Merge branch 'master' into tmp

Conflicts:
	ChangeLog
	configure.ac
	doc/manual.html
	plugins/omudpspoof/omudpspoof.c
	runtime/rsyslog.h

also updated omuxsock and imptcp to new interfaces

10 files changed, 161 insertions, 39 deletions

diff --git a/doc/Makefile.am b/doc/Makefile.am
index 253fe998..d4df740a 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -40,13 +40,13 @@ html_files = \
 	omlibdbi.html \
 	imfile.html \
 	imtcp.html \
+	imptcp.html \
 	imgssapi.html \
 	imrelp.html \
 	imsolaris.html \
 	imuxsock.html \
 	imklog.html \
 	pmlastmsg.html \
-	professional_support.html \
 	queues.html \
 	src/queueWorkerLogic.dia \
 	queueWorkerLogic.jpg \
@@ -109,6 +109,7 @@ html_files = \
 	gssapi.html \
 	licensing.html \
 	ommail.html \
+	omuxsock.html \
 	omrelp.html \
 	syslog_parsing.html \
 	troubleshoot.html \
diff --git a/doc/imptcp.html b/doc/imptcp.html
new file mode 100644
index 00000000..913563a5
--- /dev/null
+++ b/doc/imptcp.html
@@ -0,0 +1,84 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head>
+<meta http-equiv="Content-Language" content="en">
+<title>Plain TCP Syslog Input Module (imptcp)</title></head>
+<body>
+<a href="rsyslog_conf_modules.html">back</a>
+
+<h1>Plain TCP Syslog Input Module</h1>
+<p><b>Module Name:&nbsp;&nbsp;&nbsp; imptcp</b></p>
+<p><b>Available since: </b>4.7.3+, 5.5.8+?
+<p><b>Author: </b>Rainer Gerhards
+&lt;rgerhards@adiscon.com&gt;</p>
+<p><b>Description</b>:</p>
+<p>Provides the ability to receive syslog messages via plain  TCP syslog.
+This is a specialised input plugin tailored for high performance on Linux. It will
+probably not run on any other platform. Also, it does no provide TLS services.
+Encryption can be provided by using <a href="rsyslog_stunnel.html">stunnel</a>.
+<p>This module has no limit on the number of listeners and sessions that can be used.
+<p>Multiple receivers may be configured by
+specifying $InputPTCPServerRun multiple times.
+</p>
+<p><b>Configuration Directives</b>:</p>
+<p>This plugin has config directives similar named as imtcp, but they all have <b>P</b>TCP in
+their name instead of just TCP. Note that only a subset of the parameters are supported.
+<ul>
+<li>$InputPTCPServerAddtlFrameDelimiter &lt;Delimiter&gt;<br>
+<b>CURRENTLY DISABLED</b><br>
+This directive permits to specify an additional frame delimiter for plain tcp syslog.
+The industry-standard specifies using the LF character as frame delimiter. Some vendors,
+notable Juniper in their NetScreen products, use an invalid frame delimiter, in Juniper's
+case the NUL character. This directive permits to specify the ASCII value of the delimiter
+in question. Please note that this does not guarantee that all wrong implementations can
+be cured with this directive. It is not even a sure fix with all versions of NetScreen,
+as I suggest the NUL character is the effect of a (common) coding error and thus will
+probably go away at some time in the future. But for the time being, the value 0 can
+probably be used to make rsyslog handle NetScreen's invalid syslog/tcp framing.
+For additional information, see this
+<a href="http://kb.monitorware.com/problem-with-netscreen-log-t1652.html">forum thread</a>.
+<br><b>If this doesn't work for you, please do not blame the rsyslog team. Instead file
+a bug report with Juniper!</b>
+<br>Note that a similar, but worse, issue exists with Cisco's IOS implementation. They do
+not use any framing at all. This is confirmed from Cisco's side, but there seems to be
+very limited interest in fixing this issue. This directive <b>can not</b> fix the Cisco bug.
+That would require much more code changes, which I was unable to do so far. Full details
+can be found at the <a href="http://www.rsyslog.com/Article321.phtml">Cisco tcp syslog anomaly</a>
+page.
