diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/features.html | 6 | ||||
-rw-r--r-- | doc/property_replacer.html | 46 | ||||
-rw-r--r-- | doc/queues.html | 12 | ||||
-rw-r--r-- | doc/rsyslog_ng_comparison.html | 18 | ||||
-rw-r--r-- | doc/status.html | 2 |
5 files changed, 49 insertions, 35 deletions
diff --git a/doc/features.html b/doc/features.html index 9573030e..f74f2aaf 100644 --- a/doc/features.html +++ b/doc/features.html @@ -1,7 +1,5 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>rsyslog features</title> - -</head> +<html><head><title>rsyslog features</title></head> <body> <h1>RSyslog - Features</h1> <p><b>This page lists both current features as well as @@ -31,7 +29,7 @@ reliability</li> <li>support for sending and receiving compressed syslog messages</li> <li>support for on-demand on-disk spooling of messages that can not be processed fast enough (a great feature for <a href="rsyslog_high_database_rate.html">writing massive -amounts of syslog messages to a database</a>)</li> +amounts of syslog messages to a database</a>)</li><li>support for selectively <a href="http://wiki.rsyslog.com/index.php/OffPeakHours">processing messages only during specific timeframes</a> and spooling them to disk otherwise</li> <li>ability to monitor text files and convert their contents into syslog messages (one per line)</li> <li>ability to configure backup syslog/database servers - if diff --git a/doc/property_replacer.html b/doc/property_replacer.html index 3484acf2..a2efaede 100644 --- a/doc/property_replacer.html +++ b/doc/property_replacer.html @@ -1,7 +1,5 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>The Rsyslogd Property Replacer</title> - -</head> +<html><head><title>The Rsyslogd Property Replacer</title></head> <body> <h1>The Property Replacer</h1> <p><b>The property replacer is a core component in @@ -17,7 +15,7 @@ modified by the property replacer. The full syntax is as follows:</p> <blockquote><b><code>%propname:fromChar:toChar:options%</code></b></blockquote> <h2>Available Properties</h2> <p><b><code>propname</code></b> is the -name of the property to access. It is case-sensitive. +name of the property to access. It is case-insensitive (prior to 3.17.0, they were case-senstive). Currently supported are:</p> <table> <tbody> @@ -31,11 +29,11 @@ Currently supported are:</p> socket. Should be useful for debugging.</td> </tr> <tr> -<td><b>UxTradMsg</b></td> +<td><b>uxtradmsg</b></td> <td>will disappear soon - do NOT use!</td> </tr> <tr> -<td><b>HOSTNAME</b></td> +<td><b>hostname</b></td> <td>hostname from the message</td> </tr> <tr> @@ -43,7 +41,7 @@ socket. Should be useful for debugging.</td> <td>alias for HOSTNAME</td> </tr> <tr> -<td><b>FROMHOST</b></td> +<td><b>fromhost</b></td> <td>hostname of the system the message was received from (in a relay chain, this is the system immediately in front of us and not necessarily the original sender)</td> @@ -59,16 +57,16 @@ BSD syslogd. For example, when TAG is "named[12345]", programname is "named".</td> </tr> <tr> -<td><b>PRI</b></td> +<td><b>pri</b></td> <td>PRI part of the message - undecoded (single value)</td> </tr> <tr> -<td><b>PRI-text</b></td> +<td><b>pri-text</b></td> <td>the PRI part of the message in a textual form (e.g. "syslog.info")</td> </tr> <tr> -<td><b>IUT</b></td> +<td><span style="font-weight: bold;">iut</span></td> <td>the monitorware InfoUnitType - used when talking to a <a href="http://www.monitorware.com">MonitorWare</a> backend (also for <a href="http://www.phplogcon.org/">phpLogCon</a>)</td> @@ -110,67 +108,67 @@ what was provided in the message (in most cases, only seconds)</td> </tr> <tr> -<td><b>TIMESTAMP</b></td> +<td><b>timestamp</b></td> <td>alias for timereported</td> </tr> <tr> -<td><b>PROTOCOL-VERSION</b></td> +<td><b>protocol-version</b></td> <td>The contents of the PROTCOL-VERSION field from IETF draft draft-ietf-syslog-protcol</td> </tr> <tr> -<td><b>STRUCTURED-DATA</b></td> +<td><b>structured-data</b></td> <td>The contents of the STRUCTURED-DATA field from IETF draft draft-ietf-syslog-protocol</td> </tr> <tr> -<td><b>APP-NAME</b></td> +<td><b>app-name</b></td> <td>The contents of the APP-NAME field from IETF draft draft-ietf-syslog-protocol</td> </tr> <tr> -<td><b>PROCID</b></td> +<td><b>procid</b></td> <td>The contents of the PROCID field from IETF draft draft-ietf-syslog-protocol</td> </tr> <tr> -<td height="24"><b>MSGID</b></td> +<td height="24"><b>msgid</b></td> <td height="24">The contents of the MSGID field from IETF draft draft-ietf-syslog-protocol</td> </tr> <tr> -<td><b>$NOW</b></td> +<td><b>$now</b></td> <td>The current date stamp in the format YYYY-MM-DD</td> </tr> <tr> -<td><b>$YEAR</b></td> +<td><b>$year</b></td> <td>The current year (4-digit)</td> </tr> <tr> -<td><b>$MONTH</b></td> +<td><b>$month</b></td> <td>The current month (2-digit)</td> </tr> <tr> -<td><b>$DAY</b></td> +<td><b>$day</b></td> <td>The current day of the month (2-digit)</td> </tr> <tr> -<td><b>$HOUR</b></td> +<td><b>$hour</b></td> <td>The current hour in military (24 hour) time (2-digit)</td> </tr> <tr> -<td><b>$HHOUR</b></td> +<td><b>$hhour</b></td> <td>The current half hour we are in. From minute 0 to 29, this is always 0 while from 30 to 59 it is always 1.