I have just released rsyslog 0.9.2, the first release of it supporting plain TCP syslog. This is really good news, as TCP syslog allows much more secure log transmittal. Not only that the sender has an indication of the message arrived or not. TCP enables also to use cryptography, for example with the help of stunnel or IPSec (IPSec, to the best of my knowledge, doesn't play well with UDP).
So here we are with a syslogd capable of this. So have we arrived? Not really. The current TCP implementation support receiving messages, only. Not yet supported is sending them via TCP, so relaying is also not possible with rsyslog alone. Guess what's the next major thing to be added. Anyhow, even the receiver-only implementation offers many goodies, for example we can now accept messages from Cisco PIX, syslog-ng or our Windows syslog product line. Especially with the later stunnel integration works well, so this buys us many things.
All in all, I am quite happy with today's release. As said, the sending part will follow, but there are also some other things I need to look at, so it might take a few days longer...
Tags: syslog, network security