diff options
| author | Rainer Gerhards <rgerhards@adiscon.com> | 2008-04-15 11:03:07 +0200 |
|---|---|---|
| committer | Rainer Gerhards <rgerhards@adiscon.com> | 2008-04-15 11:03:07 +0200 |
| commit | b7fec51ba7b1042313b51dc27102fa0a9cebafb5 (patch) | |
| tree | ebe76258f2aecbe771ea8fe2dab633f8e7e278f9 /doc | |
| parent | bcd2661167998b7a986f31e5f6f3b691ab0a662a (diff) | |
| parent | f4b26f77ab03a1bacf2c49a1982fabe2a58ccb9d (diff) | |
| download | rsyslog-b7fec51ba7b1042313b51dc27102fa0a9cebafb5.tar.gz rsyslog-b7fec51ba7b1042313b51dc27102fa0a9cebafb5.tar.xz rsyslog-b7fec51ba7b1042313b51dc27102fa0a9cebafb5.zip | |
Merge branch 'v3-stable' into beta
Conflicts:
ChangeLog
doc/manual.html
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/gssapi.html | 118 | ||||
| -rw-r--r-- | doc/gssapi.png | bin | 0 -> 35638 bytes | |||
| -rw-r--r-- | doc/licensing.html | 72 | ||||
| -rw-r--r-- | doc/manual.html | 16 |
4 files changed, 199 insertions, 7 deletions
diff --git a/doc/gssapi.html b/doc/gssapi.html new file mode 100644 index 00000000..400be4a3 --- /dev/null +++ b/doc/gssapi.html @@ -0,0 +1,118 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head><title>GSSAPI module support in rsyslog v3</title> + +</head> +<body> +<h1>GSSAPI module support in rsyslog v3</h1> +<p style="font-weight: bold;">What is it good for.</p> +<ul style="margin-left: 1.25cm;"> +<li> +client-serverauthentication </li> +<li> +Log +messages encryption </li> +</ul> +<p class="P5"> </p> +<p class="P3"><span style="font-weight: bold;">Requirements.</span> +</p> +<ul> +<li>Kerberos infrastructure</li> +<li>rsyslog, rsyslog-gssapi</li> +</ul> +<p> </p> +<p><span style="font-weight: bold;">Configuration.</span> +</p> +<p>Let's assume there are 3 machines in kerberos Realm: </p> +<ul> +<li>the +first is running KDC (Kerberos Authentication Service and Key +Distribution Center),</li> +<li>the second is a client sending its logs to the server,</li> +<li>the third is receiver, gathering all logs.</li> +</ul> +<p class="P7"> </p> +<p class="P10"><span style="font-style: italic;">1. +KDC:</span> </p> +<ul> +<li>Kerberos +database must be properly set-up on KDC machine first. Use +kadmin/kadmin.local to do that. Two principals need to be add in our +case:</li> +</ul> +<ol style="margin-left: 1.25cm; list-style-type: decimal;"> +<li> +<p>sender@REALM.ORG +</p> +</li> +</ol> +<ul> +<li>client must have ticket for pricipal sender</li> +<li>REALM.ORG is kerberos Realm</li> +</ul> +<ol style="margin-left: 1.25cm; list-style-type: decimal;"> +<li>host/receiver.mydomain.com@REALM.ORG - service principal</li> +</ol> +<ul> +<li>Use ktadd to export service principal and transfer it to +/etc/krb5.keytab +on receiver </li> +</ul> +<p><span style="font-style: italic;">2. CLIENT:</span> +</p> +<ul> +<li>set-up rsyslog, in /etc/rsyslog.conf</li> +<li>$ModLoad omgssapi.so - load output gss module </li> +<li>$GSSForwardServiceName +otherThanHost - set the name of service principal, "host" is the +default one</li> +<li>*.* :omgssapi:receiver.mydomain.com - action line, forward +logs to receiver</li> +<li>kinit root - get the TGT ticket</li> +<li>service rsyslog start +<p class="P14" style="margin-left: 0.25cm;"> </p> +</li> +</ul> +<p><span style="font-style: italic;">3. SERVER:</span> +</p> +<ul> +<li class="P14" style="margin-left: 0cm;"> +<p class="P14" style="margin-left: 0.25cm;">set-up +rsyslog, in /etc/rsyslog.conf </p> +</li> +<li class="P16"> +<p class="P16" style="margin-left: 0.25cm;">$ModLoad +<a href="imgssapi.html">imgssapi.so</a> - load input gss module </p> +</li> +<li class="P16"> +<p class="P16" style="margin-left: 0.25cm;">$InputGSSServerServiceName +otherThanHost - set the name of service principal, "host" is the +default one </p> +</li> +<li class="P16"> +<p class="P16" style="margin-left: 0.25cm;">$InputGSSServerPermitPlainTCP +on - accept GSS and TCP connections (not authenticated senders), off by +default </p> +</li> +<li class="P16"> +<p class="P16" style="margin-left: 0.25cm;">$InputGSSServerRun +514 - run server on port </p> +</li> +<li class="P14" style="margin-left: 0cm;"> +<p class="P14" style="margin-left: 0.25cm;">service +rsyslog start </p> +</li> +</ul> +<span style="font-weight: bold;">The picture demonstrate +how things work.</span> +<p class="P18"> </p> +<img src="gssapi.png" alt="rsyslog gssapi support"> +<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] +[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> +project.<br> +Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer +Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. +Released under the GNU GPL version 3 or higher.</font></p> +</body></html>
\ No newline at end of file diff --git a/doc/gssapi.png b/doc/gssapi.png Binary files differnew file mode 100644 index 00000000..c82baa52 --- /dev/null +++ b/doc/gssapi.png diff --git a/doc/licensing.html b/doc/licensing.html new file mode 100644 index 00000000..93a50930 --- /dev/null +++ b/doc/licensing.html @@ -0,0 +1,72 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head> +<title>rsyslog licensing</title> + +</head> +<body> +<h1>rsyslog licensing</h1> +<p><b>Most important things first: if you intend to use rsyslog inside a GPLv3 compatible project, you are free to do so.