+<li>$InputPTCPServerNotifyOnConnectionClose [on/<b>off</b>]<br>
+<b>CURRENTLY DISABLED</b><br>
+instructs imptcp to emit a message if the remote peer closes a connection.<br>
+<b>Important:</b> This directive is global to all listeners and must be given right
+after loading imptcp, otherwise it may have no effect.</li>
+<li>$InputPTCPServerRun &lt;port&gt;<br>
+Starts a TCP server on selected port</li>
+<li>$InputPTCPServerInputName &lt;name&gt;<br>
+Sets a name for the inputname property. If no name is set "imptcp" is used by default. Setting a 
+name is not strictly necessary, but can be useful to apply filtering based on which input
+the message was received from.
+<li>$InputPTCPServerBindRuleset &lt;name&gt;<br>
+Binds specified ruleset to next server defined.
+<li>$InputPTCPServerListenIP &lt;name&gt;<br>
+On multi-homed machines, specifies to which local address the next listerner should
+be bound.
+</ul>
+<b>Caveats/Known Bugs:</b>
+<ul>
+<li>module always binds to all interfaces</li>
+</ul>
+<p><b>Sample:</b></p>
+<p>This sets up a TCP server on port 514:<br>
+</p>
+<textarea rows="15" cols="60">$ModLoad imptcp #
+needs to be done just once
+$InputPTCPServerRun 514
+</textarea>
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
+[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the
+<a href="http://www.rsyslog.com/">rsyslog</a>
+project.<br>
+Copyright &copy; 2010 by <a href="http://www.gerhards.net/rainer">Rainer
+Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>.
+Released under the GNU GPL version 3 or higher.</font></p>
+</body></html>
diff --git a/doc/imuxsock.html b/doc/imuxsock.html
index 15c365a6..381374d2 100644
--- a/doc/imuxsock.html
+++ b/doc/imuxsock.html
@@ -100,7 +100,7 @@ $InputUnixListenSocketHostName /var/run/sshd/dev/log
 <p><font size="2">This documentation is part of the
 <a href="http://www.rsyslog.com/">rsyslog</a>
 project.<br>
-Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer
+Copyright &copy; 2008-2010 by <a href="http://www.gerhards.net/rainer">Rainer
 Gerhards</a> and
 <a href="http://www.adiscon.com/">Adiscon</a>.
 Released under the GNU GPL version 3 or higher.</font></p>
diff --git a/doc/manual.html b/doc/manual.html
index 62f6103d..bfa94fcc 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -14,7 +14,7 @@ replacement. Its <a href="features.html">
 advanced features</a> make it suitable for enterprise-class, <a href="rsyslog_tls.html">encryption protected syslog</a>
 relay chains while at the same time being very easy to setup for the
 novice user. And as we know what enterprise users really need, there is
-also <a href="professional_support.html">professional
+also <a href="http://www.rsyslog.com/professional-services">professional
 rsyslog support</a> available directly from the source!</p>
 <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a>
 to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the
diff --git a/doc/omudpspoof.html b/doc/omudpspoof.html
index 64f83752..16cb9b13 100644
--- a/doc/omudpspoof.html
+++ b/doc/omudpspoof.html
@@ -17,10 +17,15 @@ source ports.
 <p><b>Configuration Directives</b>:</p>
 <ul>
 <li><b>$ActionOMUDPSpoofSourceNameTemplate</b> &lt;templatename&gt;<br>
-This MUST be specified. It is the name of the template that contains a
+This is the name of the template that contains a
 numerical IP address that is to be used as the source system IP address.
 While it may often be a constant value, it can be generated as usual via the
-property replacer, as long as it is a valid IPv4 address.
+property replacer, as long as it is a valid IPv4 address. If not specified, the
+build-in default template RSYSLOG_omudpspoofDfltSourceTpl is used. This template is defined 
+as follows:<br>
+$template RSYSLOG_omudpspoofDfltSourceTpl,"%fromhost-ip%"<br>
+So in essence, the default template spoofs the address of the system the message
+was received from. This is considered the most important use case.
 <li><b>$ActionOMUDPSpoofTargetHost</b> &lt;hostname&gt;<br>
 Host that the messages shall be sent to.
 <li><b>$ActionUDPSpoofTargetPort</b> &lt;port&gt;<br>
@@ -42,8 +47,18 @@ equal to the start value. Default is 42000.
 know via the rsyslog mailing list.
 </ul>
 <p><b>Sample:</b></p>
+<p>The following sample forwards all syslog messages in standard form to the
+remote server server.example.com. The original sender's address is used. We do not
+care about the source port. This example is considered the typical use case for
+omudpspoof.
