diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2011-04-12 10:47:09 +0200 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2011-04-12 10:47:09 +0200 |
commit | 3dbbb21e71b53572d0e5eae106906c161309a3fe (patch) | |
tree | 54b96b77725635ad64880ea5cba4187b50c8a3e6 /doc | |
parent | d5def0d553961eac571e8ca5b6fab5733c851b9f (diff) | |
parent | 9348c80744b29fb5f91b5d8edd3f9070f0d0347b (diff) | |
download | rsyslog-3dbbb21e71b53572d0e5eae106906c161309a3fe.tar.gz rsyslog-3dbbb21e71b53572d0e5eae106906c161309a3fe.tar.xz rsyslog-3dbbb21e71b53572d0e5eae106906c161309a3fe.zip |
Merge branch 'v5-beta' into v5-stable
plus bump to new v5-stable
Conflicts:
ChangeLog
configure.ac
doc/manual.html
Diffstat (limited to 'doc')
-rw-r--r-- | doc/Makefile.am | 1 | ||||
-rw-r--r-- | doc/imfile.html | 8 | ||||
-rw-r--r-- | doc/impstats.html | 62 | ||||
-rw-r--r-- | doc/imuxsock.html | 54 | ||||
-rw-r--r-- | doc/manual.html | 7 | ||||
-rw-r--r-- | doc/omhdfs.html | 69 | ||||
-rw-r--r-- | doc/ommysql.html | 12 | ||||
-rw-r--r-- | doc/property_replacer.html | 6 | ||||
-rw-r--r-- | doc/rsyslog_conf.html | 11 | ||||
-rw-r--r-- | doc/rsyslog_conf_global.html | 8 | ||||
-rw-r--r-- | doc/rsyslog_conf_modules.html | 2 | ||||
-rw-r--r-- | doc/rsyslog_tls.html | 18 |
12 files changed, 232 insertions, 26 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am index d4df740a..a5393cbe 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -41,6 +41,7 @@ html_files = \ imfile.html \ imtcp.html \ imptcp.html \ + impstats.html \ imgssapi.html \ imrelp.html \ imsolaris.html \ diff --git a/doc/imfile.html b/doc/imfile.html index f6b140a7..60726ceb 100644 --- a/doc/imfile.html +++ b/doc/imfile.html @@ -96,6 +96,14 @@ been processed. This setting can be used to guard against message duplication du to fatal errors (like power fail). Note that this setting affects imfile performance, especially when set to a low value. Frequently writing the state file is very time consuming. +<li><b>$InputFileReadMode</b> [mode]</b><br> +Available in 5.7.5+ +<br> +Mode to be used when reading lines. 0 (the default) means that each line is forwarded +as its own log message. +<li>$InputFileBindRuleset <ruleset><br> +Available in 5.7.5+, 6.1.5+ +Binds the listener to a specific <a href="multi_ruleset.html">ruleset</a>.</li> </ul> <b>Caveats/Known Bugs:</b> <p>So far, only 100 files can be monitored. If more are needed, diff --git a/doc/impstats.html b/doc/impstats.html new file mode 100644 index 00000000..3b4191e8 --- /dev/null +++ b/doc/impstats.html @@ -0,0 +1,62 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head> +<title>Periodic Statistics of Internal Counters (impstats)</title> +</head> +<body> +<a href="rsyslog_conf_modules.html">back</a> + +<h1>Input Module to Generate Periodic Statistics of Internal Counters</h1> +<p><b>Module Name: impstats</b></p> +<p><b>Available since: </b>5.7.0+, 6.1.1+ +<p><b>Author: </b>Rainer Gerhards <rgerhards@adiscon.com></p> +<p><b>Description</b>:</p> +<p>This module provides periodic output of rsyslog internal counters. +Note that the whole statistics system is currently under development. So +availabilty and format of counters may change and is not yet stable (so be +prepared to change your trending scripts when you upgrade to a newer rsyslog version). +<p>The set of available counters will be output as a set of syslog messages. This +output is periodic, with the interval being configurable (default is 5 minutes). +Be sure that your configuration records the counter messages (default is syslog.info). +<p>Note that loading this module has impact on rsyslog performance. Depending on +settings, this impact may be severe (for high-load environments). +</p> +<p><b>Configuration Directives</b>:</p> +<ul> +<li>$PStatsInterval <Seconds><br> +Sets the interval, in <b>seconds</b> at which messages are generated. Please note that the +actual interval may be a bit longer. We do not try to be precise and so the interval is +actually a sleep period which is entered after generating all messages. So the actual +interval is what is configured here plus the actual time required to generate messages. +In general, the difference should not really matter. +<li>$PStatsFacility <numerical facility><br> +The numerical syslog facility code to be used for generated messages. Default +is 5 (syslog).This is useful for filtering messages.