</b> You don't even need to continue reading. +If you intend to use rsyslog inside a non-GPLv3 +compatible project, rsyslog offers you some liberties to do that, too. However, you then need +to study the licensing details in depth. +<p>The project hopes this is a good compromise, which also gives a boost to fellow free +software developers who release under GPLv3. +<p>And now on to the dirty and boring license details, still on a executive summary level. For the +real details, check source files and the files COPYING and COPYING.LESSER inside the distribution. +<p>The rsyslog package contains several components: +<ul> +<li>the rsyslog core programs (like rsyslogd) +<li>plugins (like imklog, omrelp, ...) +<li>the rsyslog runtime library +</ul> +<p>Each of these components can be thought of as individual projects. In fact, some of the +plugins have different main authors than the rest of the rsyslog package. All of these +components are currently put together into a single "rsyslog" package (tarball) for +convinience: this makes it easier to distribute a consistent version where everything +is included (and in the right versions) to build a full system. Platform package +maintainers in general take the overall package and split off the individual components, so that +users can install only what they need. In source installations, this can be done via the +proper ./configure switches. +<p>However, while it is convenient to package all parts in a single tarball, it does not +imply all of them are necessarily covered by the same license. Traditionally, GPL licenses +are used for rsyslog, because the project would like to provide free software. GPLv3 has been +used since around 2008 to help fight for our freedom. All rsyslog core programs are +released under GPLv3. But, from the beginning on, plugins were separate projects and we did not +impose and license restrictions on them. So even though all plugins that currently ship with +the rsyslog package are also placed under GPLv3, this can not taken for granted. You need +to check each plugins license terms if in question - this is especially important for +plugins that do NOT ship as part of the rsyslog tarball. +<p>In order to make rsyslog technology available to a broader range of applications, +the rsyslog runtime is, at least partly, licensed under LGPL. If in doubt, check the source file +licensing comments. As of now, the following files are licensed under LGPL: +<ul> +<li>queue.c/.h +<li>wti.c/.h +<li>wtp.c/.h +<li>vm.c/.h +<li>vmop.c/.h +<li>vmprg.c/.h +<li>vmstk.c/.h +<li>expr.c/.h +<li>sysvar.c/.h +<li>ctok.c/.h +<li>ctok_token.c/.h +<li>regexp.c/.h +<li>sync.c/.h +<li>stream.c/.h +<li>var.c/.h +</ul> +This list will change as time of the runtime modularization. At some point in the future, there will +be a well-designed set of files inside a runtime library branch and all of these will be LGPL. Some +select extras will probably still be covered by GPL. We are following a similar licensing +model in GnuTLS, which makes effort to reserve some functionality exclusively to open source +projects. +<p>[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> +project.<br> +Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer +Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. Last Update: 2008-04-15. +Released under the GNU GPL version 3 or higher.</font></p> +</body></html> diff --git a/doc/manual.html b/doc/manual.html index 2e0c22ac..9c906497 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -1,6 +1,5 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>rsyslog documentation</title> -</head> +<html><head><title>rsyslog documentation</title></head> <body> <h1>RSyslog - Documentation</h1> <p><b><a href="http://www.rsyslog.com/">Rsyslog</a> @@ -20,7 +19,7 @@ rsyslog support</a> available directly from the source!</p> <p><b>This documentation is for version 3.15.1 (beta branch) of rsyslog.</b> Visit the <i> <a href="http://www.rsyslog.com/doc-status.html">rsyslog status page</a></i></b> to obtain current version information and project status. -<p><b>If you like rsyslog, you might +</p><p><b>If you like rsyslog, you might want to lend us a helping hand. </b>It doesn't require a lot of time - even a single mouse click helps. Learn <a href="how2help.html">how to help the rsyslog project</a>. Due to popular demand, there is now a <a href="rsyslog_ng_comparison.html">side-by-side comparison @@ -64,10 +63,9 @@ php-syslog-ng with rsyslog</a></li> <li><a href="rsyslog_recording_pri.html">recording the syslog priority (severity and facility) to the log file</a></li> <li><a href="http://www.rsyslog.com/Article19.phtml">preserving -syslog sender over NAT</a> (online only)</li> +syslog sender over NAT</a> (online only)</li><li><a href="gssapi.html">an overview and howto of rsyslog gssapi support</a></li> <li><a href="debug.html">debug support in rsyslog</a></li> -<li><a href="dev_queue.html">the rsyslog message -queue object</a></li> +<li><a href="dev_queue.html">the rsyslog message queue object</a></li> </ul> <p>Our <a href="history.html">rsyslog history</a> page is for you if you would like to learn a little more @@ -99,5 +97,9 @@ mailing list</a>. If you are interested in the "backstage", you may find <a href="http://www.gerhards.net/rainer">Rainer</a>'s <a href="http://rgerhards.blogspot.com/">blog</a> an -interesting read (filter on syslog and rsyslog tags).</p> +interesting read (filter on syslog and rsyslog tags). +If you would like to use rsyslog source code inside your open source project, you can do that without +any restriction as long as your license is GPLv3 compatible. If your license is incompatible to GPLv3, +you may even be still permitted to use rsyslog source code. However, then you need to look at the way +<a href="licensing.html">rsyslog is licensed</a>.</p> </body></html> |