</td> </tr> <tr> -<td><b>$QHOUR</b></td> +<td><b>$qhour</b></td> <td>The current quarter hour we are in. Much like $HHOUR, but values range from 0 to 3 (for the four quater hours that are in each hour)</td> </tr> <tr> -<td><b>$MINUTE</b></td> +<td><b>$minute</b></td> <td>The current minute (2-digit)</td> </tr> </tbody> diff --git a/doc/queues.html b/doc/queues.html index 80641d8c..a2074d36 100644 --- a/doc/queues.html +++ b/doc/queues.html @@ -288,7 +288,17 @@ directive allows to specify how long (in microseconds) dequeueing should be delayed. While simple, it still is powerful. For example, using a DequeueSlowdown delay of 1,000 microseconds on a UDP send action ensures that no more than 1,000 messages can be sent within a second (actually less, as there is -also some time needed for the processing itself). </p> +also some time needed for the processing itself).</p><h2>Processing Timeframes</h2><p>Queues +can be set to dequeue (process) messages only during certain +timeframes. This is useful if you, for example, would like to transfer +the bulk of messages only during off-peak hours, e.g. when you have +only limited bandwidth on the network path the the central server.</p><p>Currently, +only a single timeframe is supported and, even worse, it can only be +specified by the hour. It is not hard to extend rsyslog's capabilities +in this regard - it was just not requested so far. So if you need more +fine-grained control, let us know and we'll probably implement it. +There are two configuration directives, both should be used together or +results are unpredictable:" <i>$<object>QueueDequeueTimeBegin <hour></i>" and "<i>$<object>QueueDequeueTimeEnd <hour></i>". The hour parameter must be specified in 24-hour format (so 10pm is 22). A use case for this parameter can be found in the <a href="http://wiki.rsyslog.com/index.php/OffPeakHours">rsyslog wiki</a>. </p> <h2>Terminating Queues</h2> <p>Terminating a process sounds easy, but can be complex. <span style="font-size: 12pt; line-height: 115%; font-family: 'Times New Roman',serif;" lang="EN-US"> diff --git a/doc/rsyslog_ng_comparison.html b/doc/rsyslog_ng_comparison.html index 2a1d15bd..4ee8c10b 100644 --- a/doc/rsyslog_ng_comparison.html +++ b/doc/rsyslog_ng_comparison.html @@ -1,7 +1,6 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head> -<meta content="de" http-equiv="Content-Language"><title>rsyslog vs. syslog-ng - a comparison</title> - +<title>rsyslog vs. syslog-ng - a comparison</title> </head> <body> <h1>rsyslog vs. syslog-ng</h1> @@ -122,7 +121,9 @@ based framing on syslog/tcp connections</td> <td valign="top">yes</td> </tr> <tr> -<td valign="top">syslog over RELP<br>this is a truely reliable solution (plain tcp syslog can lose messages!)</td> +<td valign="top">syslog over RELP<br> +truly reliable message delivery (<a href="http://rgerhards.blogspot.com/2008/04/on-unreliability-of-plain-tcp-syslog.html">Why +is plain tcp syslog not reliable?</a>)</td> <td valign="top">yes</td> <td valign="top">no</td> </tr> @@ -337,6 +338,13 @@ be placed on different disk</td> <td valign="top">no</td> </tr> <tr> +<td valign="top">ability to process spooled +messages only during a configured timeframe (e.g. process messages only +during off-peak hours, during peak hours they are enqueued only)</td> +<td valign="top"><a href="http://wiki.rsyslog.com/index.php/OffPeakHours">yes</a><br>(can independently be configured for the main queue and each action queue)</td> +<td valign="top">no</td> +</tr> +<tr> <td valign="top">ability to configure backup syslog/database servers </td> <td valign="top">yes</td> @@ -564,6 +572,6 @@ feature sheet. I have not yet been able to fully work through it. In the mean time, you may want to read it in parallel. It is available at <a href="http://www.balabit.com/network-security/syslog-ng/features/detailed/">Balabit's site</a>.</p> -<p>This document is current as of 2008-02-28 and definitely +<p>This document is current as of 2008-04-07 and definitely incomplete (I did not yet manage to complete it!).</p> -</body></html>
\ No newline at end of file +</body></html> diff --git a/doc/status.html b/doc/status.html index d7111a50..5ab6ea05 100644 --- a/doc/status.html +++ b/doc/status.html @@ -2,7 +2,7 @@ <html><head><title>rsyslog status page</title></head> <body> <h2>rsyslog status page</h2> -<p>This page reflects the status as of 2008-04-04.</p> +<p>This page reflects the status as of 2008-04-07.</p> <h2>Current Releases</h2> <p><b>development:</b> 3.15.0 - |