Date Added: Jul 2010
Traditional syslog solutions can lose a tremendous amount of messages because of using the UDP transport protocol. Measurements have shown that when using UDP to transfer messages to a remote server, syslog can lose over ninety-nine percent of the messages under high load. This ratio can get even worse if a single server has to collect the logs of a large number of clients - meaning that only a fraction of the messages arrive to the central server. It is obvious that UDP is not suitable to transfer important information, like log messages. If one wants to take logging seriously, one have to use a solution based on the TCP protocol, such as syslog-ng.