</li> +<li>$PStatsSeverity <numerical severity><br> +The numerical syslog severity code to be used for generated messages. Default +is 6 (info).This is useful for filtering messages.</li> +</ul> +<b>Caveats/Known Bugs:</b> +<ul> +<li>This module MUST be loaded right at the top of rsyslog.conf, otherwise +stats may not get turned on in all places.</li> +<li>experimental code</li> +</ul> +<p><b>Sample:</b></p> +<p>This activates the module and records messages to /var/log/rsyslog-stats in 10 minute intervals:<br> +</p> +<textarea rows="8" cols="60">$ModLoad impstats +$PStatsInterval 600 +$PStatsSeverity 7 + +syslog.debug /var/log/rsyslog-stats +</textarea> +<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] +[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> +project.<br> +Copyright © 2010 by <a href="http://www.gerhards.net/rainer">Rainer +Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. +Released under the GNU GPL version 3 or higher.</font></p> +</body></html> diff --git a/doc/imuxsock.html b/doc/imuxsock.html index 381374d2..ee5db22d 100644 --- a/doc/imuxsock.html +++ b/doc/imuxsock.html @@ -25,6 +25,21 @@ the past four years. Alternate behaviour may be desirable if gateway-like processes send messages via the local log slot - in this case, it can be enabled via the $InputUnixListenSocketIgnoreMsgTimestamp and $SystemLogSocketIgnoreMsgTimestamp config directives</p> +<p><b>There is input rate limiting available,</b> (since 5.7.1) to guard you against +the problems of a wild running logging process. +If more than $SystemLogRateLimitInterval * $SystemLogRateLimitBurst log messages are emitted +from the same process, those messages with $SystemLogRateLimitSeverity or lower will be +dropped. It is not possible to recover anything about these messages, but imuxsock will +tell you how many it has dropped one the interval has expired AND the next message +is logged. Rate-limiting depends on SCM_CREDENTIALS. If the platform does not support +this socket option, rate limiting is turned off. If multiple sockets are configured, +rate limiting works independently on each of them (that should be what you usually expect). +The same functionality is available for additional log sockets, in which case the +config statements just use +the prefix $IMUXSockRateLimit... but otherwise works exactly the same. +When working with severities, please keep in mind that higher severity numbers mean lower +severity and configure things accordingly. +To turn off rate limiting, set the interval to zero. <p><b>Unix log sockets can be flow-controlled.</b> That is, if processing queues fill up, the unix socket reader is blocked for a short while. This may be useful to prevent overruning the queues (which may cause exessive disk-io where it actually would not be needed). However, @@ -40,12 +55,38 @@ the implications. Note that for many systems, turning on flow control does not h <br>Ignore timestamps included in the message. Applies to the next socket being added.</li> <li><b>$InputUnixListenSocketFlowControl</b> [on/<b>off</b>] - specifies if flow control should be applied to the next socket.</li> +<li><b>$IMUXSockRateLimitInterval</b> [number] - specifies the rate-limiting +interval in seconds. Default value is 5 seconds. Set it to 0 to turn rate limiting off. +</li> +<li><b>$IMUXSockRateLimitBurst</b> [number] - specifies the rate-limiting +burst in number of messages. Default is 200. +</li> +<li><b>$IMUXSockRateLimitSeverity</b> [numerical severity] - specifies the severity of +messages that shall be rate-limited. +</li> +<li><b>$InputUnixListenSocketUsePIDFromSystem</b> [on/<b>off</b>] - specifies if the pid being logged shall +be obtained from the log socket itself. If so, the TAG part of the message is rewritten. +It is recommended to turn this option on, but the default is "off" to keep compatible +with earlier versions of rsyslog. This option was introduced in 5.7.0.