Rsyslog has all sorts of input and output drivers, and can be set up without a spool directory, so that it's all in-memory. Don't know about syslog-ng, I'm sure it has similar support.
I stand corrected then! I have to say I don't have a huge amount of experience with syslog, but after a little bit of resarch it looks like it does support mostly in-memory (with some sync to disk) logging.
> Syslog is just a [family] of network protocols[, most informally specified.]
syslog-ng (my syslog of choice) has 3 'syslog' network protocols. `tcp`/`udp`, `network`, and `syslog`. Now lets play 'match the syslog-ng name to the rfc` (or lack thereof)!
Syslog didn't start out as a standard, and the RFCs basically just try to formalize what was already implemented in OSes. It's a big mess. The protocol itself is not... great.
Hi, regarding syslog-ng and RFCs:
- The udp driver is RFC3164, the original syslog protocol (also called BSD-syslog)
- tcp driver is the same, just uses tcp instead of udp
- the network driver is just a wrapper for the tcp+udp drivers (it also supports TLS-encryption)
- the syslog driver uses the newer syslog protocol, RFC5424.
HTH,
Regards,
Robert
syslog-ng documentation maintainer
