diff options
-rw-r--r-- | rsyslog.conf.5 | 51 | ||||
-rw-r--r-- | rsyslogd.8 | 15 | ||||
-rw-r--r-- | sample.conf | 23 | ||||
-rw-r--r-- | syslogd.c | 25 |
4 files changed, 82 insertions, 32 deletions
diff --git a/rsyslog.conf.5 b/rsyslog.conf.5 index 0304be03..9a4c7623 100644 --- a/rsyslog.conf.5 +++ b/rsyslog.conf.5 @@ -17,7 +17,7 @@ .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. .\" -.TH RSYSLOG.CONF 5 "2005-03-17" "Version 0.8" "Linux System Administration" +.TH RSYSLOG.CONF 5 "2005-07-20" "Version 0.9" "Linux System Administration" .SH NAME rsyslog.conf \- rsyslogd(8) configuration file .SH DESCRIPTION @@ -380,15 +380,13 @@ host won't forward the message again, it will just log them locally. To forward messages to another host, prepend the hostname with the at sign (``@''). -Using this feature you're able to control all rsyslog messages on one +Using this feature you're able to control all syslog messages on one host, if all other machines will log remotely to that. This tears down administration needs. -Please note that this version of rsyslogd does NOT forward messages -it has received from the network to another host. So it can NOT work -as a relay. If you need this functionality, either ask -rgerhards@adiscon.com or wait until it is configurable in the next -version. +Please note that this version of rsyslogd by default does NOT forward messages +it has received from the network to another host. Specify the -h +option to enable this. .SS List of Users Usually critical messages are also directed to ``root'' on that @@ -650,13 +648,13 @@ is the wall action. # Messages of the priority alert will be directed # to the operator # -*.alert root,joey +*.alert root,rgerhards .fi .LP This rule directs all messages with a priority of .B alert or higher to the terminals of the operator, i.e. of the users ``root'' -and ``joey'' if they're logged in. +and ``rgerhards'' if they're logged in. .IP .nf @@ -665,7 +663,40 @@ and ``joey'' if they're logged in. .LP This rule would redirect all messages to a remote host called finlandia. This is useful especially in a cluster of machines where -all rsyslog messages will be stored on only one machine. +all syslog messages will be stored on only one machine. + +In the format shown above, UDP is used for transmitting the message. The +destination port is set to the default auf 514. Rsyslog is also capable of +using much more secure and reliable TCP sessions for message forwarding. +Also, the destination port can be specified. To select TCP, simply +add one additional @ in front of the host name (that is, @host is UPD, +@@host is TCP). For example: + +.IP +.nf +*.* @@finlandia +.fi +.LP +To specify the destination port on the remote machine, use a colon followed +by the port number after the machine name. The following forwards to port +1514 on finlandia: + +.IP +.nf +*.* @@finlandia:1514 +.fi +.LP +This syntax works both with TCP and UDP based syslog. However, you will +probably primarily need it for TCP, as there is no well-accepted port +for this transport (it is non-standard). For UDP, you can usually stick +with the default auf 514, but might want to modify it for security reasons. +If you would like to do that, it's quite easy: + +.IP +.nf +*.* @finlandia:1514 +.fi +.LP .IP .fi @@ -216,7 +216,8 @@ Wait for childs if some were born, because of wall'ing messages. .B Rsyslogd provides network support to the syslogd facility. Network support means that messages can be forwarded from one node -running rsyslogd to another node running rsyslogd where they will be +running rsyslogd to another node running rsyslogd (or a +compatible syslog implementation) where they will be actually logged to a disk file. To enable this you have to specify either the @@ -226,7 +227,7 @@ or option on the command line. The default behavior is that .B rsyslogd won't listen to the network. You can also combine these two -options if you want rsyslogd to listen to bost TCP and UDP +options if you want rsyslogd to listen