</li> <li><b>$SystemLogSocketIgnoreMsgTimestamp</b> [<b>on</b>/off]<br> Ignore timestamps included in the messages, applies to messages received via the system log socket.</li> <li><b>$OmitLocalLogging</b> (imuxsock) [on/<b>off</b>] -- former -o option</li> <li><b>$SystemLogSocketName</b> <name-of-socket> -- former -p option</li> <li><b>$SystemLogFlowControl</b> [on/<b>off</b>] - specifies if flow control should be applied to the system log socket.</li> +<li><b>$SystemLogUsePIDFromSystem</b> [on/<b>off</b>] - specifies if the pid being logged shall +be obtained from the log socket itself. If so, the TAG part of the message is rewritten. +It is recommended to turn this option on, but the default is "off" to keep compatible +with earlier versions of rsyslog. This option was introduced in 5.7.0.</li> +<li><b>$SystemLogRateLimitInterval</b> [number] - specifies the rate-limiting +interval in seconds. Default value is 5 seconds. Set it to 0 to turn rate limiting off. +</li> +<li><b>$SystemLogRateLimitBurst</b> [number] - specifies the rate-limiting +burst in number of messages. Default is 200. +</li> +<li><b>$SystemLogRateLimitSeverity</b> [numerical severity] - specifies the severity of +messages that shall be rate-limited. +</li> <li><b>$InputUnixListenSocketCreatePath</b> [on/<b>off</b>] - create directories in the socket path if they do not already exist. They are created with 0755 permissions with the owner being the process under which rsyslogd runs. The default is not to create directories. Keep in mind, though, that rsyslogd always @@ -66,8 +107,11 @@ will only affect the next one and then automatically be reset. This functionalit that the local hostname can be overridden in cases where that is desired.</li> </ul> <b>Caveats/Known Bugs:</b><br> -<br> -This documentation is sparse and incomplete. +<ul> +<li>There is a compile-time limit of 50 concurrent sockets. If you need more, you need to +change the array size in imuxsock.c. +<li>This documentation is sparse and incomplete. +</ul> <p><b>Sample:</b></p> <p>The following sample is the minimum setup required to accept syslog messages from applications running on the local system.<br> @@ -95,6 +139,12 @@ the $InputUnixListenSocketCreatePath and the $InputUnixListenSocketHostName.</p> $InputUnixListenSocketCreatePath on # turn on for *next* socket $InputUnixListenSocketHostName /var/run/sshd/dev/log </textarea> +<p>The following sample is used to turn off input rate limiting on the system log +socket. +<textarea rows="6" cols="70">$ModLoad imuxsock # needs to be done just once + +$SystemLogRateLimitInterval 0 # turn off rate limiting +</textarea> <p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> <p><font size="2">This documentation is part of the diff --git a/doc/manual.html b/doc/manual.html index e25278bc..e1f0ebf9 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -19,7 +19,7 @@ rsyslog support</a> available directly from the source!</p> <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a> to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the project goals.</p> -<p><b>This documentation is for version 5.6.5 (stable branch) of rsyslog.</b> +<p><b>This documentation is for version 5.8.0 (stable branch) of rsyslog.</b> Visit the <i><a href="http://www.rsyslog.com/status">rsyslog status page</a></i></b> to obtain current version information and project status. </p><p><b>If you like rsyslog, you might @@ -41,7 +41,6 @@ if you do not read the doc, but doing so will definitely improve your experience <li><a href="rsyslog_conf.html">configuration file syntax (rsyslog.conf)</a></li> <li><a href="http://www.rsyslog.com/tool-regex">a regular expression checker/generator tool for rsyslog</a></li> <li> <a href="property_replacer.html">property replacer, an important core component</a></li> -<li>a commented <a href="sample.conf.html">sample rsyslog.conf</a> </li> <li><a href="bugs.html">rsyslog bug list</a></li> <li><a href="messageparser.html">understanding rsyslog message parsers</a></li> <li><a href="generic_design.html">backgrounder on generic syslog application design</a></li> @@ -111,5 +110,7 @@ any restriction as long as your license is GPLv3 compatible. If your license is you may even be still permitted to use rsyslog source code. However, then you need to look at the way <a href="licensing.html">rsyslog is licensed</a>.