Hi,

I was curious about the history of syslogd in Slackware and the
motivations for using the logging project that it does. I'm reading the
book How Linux Works by Brian Ward, which lists the common logging
possibilities under Linux as involving journald, rsyslog, and/or
syslog-ng.

Slackware instead uses sysklog, a port from the original BSD code that
goes all the way back to Eric Allman and Sendmail, to 1980. 15.0 has a
refreshed version of that by Joachim Wiberg with code from NetBSD and
FreeBSD that implements newer RFCs. Among the few LinuxQuestions threads
I could find on sysklog -- mostly of the "could you patch this bug"
variety --the two sysklogd versions are referred to as the troglobit
version (Wiberg's updates, 2.X) and the infodrom version (Dr. Wettstein,
Martin Schulze, et al; 1.5.1). Wikipedia seems to lack any mention of
sysklog, but /usr/doc has some decent info.

Do you remember any discussions describing this preference vs. other
distros' for rsyslog or syslog-ng? Or do you have your own opinions?

Regards,
Mike Sm.

On Monday, March 6, 2023 at 12:47:20 PM UTC-6, Mike Small wrote:
> Do you remember any discussions describing this preference vs. other
> distros' for rsyslog or syslog-ng? Or do you have your own opinions?

My first impression of sysklog was poor -- multiple bugs bit me:

* Pointer error causing truncation when forwarding to a tty
* Pointer error causing overread when scanning message buffer
* Logfile corruption by control codes in kernel messages
* Memory leak in socket table breaks message forwarding

But Mr Wiberg was very responsive and welcomed patches. These
problems were all resolved in sysklogd 2.4.1 (1-Aug-22). So I
continue to use the patched sysklogd with confidence.

Note that Slackware 15.0 (stable) still has sysklogd 2.3 (27-Nov-21)
so still has these memory and logfile corruption issues. That's
risky given that sysklog runs as superuser, but looks like it will
not get resolved before the final release of Slackware 15.1.

Cheers! Edward

On Mon, 06 Mar 2023 13:47:15 -0500, Mike Small wrote:
> Do you remember any discussions describing this preference vs. other
> distros' for rsyslog or syslog-ng? Or do you have your own opinions?

I would say that it makes sense to use a syslog software derived from BSD
distributions as Slackware in other parts like starup scripts is rather
"BSD-like". However, my guess is that the main reason that sysklogd whas
choosen was the simple fact that neither syslog-ng (first release 1998)
or rsyslog (first release 2004) was available as choices back in the
early 90s when Slackware was initiated.

I once had the need to configure a log server where clients could send
their messages encrypted to the log server. As Slackware clients with
sysklogd does not natively support encryption to remote servers my
solution ended up using OpenVPN and connecting the sysklogd clients to an
IP address of the server in the OpenVPN network. I don't remember for
sure which software I used for the log server, but it was probably syslog-
ng or possibly rsyslog. However, that software was only used for the
collecting log server, the server which it ran to was also running
sysklogd.

regards Henrik