diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/imrelp.html | 52 | ||||
-rw-r--r-- | doc/manual.html | 4 | ||||
-rw-r--r-- | doc/ommail.html | 128 | ||||
-rw-r--r-- | doc/omrelp.html | 54 | ||||
-rw-r--r-- | doc/rsyslog_conf.html | 4 | ||||
-rw-r--r-- | doc/rsyslog_ng_comparison.html | 178 |
6 files changed, 346 insertions, 74 deletions
diff --git a/doc/imrelp.html b/doc/imrelp.html new file mode 100644 index 00000000..b6f1f2bc --- /dev/null +++ b/doc/imrelp.html @@ -0,0 +1,52 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head> +<meta http-equiv="Content-Language" content="en"><title>RELP Input Module</title> + +</head> +<body> +<h1>RELP Input Module</h1> +<p><b>Module Name: imrelp</b></p> +<p><b>Author: Rainer Gerhards</b></p> +<p><b>Description</b>:</p> +<p>Provides the ability to receive syslog messages via the +reliable RELP protocol. This module requires <a href="http://www.librelp.com">librelp</a> to be +present on the system. From the user's point of view, imrelp works much +like imtcp or imgssapi, except that no message loss can occur. Please +note that with the currently supported relp protocol version, a minor +message duplication may occur if a network connection between the relp +client and relp server breaks after the client could successfully send +some messages but the server could not acknowledge them. The window of +opportunity is very slim, but in theory this is possible. Future +versions of RELP will prevent this. Please also note that rsyslogd may +lose a few messages if rsyslog is shutdown while a network conneciton +to the server is broken and could not yet be recovered. Future version +of RELP support in rsyslog will prevent that. Please note that both +scenarios also exists with plain tcp syslog. RELP, even with the small +nits outlined above, is a much more reliable solution than plain tcp +syslog and so it is highly suggested to use RELP instead of plain tcp. +Clients send messages to the RELP server via omrelp.</p> +<p><b>Configuration Directives</b>:</p> +<ul> +<li>InputRELPServerRun <port><br> +Starts a RELP server on selected port</li> +</ul> +<b>Caveats/Known Bugs:</b> +<ul> +<li>see description</li> +</ul> +<p><b>Sample:</b></p> +<p>This sets up a RELP server on port 2514.<br> +</p> +<textarea rows="15" cols="60">$ModLoad imrelp # needs to be done just once +$InputRELPServerRun 2514 +</textarea> +<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] +[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> +project.<br> +Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer +Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. +Released under the GNU GPL version 3 or higher.</font></p> +</body></html>
\ No newline at end of file diff --git a/doc/manual.html b/doc/manual.html index 9c49cbee..9c906497 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -16,8 +16,8 @@ relay chains while at the same time being very easy to setup for the novice user. And as we know what enterprise users really need, there is also <a href="professional_support.html">professional rsyslog support</a> available directly from the source!</p> -<p><b>This documentation is for version 3.14.2 of rsyslog.</b> -Visit the <i> <a href="http://www.rsyslog.com/doc-status.html">rsyslog status page</a></i> to obtain current +<p><b>This documentation is for version 3.15.1 (beta branch) of rsyslog.</b> +Visit the <i> <a href="http://www.rsyslog.com/doc-status.html">rsyslog status page</a></i></b> to obtain current version information and project status. </p><p><b>If you like rsyslog, you might want to lend us a helping hand. </b>It doesn't require a lot of diff --git a/doc/ommail.html b/doc/ommail.html new file mode 100644 index 00000000..b6b7c2ad --- /dev/null +++ b/doc/ommail.html @@ -0,0 +1,128 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head><title>mail output module - sending syslog messages via mail</title> + +</head> +<body> +<h1>Mail Output Module (ommail)</h1> +<p><b>Module Name: ommail</b></p> +<p><b>Author: </b>Rainer Gerhards +<rgerhards@adiscon.com></p> +<p><b>Description</b>:</p> +<p>This module supports sending syslog messages via mail. Each +syslog message is sent via its own mail. Obviously, you will want to +apply rigorous filtering, otherwise your mailbox (and mail server) will +be heavily spammed. The ommail plugin is primarily meant for alerting +users. As such, it is assume that mails will only be sent in an +extremely limited number of cases.