</p> <p>Feedback is always welcome, but if you have a support question, please do not -mail Rainer directly (<a href="free_support.html">why not?</a>). +mail Rainer directly (<a href="free_support.html">why not?</a>) - use the +<a href="http://lists.adiscon.net/mailman/listinfo/rsyslog">rsyslogmailing list</a> +or <a href="http://kb.monitorware.com/rsyslog-f40.html">rsyslog formum</a> instead. </body></html> diff --git a/doc/omhdfs.html b/doc/omhdfs.html new file mode 100644 index 00000000..ef7e60c5 --- /dev/null +++ b/doc/omhdfs.html @@ -0,0 +1,69 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head><title>rsyslog output module for HDFS (omhdfs)</title> +<a href="features.html">back</a> +</head> +<body> +<h1>Unix sockets Output Module (omhdfs)</h1> +<p><b>Module Name: omhdfs</b></p> +<p><b>Available since: </b> 5.7.1</p> +<p><b>Author: </b>Rainer Gerhards <rgerhards@adiscon.com></p> +<p><b>Description</b>:</p> +<p>This module supports writing message into files on Hadoop's HDFS +file system. +<p><b>Configuration Directives</b>:</p> +<ul> +<li><b>$OMHDFSFileName</b> [name]<br> +The name of the file to which the output data shall be written. +</li> +<li><b>$OMHDFSHost</b> [name]<br> +Name or IP address of the HDFS host to connect to. +</li> +<li><b>$OMHDFSPort</b> [name]<br> +Port on which to connect to the HDFS host. +</li> +<li><b>$OMHDFSDefaultTemplate</b> [name]<br> +Default template to be used when none is specified. This saves the work of +specifying the same template ever and ever again. Of course, the default +template can be overwritten via the usual method. +</li> +</ul> +<b>Caveats/Known Bugs:</b> +<p>Building omhdfs is a challenge because we could not yet find out how +to integrate Java properly into the autotools build process. The issue is +that HDFS is written in Java and libhdfs uses JNI to talk to it. That requires +that various system-specific environment options and pathes be set correctly. At +this point, we leave this to the user. If someone know how to do it better, +please drop us a line! +<ul> +<li>In order to build, you need to set these environment variables BEFORE running +./configure: +<ul> +<li>JAVA_INCLUDES - must have all include pathes that are needed to build +JNI C programms, including the -I options necessary for gcc. An example is<br> +# export JAVA_INCLUDES="-I/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/include -I/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/include/linux" +<li>JAVA_LIBS - must have all library pathes that are needed to build +JNI C programms, including the -l/-L options necessary for gcc. An example is<br> +# export export JAVA_LIBS="-L/usr/java/jdk1.6.0_21/jre/lib/amd64 -L/usr/java/jdk1.6.0_21/jre/lib/amd64/server -ljava -ljvm -lverify" +</ul> + +<li>As of HDFS architecture, you must make sure that all relevant environment +variables (the usual Java stuff and HADOOP's home directory) are properly set. +<li>As it looks, libhdfs makes Java throw exceptions to stdout. There is no +known work-around for this (and it usually should not case any troubles. +</ul> +<p><b>Sample:</b></p> +<p> +</p> +<textarea rows="4" cols="80">$ModLoad omhdfs + +$OMHDFSFileName /var/log/logfile +*.* :omhdfs: +</textarea> +[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a> +project.<br> +Copyright © 2010 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. +Released under the GNU GPL version 3 or higher.</font></p> + +</body></html> diff --git a/doc/ommysql.html b/doc/ommysql.html index 9b35b402..daef9cab 100644 --- a/doc/ommysql.html +++ b/doc/ommysql.html @@ -24,6 +24,18 @@ directive configuration system. a non-standard port for the MySQL server. The default is 0, which means the system default port is used. There is no need to specify this directive unless you know the server is running on a non-standard listen port. +<li><b>$OmMySQLConfigFile <file name></b><br>Permits the selection +of an optional MySQL Client Library configuration file (my.cnf) for extended +configuration functionality. The use of this configuration directive is necessary +only if you have a non-standard environment or if fine-grained control over the +database connection is desired.