+</p>
+<textarea rows="5" cols="80">$ModLoad omudpspoof
+$ActionUDPSpoofTargetHost server.example.com
+*.*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :omudpspoof:
+</textarea>
+
 <p>The following sample forwards all syslog messages in unmodified form to the
-remote server server.example.com. The sender address 192.0.2.1 with the fixed
+remote server server.example.com. The sender address 192.0.2.1 with fixed
 source port 514 is used.
 </p>
 <textarea rows="8" cols="80">$ModLoad omudpspoof
@@ -55,7 +70,7 @@ $ActionUDPSpoofSourcePortStart 514
 $ActionUDPSpoofSourcePortEnd 514
 *.*&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :omudpspoof:;spooftemplate
 </textarea>
-<p>The following sample is similar to the first, but uses as many defaults as possible.
+<p>The following sample is similar to the previous, but uses as many defaults as possible.
 In that sample, a source port in the range 32000..42000 is used. The message is formatted
 according to rsyslog's canned default forwarding format. Note that if any parameters
 have been changed, the previously set defaults will be used!
diff --git a/doc/omuxsock.html b/doc/omuxsock.html
new file mode 100644
index 00000000..5fa569eb
--- /dev/null
+++ b/doc/omuxsock.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><title>Unix sockets output module (omuxsock) - sending syslog messages to local socket</title>
+<a href="features.html">back</a>
+</head>
+<body>
+<h1>Unix sockets Output Module (omuxsock)</h1>
+<p><b>Module Name:&nbsp;&nbsp;&nbsp; omuxsock</b></p>
+<p><b>Available since:&nbsp;&nbsp;&nbsp;</b> 4.7.3, 5.5.7</p>
+<p><b>Author: </b>Rainer Gerhards &lt;rgerhards@adiscon.com&gt;</p>
+<p><b>Description</b>:</p>
+<p>This module supports sending syslog messages to local Unix sockets.
+Thus it provided a fast message-passing interface between different rsyslog
+instances. The counterpart to omuxsock is <a href="imuxsock.html">imuxsock</a>.
+Note that the template used together with omuxsock must be suitable to be
+processed by the receiver.
+<p><b>Configuration Directives</b>:</p>
+<ul>
+<li><b>$OMUxSockSocket</b><br>
+Name of the socket to send data to. This has no default and <b>must</b>
+be set.
+</li>
+<li><b>$OMUxSockDefaultTemplate</b><br>
+This can be used to override the default template to be used together
+with omuxsock. This is primarily useful if there are many forwarding
+actions and each of them should use the same template.</li>
+</ul>
+<b>Caveats/Known Bugs:</b>
+<p>Currently, only datagram sockets are supported.
+<p><b>Sample:</b></p>
+<p>The following sample writes all messages to the "/tmp/socksample" socket.
+</p>
+<textarea rows="4" cols="80">$ModLoad omucsock
+$OMUxSockSocket /tmp/socksample
+*.* :omuxsock:
+</textarea>
+[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a>
+project.<br>
+Copyright &copy; 2010 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>.
+Released under the GNU GPL version 3 or higher.</font></p>
+
+</body></html>
diff --git a/doc/pmlastmsg.html b/doc/pmlastmsg.html
index 397016df..2abeac6a 100644
--- a/doc/pmlastmsg.html
+++ b/doc/pmlastmsg.html
@@ -36,10 +36,10 @@ should be used. Note that when a parser is specified, the default parser chain
 is removed, so we need to specify all three parsers. We use this together with the
 default ruleset.
 </p>
-<textarea rows="15" cols="80">$ModLoad pmlastline # this parser is NOT a built-in module
+<textarea rows="15" cols="80">$ModLoad pmlastmsg # this parser is NOT a built-in module
 
 # note that parser are tried in the
-# order they appear in rsyslog.conf, so put pmlastline first
+# order they appear in rsyslog.conf, so put pmlastmsg first
 $RulesetParser rsyslog.lastline
 # as we have removed the default parser chain, we
 # need to add the default parsers as well.
diff --git a/doc/professional_support.html b/doc/professional_support.html
deleted file mode 100644
index de3ac800..00000000
--- a/doc/professional_support.html
+++ /dev/null
@@ -1,27 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-<meta http-equiv="Content-Language" content="en">
-<title>Professional Support for Rsyslog</title>
-</head>
-
-<body>
-<h1><a href="http://www.rsyslog.com/Article412.phtml">Professional Services for Rsyslog</a></h1>
-<p>Professional services are being offered by <a href="http://www.adiscon.com">Adiscon</a>, the company
-that sponsors rsyslog development. For details, please contact <a href="mailto:info%40adiscon.com">Adiscon Sales</a>.</p>
-
-<p>In an effort to keep the documentation set clean and enable Adiscon to enhance the
-professional offerings, the actual
-<a href="http://www.rsyslog.com/Article412.phtml">rsyslog service offering</a>
-has been moved to a
-<a href="http://www.rsyslog.com/Article412.phtml">separate page</a>.
