summaryrefslogtreecommitdiffstats
path: root/rsyslogd.8
diff options
context:
space:
mode:
authorRainer Gerhards <rgerhards@adiscon.com>2007-11-20 16:10:35 +0000
committerRainer Gerhards <rgerhards@adiscon.com>2007-11-20 16:10:35 +0000
commit96b390934051e8b0de71ccf71538e8ae3319f00d (patch)
tree3385741c4ab7eea15642424d9003e98806836158 /rsyslogd.8
parentf3b3f8cfaf6d43188d333119cbdc049231863cdb (diff)
downloadrsyslog-96b390934051e8b0de71ccf71538e8ae3319f00d.tar.gz
rsyslog-96b390934051e8b0de71ccf71538e8ae3319f00d.tar.xz
rsyslog-96b390934051e8b0de71ccf71538e8ae3319f00d.zip
dded user doc for gssapi patch from varmojfekoj - thanks!
Diffstat (limited to 'rsyslogd.8')
-rw-r--r--rsyslogd.831
1 files changed, 22 insertions, 9 deletions
diff --git a/rsyslogd.8 b/rsyslogd.8
index 9dbf62e3..ca6cf2f9 100644
--- a/rsyslogd.8
+++ b/rsyslogd.8
@@ -18,33 +18,36 @@ rsyslogd \- reliable and extended syslogd
.RB [ " \-f "
.I config file
]
+.RB [ " \-g "
+.I port,max-nbr-of-sessions
+]
.RB [ " \-h " ]
+.br
.RB [ " \-i "
.I pid file
]
.RB [ " \-l "
.I hostlist
]
-.br
.RB [ " \-m "
.I interval
]
.RB [ " \-n " ]
.RB [ " \-o " ]
+.br
.RB [ " \-p"
.IB socket
]
-.br
.RB [ " \-r "
.I [port]
]
.RB [ " \-s "
.I domainlist
]
+.br
.RB [ " \-t "
.I port,max-nbr-of-sessions
]
-.br
.RB [ " \-v " ]
.RB [ " \-w " ]
.RB [ " \-x " ]
@@ -153,6 +156,12 @@ Specify an alternative configuration file instead of
.IR /etc/rsyslog.conf ","
which is the default.
.TP
+.BI "\-g "
+Identical to -t except that every tcp connection is authenticated
+using gss-api (kerberos 5). Service name may be set using
+$GssListenServiceName or the default "host" will be used. Encryption
+can be used if specified by the client and supported by both sides.
+.TP
.BI "\-h "
By default rsyslogd will not forward messages it receives from remote hosts.
Specifying this switch on the command line will cause the log daemon to
@@ -283,15 +292,18 @@ running rsyslogd to another node running rsyslogd (or a
compatible syslog implementation) where they will be
actually logged to a disk file.
-To enable this you have to specify either the
+To enable this you have to specify one of
+.B "\-g"
+,
.B "\-r"
or
.B "\-t"
-option on the command line. The default behavior is that
+options on the command line. The default behavior is that
.B rsyslogd
-won't listen to the network. You can also combine these two
+won't listen to the network. You can also combine these
options if you want rsyslogd to listen to both TCP and UDP
-messages.
+messages. Only one of the TCP listener options can be used.
+The last one specified will take effect.
The strategy is to have rsyslogd listen on a unix domain socket for
locally generated log messages. This behavior will allow rsyslogd to
@@ -478,8 +490,9 @@ If remote logging is enabled, messages can easily be spoofed and replayed.
As the messages are transmitted in clear-text, an attacker might use
the information obtained from the packets for malicious things. Also, an
attacker might reply recorded messages or spoof a sender's IP address,
-which could lead to a wrong preception of system activity. Be sure to think
-about syslog network security before enabling it.
+which could lead to a wrong perception of system activity. These can
+be prevented by using GSS-API authentication and encryption. Be sure
+to think about syslog network security before enabling it.
.LP
.SH DEBUGGING
When debugging is turned on using