</li> +<li><b>$OmMySQLConfigSection <string></b><br>Permits the selection of the +section within the configuration file specified by the <b>$OmMySQLConfigFile</b> directive. +<br>This will likely only be used where the database administrator provides a single +configuration file with multiple profiles. +<br>This configuration directive is ignored unless <b>$OmMySQLConfigFile</b> is also used +in the rsyslog configration file. +<br>If omitted, the MySQL Client Library default of "client" will be used.</li> <li>Action parameters: <br><b>:ommysql:database-server,database-name,database-userid,database-password</b> <br>All parameters should be filled in for a successful connect. diff --git a/doc/property_replacer.html b/doc/property_replacer.html index 4d242a34..cd357f67 100644 --- a/doc/property_replacer.html +++ b/doc/property_replacer.html @@ -156,6 +156,12 @@ than messages generated somewhere. </td> </tr> <tr> +<td><b>$bom</b></td> +<td>The UTF-8 encoded Unicode byte-order mask (BOM). This may be useful +in templates for RFC5424 support, when the character set is know to be +Unicode.</td> +</tr> +<tr> <td><b>$now</b></td> <td>The current date stamp in the format YYYY-MM-DD</td> </tr> diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html index 6990c6bd..703e7a6e 100644 --- a/doc/rsyslog_conf.html +++ b/doc/rsyslog_conf.html @@ -2,13 +2,16 @@ <html><head><title>rsyslog.conf file</title></head> <body> <h1>rsyslog.conf configuration file</h1> -<p><b>This document is currently being enhanced. Please -pardon its current appearance.</b></p> <p><b>Rsyslogd is configured via the rsyslog.conf file</b>, typically found in /etc. By default, rsyslogd reads the file /etc/rsyslog.conf. This may be changed by a command line option.</p> <p><a href="http://wiki.rsyslog.com/index.php/Configuration_Samples"> -Configuration file examples can be found in the rsyslog wiki</a>.</p> +Configuration file examples can be found in the rsyslog wiki</a>. Also +keep the +<a href="http://www.rsyslog.com/config-snippets/">rsyslog config snippets</a> +on your mind. These are ready-to-use +real building blocks for rsyslog configuration. +</p> <p>There is also one sample file provided together with the documentation set. If you do not like to read, be sure to have at least a quick look at @@ -74,7 +77,7 @@ such features is available in rsyslogd, only.</p> [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> <p><font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a> project.<br> -Copyright © 2008,2009 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and +Copyright © 2008-2011 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and <a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL version 3 or higher.</font></p> </body> diff --git a/doc/rsyslog_conf_global.html b/doc/rsyslog_conf_global.html index b71fc761..a5d69f1d 100644 --- a/doc/rsyslog_conf_global.html +++ b/doc/rsyslog_conf_global.html @@ -93,7 +93,7 @@ default 60000 (1 minute)]</li> <li>$ActionQueueWorkerThreadMinumumMessages <number>, default 100</li> <li><a href="rsconf1_actionresumeinterval.html">$ActionResumeInterval</a></li> <li>$ActionResumeRetryCount <number> [default 0, -1 means eternal]</li> -<li>$ActionSendResendLastMsgOnReconn <[on/<b>off</b>]> specifies if the last message is to be resend when a connecition broken and has been reconnedcted. May increase reliability, but comes at the risk of message duplication. +<li>$ActionSendResendLastMsgOnReconnect <[on/<b>off</b>]> specifies if the last message is to be resend when a connecition breaks and has been reconnected. May increase reliability, but comes at the risk of message duplication. <li>$ActionSendStreamDriver <driver basename> just like $DefaultNetstreamDriver, but for the