-Please follow that link for details.
-
-<p>[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
-<p><font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a>
-project.<br>
-Copyright &copy; 2008, 2009 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
-<a href="http://www.adiscon.com/">Adiscon</a>.
-Released under the GNU GPL version 3 or higher.</font></p>
-</body>
-</html>
diff --git a/doc/rsconf1_rulesetparser.html b/doc/rsconf1_rulesetparser.html
index 84350431..ef29c2a8 100644
--- a/doc/rsconf1_rulesetparser.html
+++ b/doc/rsconf1_rulesetparser.html
@@ -9,7 +9,7 @@
 <p><b>Type:</b> ruleset-specific configuration directive</p>
 <p><b>Parameter Values:</b> string</p>
 <p><b>Available since:</b> 5.3.4+</p>
-<p><b>Default:</b> rsyslog.rfc5424;rsyslog.rfc5425</p>
+<p><b>Default:</b> rsyslog.rfc5424 followed by rsyslog.rfc5425</p>
 <p><b>Description:</b></p>
 <p>
 This directive permits to specify which
@@ -37,7 +37,7 @@ messages that are malformed in various ways. The route to take then is
 <li>make sure you find a custom parser for that device; if there is no one, you
 may consider writing one yourself (it is not that hard) or getting one written
 as part of
-<a href="http://www.rsyslog.com/professional-servcies">Adiscon's professional services
+<a href="http://www.rsyslog.com/professional-services">Adiscon's professional services
 for rsyslog</a>.
 <li>load your custom parsers via $ModLoad
 <li>create a ruleset for each malformed format; assign the custom parser to it
@@ -104,6 +104,10 @@ $UDPServerRun 10514
 $InputUDPServerBindRuleset maldev2
 $UDPServerRun 10515
 </textarea>
+
+<p>For an example of how multiple parser can be chained (and an actual use case), please see
+the example section on the <a href="pmlastmsg.html">pmlastmsg</a> parser
+module.
 <p>Note the positions of the directives. With the current config language,
 <b>sequence of statements is very important</b>. This is ugly, but unfortunately
 the way it currently works.
diff --git a/doc/rsyslog_conf_modules.html b/doc/rsyslog_conf_modules.html
index ef83d2ec..2a64461d 100644
--- a/doc/rsyslog_conf_modules.html
+++ b/doc/rsyslog_conf_modules.html
@@ -36,7 +36,8 @@ to message generators.
 <li><a href="imfile.html">imfile</a> -&nbsp; input module for text files</li>
 <li><a href="imrelp.html">imrelp</a> - RELP input module</li>
 <li>imudp - udp syslog message input</li>
-<li><a href="imtcp.html">imtcp</a> - input plugin for plain tcp syslog</li>
+<li><a href="imtcp.html">imtcp</a> - input plugin for tcp syslog</li>
+<li><a href="imptcp.html">imptcp</a> - input plugin for plain tcp syslog (no TLS but faster)</li>
 <li><a href="imgssapi.html">imgssapi</a> - input plugin for plain tcp and GSS-enabled syslog</li>
 <li>immark - support for mark messages</li>
 <li><a href="imklog.html">imklog</a> - kernel logging</li>
@@ -63,6 +64,7 @@ SQLLite, Ingres, Oracle, mSQL)</li>
 permits rsyslog to alert folks by mail if something important happens</li>
 <li><a href="omoracle.html">omoracle</a> - output module for Oracle (native OCI interface)</li>
 <li><a href="omudpspoof.html">omudpspoof</a> - output module sending UDP syslog messages with a spoofed address</li>
+<li><a href="omuxsock.html">omuxsock</a> - output module Unix domain sockets</li>
 </ul>
 
 <a name="pm"></a><h2>Parser Modules</h2>