|author||Rainer Gerhards <email@example.com>||2008-09-02 11:56:34 +0200|
|committer||Rainer Gerhards <firstname.lastname@example.org>||2008-09-02 11:56:34 +0200|
Merge branch 'v3-stable' into beta
Conflicts: ChangeLog configure.ac doc/manual.html
Diffstat (limited to 'tools/rsyslog.conf.5')
1 files changed, 49 insertions, 1 deletions
diff --git a/tools/rsyslog.conf.5 b/tools/rsyslog.conf.5
index eb49853..0a2422c 100644
@@ -91,7 +91,7 @@ $ModLoad imtcp
Input plugin for the RELP protocol. RELP can be used instead
of UDP or plain TCP syslog to provide reliable delivery of
syslog messages. Please note that plain TCP syslog does NOT
@@ -159,6 +159,54 @@ Every rule line consists of two fields, a selector field and an action field. Th
two fields are separated by one or more spaces or tabs. The selector field specifies
a pattern of facilities and priorities belonging to the specified action.
+The selector field itself again consists of two parts, a facility and a
+priority, separated by a period ('.'). Both parts are case insensitive and can
+also be specified as decimal numbers, but don't do that, you have been warned.
+Both facilities and priorities are described in rsyslog(3). The names mentioned
+below correspond to the similar LOG_-values in /usr/include/rsyslog.h.
+The facility is one of the following keywords: auth, authpriv, cron, daemon,
+kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and
+local0 through local7. The keyword security should not be used anymore and mark
+is only for internal use and therefore should not be used in applications.
+Anyway, you may want to specify and redirect these messages here. The facility
+specifies the subsystem that produced the message, i.e. all mail programs log
+with the mail facility (LOG_MAIL) if they log using syslog.
+The priority is one of the following keywords, in ascending order: debug, info,
+notice, warning, warn (same as warning), err, error (same as err), crit, alert,
+emerg, panic (same as emerg). The keywords error, warn and panic are deprecated
+and should not be used anymore. The priority defines the severity of the message.
+The behavior of the original BSD syslogd is that all messages of the specified
+priority and higher are logged according to the given action. Rsyslogd behaves
+the same, but has some extensions.
+In addition to the above mentioned names the rsyslogd(8) understands the
+following extensions: An asterisk ('*') stands for all facilities or all
+priorities, depending on where it is used (before or after the period). The
+keyword none stands for no priority of the given facility.
+You can specify multiple facilities with the same priority pattern in one
+statement using the comma (',') operator. You may specify as much facilities as
+you want. Remember that only the facility part from such a statement is taken, a
+priority part would be skipped.
+Multiple selectors may be specified for a single action using the semicolon
+(';') separator. Remember that each selector in the selector field is capable
+to overwrite the preceding ones. Using this behavior you can exclude some
+priorities from the pattern.
+Rsyslogd has a syntax extension to the original BSD source, that makes its use
+more intuitively. You may precede every priority with an equation sign ('=') to
+specify only this single priority and not any of the above. You may also (both
+is valid, too) precede the priority with an exclamation mark ('!') to ignore
+all that priorities, either exact this one or this and any higher priority. If
+you use both extensions than the exclamation mark must occur before the equation
+sign, just use it intuitively.
The action field of a rule describes what to do with the message. In general, message content
is written to a kind of "logfile". But also other actions might be done, like writing to a