to both TCP and UDP messages. The strategy is to have rsyslogd listen on a unix domain socket for @@ -246,13 +247,17 @@ entry: .PP If this entry is missing .B rsyslogd -will use the well known port of 514. +will use the well known port of 514 (so in most cases, it's not +really needed). To cause messages to be forwarded to another host replace the normal file line in the .I rsyslog.conf file with the name of the host to which the messages is to be sent -prepended with an @. +prepended with an @ (for UDP delivery) or the sequence @@ (for +TCP delivery). The host name can also be followed by a colon and +a port number, in which case the message is sent to the specified +port on the remote host. .IP For example, to forward .B ALL @@ -266,6 +271,8 @@ entry: # messages to a remote host forward all. *.* @hostname .fi +More samples can be found in sample.conf. + If the remote hostname cannot be resolved at startup, because the name-server might not be accessible (it may be started after rsyslogd) you don't have to worry. diff --git a/sample.conf b/sample.conf index d24a821d..c6353bec 100644 --- a/sample.conf +++ b/sample.conf @@ -186,6 +186,27 @@ $template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priori # And this one uses the template defined above: *.* >hostname,dbname,userid,password;dbFormat + +# +# Rsyslog supports TCP-based syslog. To enable receiving TCP messages, +# use the -t <port> command line option (where port is the port it +# shall listen to. To forward messages to the remote host, you must +# specify a forwarding action and include the host and port. TCP +# and UDP-based forwarding has basically the same syntax, except that +# TCP delivery is triggered by specifying a second at-sign (@) in the +# message. +# This is UDP forwarding to port 514: +*.* @172.19.2.16 +# This is UDP forwarding to port 1514: +*.* @172.19.2.16:1514 +# This is TCP forwarding to port 1514: +*.* @@172.19.2.16:1514 +# The second @-sign is all you need (except, of course, a tcp-capable +# syslogd like rsyslogd ;)). +# Of course, you can also specify a template with TCP: +*.* @@172.19.2.16:1514;RFC3164Fmt + + # # A final world. rsyslog is considered a part of Adiscon's MonitorWare product line. # As such, you can find current information as well as information on the @@ -196,5 +217,5 @@ $template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priori # as a web-based front-end to a syslog message database. # # I hope this work is useful. -# 2005-03-18 Rainer Gerhards <rgerhards@adiscon.com> +# 2005-07-20 Rainer Gerhards <rgerhards@adiscon.com> # @@ -2199,7 +2199,7 @@ int main(argc, argv) TCPLstnPort = atoi(optarg); break; case 'v': - printf("syslogd %s.%s\n", VERSION, PATCHLEVEL); + printf("rsyslogd %s.%s\n", VERSION, PATCHLEVEL); exit (0); case '?': default: @@ -4558,25 +4558,16 @@ void init() } if ( AcceptRemote ) -#ifdef DEBRELEASE - logmsgInternal(LOG_SYSLOG|LOG_INFO, "rsyslogd " VERSION "." PATCHLEVEL "#" DEBRELEASE \ - ": restart (remote reception)." , LocalHostName, \ + logmsgInternal(LOG_SYSLOG|LOG_INFO, "rsyslogd: [origin software=\"rsyslogd\" " \ + "swVersion=\"" VERSION "." PATCHLEVEL "\"]" \ + " restart (remote reception)." , LocalHostName, \ ADDDATE); -#else - logmsgInternal(LOG_SYSLOG|LOG_INFO, "rsyslogd " VERSION "." PATCHLEVEL \ - ": restart (remote reception)." , LocalHostName, \ - ADDDATE); -#endif else -#ifdef DEBRELEASE - logmsgInternal(LOG_SYSLOG|LOG_INFO, "rsyslogd " VERSION "." PATCHLEVEL "#" DEBRELEASE \ - ": restart." , LocalHostName, ADDDATE); -#else - logmsgInternal(LOG_SYSLOG|LOG_INFO, "rsyslogd " VERSION "." PATCHLEVEL \ - ": restart." , LocalHostName, ADDDATE); -#endif + logmsgInternal(LOG_SYSLOG|LOG_INFO, "rsyslogd: [origin software=\"rsyslogd\" " \ + "swVersion=\"" VERSION "." PATCHLEVEL "\"]" \ + " restart." , LocalHostName, ADDDATE); (void) signal(SIGHUP, sighup_handler); - dprintf("syslogd: restarted.\n"); + dprintf("rsyslogd: restarted.\n"); } /* helper to cfline() and its helpers. Assign the right template |