diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2010-09-28 17:52:15 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2010-09-28 17:52:15 +0200 |
| commit | f4d6418102033c22b0ae71d496e993b00773b5c4 (patch) | |
| tree | 61a42c00a5f76aa633c969844536446ca648e6bb | |
| parent | 054d2ccdd6044f94823f8facbda935cb70646333 (diff) | |
| download | rsyslog-f4d6418102033c22b0ae71d496e993b00773b5c4.tar.gz rsyslog-f4d6418102033c22b0ae71d496e993b00773b5c4.tar.xz rsyslog-f4d6418102033c22b0ae71d496e993b00773b5c4.zip | |
doc/imuxsock: added new options to doc
| -rw-r--r-- | ChangeLog | 14 | ||||
| -rw-r--r-- | doc/imuxsock.html | 38 | ||||
| -rw-r--r-- | plugins/imuxsock/imuxsock.c | 2 |
3 files changed, 50 insertions, 4 deletions
@@ -1,11 +1,23 @@ --------------------------------------------------------------------------- Version 5.7.1 [V5-DEVEL] (rgerhards), 2010-09-?? - imuxsock now optionally use SCM_CREDENTIALS to pull the pid from the log - socket itself (thanks to Lennart Poettering for the suggestion) + socket itself + (thanks to Lennart Poettering for the suggesting this feature) +- imuxsock now optionally uses per-process input rate limiting, guarding the + user against processes spamming the system log + (thanks to Lennart Poettering for suggesting this feature) - added new config statements * $InputUnixListenSocketUsePIDFromSystem * $SystemLogUsePIDFromSystem + * $SystemLogRateLimitInterval + * $SystemLogRateLimitBurst + * $SystemLogRateLimitSeverity + * $IMUxSockRateLimitInterval + * $IMUxSockRateLimitBurst + * $IMUxSockRateLimitSeverity - imuxsock now supports up to 50 different sockets for input +- some code cleanup in imuxsock (consider this a release a major + modification, especially if problems show up) --------------------------------------------------------------------------- Version 5.7.0 [V5-DEVEL] (rgerhards), 2010-09-16 - added module impstat to emit periodic statistics on rsyslog counters diff --git a/doc/imuxsock.html b/doc/imuxsock.html index 4af2c030..f3ee7be2 100644 --- a/doc/imuxsock.html +++ b/doc/imuxsock.html @@ -25,6 +25,19 @@ the past four years. Alternate behaviour may be desirable if gateway-like processes send messages via the local log slot - in this case, it can be enabled via the $InputUnixListenSocketIgnoreMsgTimestamp and $SystemLogSocketIgnoreMsgTimestamp config directives</p> +<p><b>There is input rate limiting available,</b> (since 5.7.1) to guard you against +the problems of a wild running logging process. +If more than $IMUXSockRateLimitInterval * $IMUXSockRateLimitBurst log messages are emitted +from the same process, those messages with $IMUXSockRateLimitSeverity or lower will be +dropped. It is not possible to recover anything about these messages, but imuxsock will +tell you how many it has dropped one the interval has expired AND the next message +is logged. Rate-limiting depends on SCM_CREDENTIALS. If the platform does not support +this socket option, rate limiting is turned off. If multiple sockets are configured, +rate limiting works independently on each of them (that should be what you usually expect). +The same functionality is available for the system log socket, which +just uses the prefix $SystemLogRateLimit... but otherwise works exactly the same. +When working with severities, please keep in mind that higher severity numbers mean lower +severity and configure things accordingly. <p><b>Unix log sockets can be flow-controlled.</b> That is, if processing queues fill up, the unix socket reader is blocked for a short while. This may be useful to prevent overruning the queues (which may cause exessive disk-io where it actually would not be needed). However, @@ -40,6 +53,15 @@ the implications. Note that for many systems, turning on flow control does not h <br>Ignore timestamps included in the message. Applies to the next socket being added.</li> <li><b>$InputUnixListenSocketFlowControl</b> [on/<b>off</b>] - specifies if flow control should be applied to the next socket.</li> +<li><b>$IMUXSockRateLimitInterval</b> [number] - specifies the rate-limiting +interval in seconds. Default value is 5 seconds. +</li> +<li><b>$IMUXSockRateLimitBurst</b> [number] - specifies the rate-limiting +burst in number of messages. Default is 200. +</li> +<li><b>$IMUXSockRateLimitSeverity</b> [numerical severity] - specifies the severity of +messages that shall be rate-limited. +</li> <li><b>$InputUnixListenSocketUsePIDFromSystem</b> [on/<b>off</b>] - specifies if the pid being logged shall be obtained from the log socket itself. If so, the TAG part of the message is rewritten. It is recommended to turn this option on, but the default is "off" to keep compatible @@ -54,6 +76,15 @@ to the system log socket.</li> be obtained from the log socket itself. If so, the TAG part of the message is rewritten. It is recommended to turn this option on, but the default is "off" to keep compatible with earlier versions of rsyslog. This option was introduced in 5.7.0.</li> +<li><b>$SystemLogRateLimitInterval</b> [number] - specifies the rate-limiting +interval in seconds. Default value is 5 seconds. +</li> +<li><b>$SystemLogRateLimitBurst</b> [number] - specifies the rate-limiting +burst in number of messages. Default is 200. +</li> +<li><b>$SystemLogRateLimitSeverity</b> [numerical severity] - specifies the severity of +messages that shall be rate-limited. +</li> <li><b>$InputUnixListenSocketCreatePath</b> [on/<b>off</b>] - create directories in the socket path if they do not already exist. They are created with 0755 permissions with the owner being the process under which rsyslogd runs. The default is not to create directories. Keep in mind, though, that rsyslogd always @@ -74,8 +105,11 @@ will only affect the next one and then automatically be reset. This functionalit that the local hostname can be overridden in cases where that is desired.</li> </ul> <b>Caveats/Known Bugs:</b><br> -<br> -This documentation is sparse and incomplete. +<ul> +<li>There is a compile-time limit of 50 concurrent sockets. If you need more, you need to +change the array size in imuxsock.c. +<li>This documentation is sparse and incomplete. +</ul> <p><b>Sample:</b></p> <p>The following sample is the minimum setup required to accept syslog messages from applications running on the local system.<br> diff --git a/plugins/imuxsock/imuxsock.c b/plugins/imuxsock/imuxsock.c index d500fc54..b4ee8db0 100644 --- a/plugins/imuxsock/imuxsock.c +++ b/plugins/imuxsock/imuxsock.c @@ -150,7 +150,7 @@ static int bWritePid = 0; /* use credentials from recvmsg() and fixup PID in TA static int bWritePidSysSock = 0; /* use credentials from recvmsg() and fixup PID in TAG */ #define DFLT_bCreatePath 0 static int bCreatePath = DFLT_bCreatePath; /* auto-create socket path? */ -#define DFLT_ratelimitInterval 2 +#define DFLT_ratelimitInterval 5 static int ratelimitInterval = DFLT_ratelimitInterval; /* interval in seconds, 0 = off */ static int ratelimitIntervalSysSock = DFLT_ratelimitInterval; #define DFLT_ratelimitBurst 200 |