specific action</li> <li>$ActionSendStreamDriverMode <mode>, default 0, mode to use with the stream driver (driver-specific)</li> <li>$ActionSendStreamDriverAuthMode <mode>, authentication mode to use with the stream driver. Note that this directive requires TLS @@ -162,6 +162,12 @@ Usually that should not be a big issue, as the restart-type HUP can easily be re something along the lines of "/etc/init.d/rsyslog restart". </li> <li><a href="rsconf1_includeconfig.html">$IncludeConfig</a></li><li>MainMsgQueueCheckpointInterval <number></li> +<li><b>$LocalHostName</b> [name] - this directive permits to overwrite the system +hostname with the one specified in the directive. If the directive is given +multiple times, all but the last one will be ignored. Please note that startup +error messages may be issued with the real hostname. This is by design and not +a bug (but one may argue if the design should be changed ;)). Available since +4.7.4+, 5.7.3+, 6.1.3+. <li><b>$LogRSyslogStatusMessages</b> [<b>on</b>/off] - If set to on (the default), rsyslog emits message on startup and shutdown as well as when it is HUPed. This information might be needed by some log analyzers. If set to off, no such diff --git a/doc/rsyslog_conf_modules.html b/doc/rsyslog_conf_modules.html index 2a64461d..74aa319c 100644 --- a/doc/rsyslog_conf_modules.html +++ b/doc/rsyslog_conf_modules.html @@ -44,6 +44,7 @@ to message generators. <li><a href="imuxsock.html">imuxsock</a> - unix sockets, including the system log socket</li> <li><a href="imsolaris.html">imsolaris</a> - input for the Sun Solaris system log source</li> <li><a href="im3195.html">im3195</a> - accepts syslog messages via RFC 3195</li> +<li><a href="impstats.html">impstats</a> - provides periodic statistics of rsyslog internal counters</li> </ul> <a name"om"></a><h2>Output Modules</h2> @@ -65,6 +66,7 @@ permits rsyslog to alert folks by mail if something important happens</li> <li><a href="omoracle.html">omoracle</a> - output module for Oracle (native OCI interface)</li> <li><a href="omudpspoof.html">omudpspoof</a> - output module sending UDP syslog messages with a spoofed address</li> <li><a href="omuxsock.html">omuxsock</a> - output module Unix domain sockets</li> +<li><a href="omhdfs.html">omhdfs</a> - output module for Hadoop's HDFS file system</li> </ul> <a name="pm"></a><h2>Parser Modules</h2> diff --git a/doc/rsyslog_tls.html b/doc/rsyslog_tls.html index bb312c77..286660d2 100644 --- a/doc/rsyslog_tls.html +++ b/doc/rsyslog_tls.html @@ -162,25 +162,11 @@ similar "smart" command on the client. It should show up in the respective server log file. If you dig out your sniffer, you should see that the traffic on the wire is actually protected.</p> <h3>Limitations</h3> -<p>The current implementation has a number of limitations. These -are -being worked on. Most importantly, neither the client nor the server -are authenticated. So while the message transfer is encrypted, you can -not be sure which peer you are talking to. Please note that this is a -limitation found in most real-world SSL syslog systems. Of course, that -is not an excuse for not yet providing this feature - but it tells you -that it is acceptable and can be worked around by proper firewalling, -ACLs and other organizational measures. Mutual authentication will be -added shortly to rsyslog.</p> -<p>Secondly, the plain tcp syslog listener -can currently listen to a single port, in a single mode. So if you use -a TLS-based listener, you can not run unencrypted syslog on the same -instance at the same time. A work-around is to run a second rsyslogd -instance. This limitation, too, is scheduled to be removed soon.</p> <p>The RELP transport can currently not be protected by TLS. A work-around is to use stunnel. TLS support for RELP will be added once plain TCP -syslog has sufficiently matured.</p> +syslog has sufficiently matured and there either is some time left to do this +or we find a sponsor ;).</p> <h2>Certificates</h2> <p>In order to be really secure, certificates are needed. This is a short summary on how to generate the necessary certificates with |