and prioritizing features that fall into one of these directions ensures that syslog-ng indeed moves ahead.”

Read the rest of the blog at

A minimalist syslog-ng package is heading to EPEL 9

Last week, the ivykis library, the most important core dependency of syslog-ng landed in EPEL 9 successfully. There are still plenty of dependencies missing, but this way, I could submit a slightly cut down version of syslog-ng to EPEL 9. Hopefully the rest of the dependencies will arrive in EPEL 9 as well. I plan to update the syslog-ng package as soon as the dependencies arrive. Luckily, these are only needed to enable some less frequently used syslog-ng destination drivers, no core functionality is affected.

The difference between throttle() and rate-limit() in syslog-ng

There are multiple ways in syslog-ng to limit message rate. The throttle() option of syslog-ng destinations tries to make sure that all messages are delivered without exceeding a specified message rate. The rate-limit() filter introduced in syslog-ng 3.36 drops surplus log messages, making sure that a processing pipeline or destination is not overloaded with log messages.

Using the regexp-parser of syslog-ng

For many years, you could use the match() filter of syslog-ng to parse log messages with regular expressions. However, the primary function of match() is filtering. Recent syslog-ng versions now have a dedicated regular expression parser, the regexp-parser(). So, you should use match() only if your primary use case is filtering. Otherwise, use the regexp-parser for parsing, as it is a lot more flexible.


Your feedback and news, or tips about the next issue are welcome. To read this newsletter online, visit:

Related Content