</p> +<p>Please note that ommail is especially well-suited to work in +tandem with <a href="imfile.html">imfile</a> to +watch files for the occurence of specific things to be alerted on. So +its scope is far broader than forwarding syslog messages to mail +recipients.</p> +Ommail uses two templates, one for the mail body and one for the +subject line. If neither is provided, a quite meaningless subject line +is used and the mail body will be a syslog message just as if it were +written to a file. It is expected that the users customizes both +messages. In an effort to support cell phones (including SMS gateways), +there is an option to turn off the body part at all. This is considered +to be useful to send a short alert to a pager-like device.<br> +<br> +It is highly recommended to use the "<span style="font-weight: bold;">$ActionExecOnlyOnceEveryInterval +<seconds></span>" directive to limit the amount of +mails that potentially be generated. With it, mails are sent at most in +a <seconds> interval. This may be your life safer. And +remember that an hour has 3,600 seconds, so if you would like to +receive mails at most once every two hours, include a +"$ActionExecOnlyOnceEveryInterval 7200" immediately before the ommail +action. Messages sent more frequently are simpy discarded.<span style="font-weight: bold;"></span> +<p><b>Configuration Directives</b>:</p> +<ul> +<li><span style="font-weight: bold;">$ActionMailSMTPServer</span><br> +Name or IP address of the SMTP server to be used. Must currently be +set. The default is 127.0.0.1, the SMTP server on the local machine. +Obviously it is not good to expect one to be present on each machine, +so this value should be specified.<br> +</li> +<li><span style="font-weight: bold;">$ActionMailSMTPPort</span><br> +Port number or name of the SMTP port to be used. The default is 25, the +standard SMTP port.</li> +<li><span style="font-weight: bold;">$ActionMailFrom</span><br> +The email address used as the senders address. There is no default.</li> +<li><span style="font-weight: bold;">$ActionMailTo</span><br> +The recipients email address. There is no default.</li> +<li><span style="font-weight: bold;">$ActionMailSubject</span><br> +The name of the <span style="font-weight: bold;">template</span> +to be used as the mail subject. If this is not specified, a more or +less meaningless mail subject is generated (we don't tell you the exact +text because that can change - if you want to have something specific, +configure it!).</li> +<li><span style="font-weight: bold;">$ActionMailEnableBody</span><br> +Setting this to "off" permits to exclude the actual message body. This +may be useful for pager-like devices or cell phone SMS messages. The +default is "on", which is appropriate for allmost all cases. Turn it +off only if you know exactly what you do!</li> +</ul> +<b>Caveats/Known Bugs:</b> +<p>The current ommail implementation supports <span style="font-weight: bold;">SMTP-direct mode</span> +only. In that mode, the plugin talks to the mail server via SMTP +protocol. No other process is involved. This mode offers best +reliability as it is not depending on any external entity except the +mail server. Mail server downtime is acceptable if the action is put +onto its own action queue, so that it may wait for the SMTP server to +come back online. However, the module implements only the bare SMTP +essentials. Most importantly, it does not provide any authentication +capabilities. So your mail server must be configured to accept incoming +mail from ommail without any authentication needs (this may be change +in the future as need arises, but you may also be referred to +sendmail-mode).</p> +<p>In theory, ommail should also offer a mode where it uses the +sendmail utility to send its mail (<span style="font-weight: bold;">sendmail-mode</span>). +This is somewhat less reliable (because we depend on an entity we do +not have close control over - sendmail). It also requires dramatically +more system ressources, as we need to load the external process (but +that should be no problem given the expected infrequent number of calls +into this plugin). The big advantage of sendmail mode is that it +supports all the bells and whistles of a full-blown SMTP implementation +and may even work for local delivery without a SMTP server being +present. Sendmail mode will be implemented as need arises. So if you +need it, please drop us a line (I nobody does, sendmail mode will +probably never be implemented).