diff options
Diffstat (limited to 'doc/imuxsock.html')
-rw-r--r-- | doc/imuxsock.html | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/doc/imuxsock.html b/doc/imuxsock.html new file mode 100644 index 00000000..77491992 --- /dev/null +++ b/doc/imuxsock.html @@ -0,0 +1,81 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head> +<meta http-equiv="Content-Language" content="en"> +<title>Unix Socket Input</title> +</head> +<body> +<h1>Unix Socket Input</h1> +<p><b>Module Name: imuxsock</b></p> +<p><b>Author: </b>Rainer Gerhards +<rgerhards@adiscon.com></p> +<p><b>Description</b>:</p> +<p><b>Provides the ability to accept syslog messages via local Unix +sockets. Most importantly, this is the mechanism by which the syslog(3) +call delivers syslog messages to rsyslogd.</b> So you need to have this +module loaded to read the system log socket and be able to process log +messages from applications running on the local system.</p> +<p><b>Application-provided +timestamps are ignored by default.</b> This is needed, as some programs +(e.g. sshd) log with inconsistent timezone information, what +messes up the local logs (which by default don't even contain time zone +information). This seems to be consistent with what sysklogd did for +the past four years. Alternate behaviour may be desirable if +gateway-like processes send messages via the local log slot - in this +case, it can be enabled via the +$InputUnixListenSocketIgnoreMsgTimestamp and $SystemLogSocketIgnoreMsgTimestamp config directives</p> +<p><b>Unix log sockets can be flow-controlled.</b> That is, if processing queues fill up, +the unix socket reader is blocked for a short while. This may be useful to prevent overruning +the queues (which may cause exessive disk-io where it actually would not be needed). However, +flow-controlling a log socket (and especially the system log socket) can lead to a very +unresponsive system. As such, flow control is disabled by default. That means any log records +are places as quickly as possible into the processing queues. If you would like to have +flow control, you need to enable it via the $SystemLogSocketFlowControl and +$InputUnixListenSocketFlowControl config directives. Just make sure you thought about +the implications. Note that for many systems, turning on flow control does not hurt. +<p><b>Configuration Directives</b>:</p> +<ul> +<li><b>$InputUnixListenSocketIgnoreMsgTimestamp</b> [<b>on</b>/off] +<br>Ignore timestamps included in the message. Applies to the next socket being added.</li> +<li><b>$InputUnixListenSocketFlowControl</b> [on/<b>off</b>] - specifies if flow control should be applied +to the next socket.</li> +<li><b>$SystemLogSocketIgnoreMsgTimestamp</b> [<b>on</b>/off]<br> +Ignore timestamps included in the messages, applies to messages received via the system log socket.</li> +<li><b>$OmitLocalLogging</b> (imuxsock) [on/<b>off</b>] -- former -o option</li> +<li><b>$SystemLogSocketName</b> <name-of-socket> -- former -p option</li> +<li><b>$SystemLogFlowControl</b> [on/<b>off</b>] - specifies if flow control should be applied +to the system log socket.</li> +<li><b>$AddUnixListenSocket</b> <name-of-socket> adds additional unix socket, default none -- former -a option</li> +<li><b>$InputUnixListenSocketHostName</b> <hostname> permits to override the hostname that +shall be used inside messages taken from the <b>next</b> $AddUnixListenSocket socket. Note that +the hostname must be specified before the $AddUnixListenSocket configuration directive, and it +will only affect the next one and then automatically be reset. This functionality is provided so +that the local hostname can be overridden in cases where that is desired.</li> +</ul> +<b>Caveats/Known Bugs:</b><br> +<br> +This documentation is sparse and incomplete. +<p><b>Sample:</b></p> +<p>The following sample is the minimum setup required to accept syslog messages from applications running on the local system.<br> +</p> +<textarea rows="2" cols="70">$ModLoad imuxsock # needs to be done just once +$SystemLogSocketFlowControl on # enable flow control (use if needed) +</textarea> +<p>The following sample is a configuration where rsyslogd pulls logs from two +jails, and assigns different hostnames to each of the jails: </p> +<textarea rows="6" cols="60">$ModLoad imuxsock # needs to be done just once + +$InputUnixListenSocketHostName jail1.example.net +$AddUnixListenSocket /jail/1/dev/log +$InputUnixListenSocketHostName jail2.example.net +$AddUnixListenSocket /jail/2/dev/log +</textarea> +<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] +[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> +project.<br> +Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer +Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. +Released under the GNU GPL version 3 or higher.</font></p> +</body></html> |