Generic design of a syslogd

Written 2007-04-10 by Rainer Gerhards

The text below describes a generic approach on how a syslogd can be implemented. I created this description for some other project, where it was not used. Instead of throwing it away, I thought it would be a good addition to the rsyslog documentation. While rsyslog differs in details from the description below, it is sufficiently close to it. Further development of rsyslog will probably match it even closer to the description.

If you intend to read the rsyslog source code, I recommend reading this document here first. You will not find the same names and not all of the concepts inside rsyslog. However, I think your understanding will benefit from knowing the generic architecture.


   +-----------------+
   | "remote" PLOrig |
   +-----------------+
       |
       I  +--------+-----+-----+          +-----+-------+------+-----+
       P  | PLOrig | GWI | ... |          | GWO | Store | Disc | ... |
       C  +--------+-----+-----+          +-----+-------+------+-----+
       |        |                                          ^
       v        v                                          |
      +--------------+        +------------+          +--------------+
      | PLGenerator  |        |  RelayEng  |          | CollectorEng |
      +--------------+        +------------+          +--------------+
             |                      ^                       ^
             |                      |                       |
             v                      v                       |
      +-------------+         +------------+          +--------------+
      |   PLG Ext   |         | RelEng Ext |          | CollcEng Ext |
      +-------------+         +------------+          +--------------+
             |                      ^                       ^
             |                      |                       |
             v                      v                       |
      +--------------------------------------------------------------+
      |                      Message Router                          |
      +--------------------------------------------------------------+
                         |                            ^
                         v                            |
      +--------------------------------------------------------------+
      |           Message CoDec (e.g. RFC 3164, RFCYYYY)             |
      +--------------------------------------------------------------+
                         |                            ^
                         v                            |
      +---------------------+-----------------------+----------------+
      |    transport UDP    |    transport TLS      |      ...       |
      +---------------------+-----------------------+----------------+

                Generic Syslog Application Architecture