</p> +<p><b>Sample:</b></p> +<p>The following sample alerts the operator if the string "hard +disk fatal failure" is present inside a syslog message. The mail server +at mail.example.net is used and the subject shall be "disk problem on +<hostname>". Note how \r\n is included inside the body +text +to create line breaks. A message is sent at most once every 6 hours, +any other messages are silently discarded (or, to be precise, not being +forwarded - they are still being processed by the rest of the +configuration file).<br> +</p> +<textarea rows="15" cols="80">$ModLoad ommail +$ActionMailSMTPServer mail.example.net +$ActionMailFrom rsyslog@example.net +$ActionMailTo operator@example.net +$template mailSubject,"disk problem on %hostname%" +$template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'" +$ActionMailSubject mailSubject +# make sure we receive a mail only once in six +# hours (21,600 seconds ;)) +$ActionExecOnlyOnceEveryInterval 21600 +# the if ... then ... mailBody mus be on one line! +if $msg contains 'hard disk fatal failure' then :ommail:;mailBody +</textarea><br> +<br> +A more advanced example plus a discussion on using the email feature +inside a reliable system can be found in Rainer's blogpost +"<a style="font-style: italic;" href="http://rgerhards.blogspot.com/2008/04/why-is-native-email-capability.html">Why +is native email capability an advantage for a syslogd?</a>" +<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] +[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> +project.<br> +Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer +Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. +Released under the GNU GPL version 3 or higher.</font></p> +</body></html>
\ No newline at end of file diff --git a/doc/omrelp.html b/doc/omrelp.html new file mode 100644 index 00000000..0952cc71 --- /dev/null +++ b/doc/omrelp.html @@ -0,0 +1,54 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head> +<meta http-equiv="Content-Language" content="en"><title>RELP Output Module (omrelp)</title> + +</head> +<body> +<h1>RELP Output Module (omlibdbi)</h1> +<p><b>Module Name: omrelp</b></p> +<p><b>Author: </b>Rainer Gerhards +<rgerhards@adiscon.com></p> +<p><b>Description</b>:</p> +<p>This module supports sending syslog messages over the reliable +RELP protocol. For RELP's advantages over plain tcp syslog, please see +the documentation for <a href="imrelp.html">imrelp</a> +(the server counterpart). </p> +<span style="font-weight: bold;">Setup</span> +<p>Please note the <a href="http://www.librelp.com">librelp</a> +is required for imrelp (it provides the core relp protocol +implementation).</p> +<p><b>Configuration Directives</b>:</p> +<p>This module uses old-style action configuration to keep +consistent with the forwarding rule. So far, no additional +configuration directives can be specified. To send a message via RELP, +use</p> +<p>*.* + :omrelp:<sever>:<port>;<template></p> +<p>just as you use </p> +<p>*.* + @@<sever>:<port>;<template></p> +<p>to forward a message via plain tcp syslog.</p> +<b>Caveats/Known Bugs:</b> +<p>See <a href="imrelp.html">imrelp</a>, +which documents them. </p> +<p><b>Sample:</b></p> +<p>The following sample sends all messages to the central server +"centralserv" at port 2514 (note that that server must run imrelp on +port 2514). Rsyslog's high-precision timestamp format is used, thus the +special "RSYSLOG_ForwardFormat" (case sensitive!) template is used.<br> +</p> +<textarea rows="15" cols="60">$ModLoad omrelp +# forward messages to the remote server "myserv" on +# port 2514 +*.* :omrelp:centralserv:2514;RSYSLOG_ForwardFormat +</textarea> +<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] +[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> +project.<br> +Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer +Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. +Released under the GNU GPL version 3 or higher.</font></p> +</body></html>
\ No newline at end of file diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html index 5931a241..2a0f0c60 100644 --- a/doc/rsyslog_conf.html +++ b/doc/rsyslog_conf.html @@ -26,7 +26,7 @@ number of modules. Here is the entry point to their documentation and what they do (list is currently not complete)</p> <ul> <li><a href="omsnmp.html">omsnmp</a> - SNMP -trap output module</li><li>omrelp - RELP output module</li> +trap output module</li><li><a href="omrelp.html">omrelp</a> - RELP output module</li> <li>omgss - output module for GSS-enabled syslog</li> <li>ommysql - output module for MySQL</li> <li>ompgsql - output module for PostgreSQL</li> @@ -34,7 +34,7 @@ trap output module</li><li>omrelp - RELP output module</li> generic database output module (Firebird/Interbase, MS SQL, Sybase, SQLLite, Ingres, Oracle, mSQL)</li> <li><a href="imfile.html">imfile</a> -- input module for text files</li><li>imrelp - RELP input module</li> +- input module for text files</li><li><a href="imrelp.html">imrelp</a> - RELP input module</li> <li>imudp - udp syslog message input</li> <li><a href="imtcp.html">imtcp</a> - input plugin for plain tcp syslog</li> diff --git a/doc/rsyslog_ng_comparison.html b/doc/rsyslog_ng_comparison.html index 547501af..2a1d15bd 100644 --- a/doc/rsyslog_ng_comparison.html +++ b/doc/rsyslog_ng_comparison.html @@ -1,6 +1,8 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head> -<meta content="de" http-equiv="Content-Language"><title>rsyslog vs. syslog-ng - a comparison</title></head> +<meta content="de" http-equiv="Content-Language"><title>rsyslog vs. syslog-ng - a comparison</title> + +</head> <body> <h1>rsyslog vs. syslog-ng</h1> <p><small><i>Written by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> @@ -25,56 +27,72 @@ comparison sheet, so please don't be shy ;)</p> <td valign="top"><b>rsyslog</b></td> <td valign="top"><b>syslog-ng</b></td> </tr> - - <tr> -<td colspan="3" valign="top"><br><b>Input Sources</b><br></td> +<td colspan="3" valign="top"><br> +<b>Input Sources</b><br> +</td> </tr> -<tr><td valign="top">UNIX domain socket</td> +<tr> +<td valign="top">UNIX domain socket</td> +<td valign="top">yes</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td></td> +</tr> <tr> <td valign="top">UDP</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> <td valign="top">TCP</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> +<tr> +<td valign="top"><a href="http://www.librelp.com">RELP</a></td> +<td valign="top">yes</td> +<td valign="top">no</td> +<td></td> +</tr> <tr> <td valign="top">RFC 3195/BEEP</td> <td valign="top">yes (needs separate build process)</td> -<td valign="top">no</td><td> -</td></tr> +<td valign="top">no</td> +<td></td> +</tr> <tr> <td valign="top">kernel log</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> <td valign="top">file</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> -<td valign="top">mark message generator as an optional input</td> +<td valign="top">mark message generator as an +optional input</td> <td valign="top">yes</td> -<td valign="top">no (?)</td><td> -</td></tr> +<td valign="top">no (?)</td> +<td></td> +</tr> <tr> <td valign="top">Windows Event Log</td> <td valign="top">via <a href="http://www.eventreporter.com">EventReporter</a> or <a href="http://www.mwagent.com">MonitorWare Agent</a> (both commercial software)</td> -<td valign="top">via separate Windows agent, paid edition only</td> +<td valign="top">via separate Windows agent, paid +edition only</td> </tr> - - <tr> -<td colspan="3" valign="top"><b><br>Network (Protocol) Support</b><br></td> +<td colspan="3" valign="top"><b><br> +Network (Protocol) Support</b><br> +</td> </tr> <tr> <td valign="top">support for (plain) tcp based syslog</td> @@ -104,6 +122,11 @@ based framing on syslog/tcp connections</td> <td valign="top">yes</td> </tr> <tr> +<td valign="top">syslog over RELP<br>this is a truely reliable solution (plain tcp syslog can lose messages!)</td> +<td valign="top">yes</td> +<td valign="top">no</td> +</tr> +<tr> <td valign="top">on the wire (zlib) message compression</td> <td valign="top">yes</td> @@ -146,38 +169,46 @@ hostname in NAT environments and relay chains</td> <td valign="top">yes</td> <td valign="top">yes</td> </tr> - - <tr> -<td colspan="3" valign="top"><br><b>Message Filtering</b><br></td> +<td colspan="3" valign="top"><br> +<b>Message Filtering</b><br> +</td> </tr> -<tr><td valign="top">Filtering for syslog facility and priority</td> +<tr> +<td valign="top">Filtering for syslog facility and +priority</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> <td valign="top">Filtering for hostname</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> <td valign="top">Filtering for application</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> <td valign="top">Filtering for message contents</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> <td valign="top">Filtering for sending IP address</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> -<td valign="top">ability to filter on any other message -field not mentioned above +<td valign="top">ability to filter on any other +message +field not mentioned above (including substrings and the like)</td> <td valign="top">yes</td> <td valign="top">no</td> @@ -210,8 +241,9 @@ in filters</td> <td valign="top">support for discarding messages based on filters</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> <td valign="top">powerful BSD-style hostname and program name blocks for easy multi-host support</td> @@ -223,10 +255,10 @@ program name blocks for easy multi-host support</td> <td></td> <td></td> </tr> - - <tr> -<td colspan="3" valign="top"><br><b>Supported Database Outputs</b><br></td> +<td colspan="3" valign="top"><br> +<b>Supported Database Outputs</b><br> +</td> </tr> <tr> <td valign="top">MySQL</td> @@ -274,10 +306,10 @@ program name blocks for easy multi-host support</td> <td valign="top">yes (<a href="omlibdbi.html">omlibdbi</a>)</td> <td valign="top">no (?)</td> </tr> - - <tr> -<td colspan="3" valign="top"><br><b>Enterprise Features</b><br></td> +<td colspan="3" valign="top"><br> +<b>Enterprise Features</b><br> +</td> </tr> <tr> <td valign="top">support for on-demand on-disk @@ -292,7 +324,8 @@ by spool files</td> <td valign="top">yes</td> </tr> <tr> -<td valign="top">each action can use its own, independant +<td valign="top">each action can use its own, +independant set of spool files</td> <td valign="top">yes</td> <td valign="top">no</td> @@ -314,10 +347,10 @@ syslog/database servers </td> <td><a href="professional_support.html">yes</a></td> <td>yes</td> </tr> - - <tr> -<td colspan="3" valign="top"><br><b>Config File</b><br></td> +<td colspan="3" valign="top"><br> +<b>Config File</b><br> +</td> </tr> <tr> <td valign="top">config file format</td> @@ -338,37 +371,40 @@ existing in a specific directory</td> <td height="25" valign="top">yes</td> <td height="25" valign="top">no</td> </tr> - - - <tr> -<td colspan="3" valign="top"><br><b>Extensibility</b><br></td> +<td colspan="3" valign="top"><br> +<b>Extensibility</b><br> +</td> </tr> <tr> -<td valign="top">Functionality split in separately loadable +<td valign="top">Functionality split in separately +loadable modules</td> <td valign="top">yes</td> <td valign="top">no</td> </tr> <tr> -<td valign="top">Support for third-party input plugins</td> +<td valign="top">Support for third-party input +plugins</td> <td valign="top">yes</td> <td valign="top">no</td> </tr> <tr> </tr> -<tr><td valign="top">Support for third-party output plugins</td> +<tr> +<td valign="top">Support for third-party output +plugins</td> <td valign="top">yes</td> <td valign="top">no</td> </tr> - - - <tr> -<td colspan="3" valign="top"><br><b>Other Features</b><br></td> +<td colspan="3" valign="top"><br> +<b>Other Features</b><br> +</td> +</tr> +<tr> </tr> <tr> -</tr><tr> <td valign="top">ability to generate file names and directories (log targets) dynamically</td> <td valign="top">yes</td> @@ -440,8 +476,9 @@ reduction ("last message repeated n times") on a per selector-line basis</td> <td valign="top">supports multiple actions per selector/filter condition</td> <td valign="top">yes</td> -<td valign="top">yes</td><td> -</td></tr> +<td valign="top">yes</td> +<td></td> +</tr> <tr> <td valign="top">web interface</td> <td valign="top"><a href="http://www.phplogcon.org">phpLogCon</a><br> @@ -469,8 +506,11 @@ system stress</td> <tr> <td height="43" valign="top">flow control (slow down message reception when system is busy)</td> -<td height="43" valign="top">yes (advanced, with multiple ways to slow down inputs depending on individual input capabilities, based on watermarks)</td> -<td height="43" valign="top">yes (limited? "stops accepting messages")</td> +<td height="43" valign="top">yes (advanced, +with multiple ways to slow down inputs depending on individual input +capabilities, based on watermarks)</td> +<td height="43" valign="top">yes (limited? +"stops accepting messages")</td> </tr> <tr> <td valign="top">rewriting messages</td> @@ -504,8 +544,6 @@ Solaris; compilation and basic testing done on HP UX</td> <td valign="top">no</td> <td valign="top">yes</td> </tr> - - </tbody> </table> <p>While the <span style="font-weight: bold;">rsyslog</span> |