diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/Makefile.am | 2 | ||||
| -rw-r--r-- | doc/features.html | 3 | ||||
| -rw-r--r-- | doc/free_support.html | 56 | ||||
| -rw-r--r-- | doc/imuxsock.html | 62 | ||||
| -rw-r--r-- | doc/manual.html | 22 | ||||
| -rw-r--r-- | doc/ommail.html | 23 | ||||
| -rw-r--r-- | doc/rsyslog_conf.html | 16 | ||||
| -rw-r--r-- | doc/rsyslog_ng_comparison.html | 12 | ||||
| -rw-r--r-- | doc/status.html | 20 | ||||
| -rw-r--r-- | doc/syslog_protocol.html (renamed from doc/syslog-protocol.html) | 0 | ||||
| -rw-r--r-- | doc/troubleshoot.html | 59 |
11 files changed, 225 insertions, 50 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am index de3675de..edf3bbb5 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -24,7 +24,7 @@ html_files = \ rsyslog_tls.html \ rsyslog_reliable_forwarding.html \ rsyslog_stunnel.html \ - syslog-protocol.html \ + syslog_protocol.html \ version_naming.html \ contributors.html \ dev_queue.html \ diff --git a/doc/features.html b/doc/features.html index 2b3b31d9..d221eb77 100644 --- a/doc/features.html +++ b/doc/features.html @@ -74,7 +74,7 @@ easy multi-host support</li> <li> massively multi-threaded with dynamic work thread pools that start up and shut themselves down on an as-needed basis (great for high log volume on multicore machines)</li> -<li>very experimental and volatile support for <a href="syslog-protocol.html">syslog-protocol</a> +<li>very experimental and volatile support for <a href="syslog_protocol.html">syslog-protocol</a> compliant messages (it is volatile because standardization is currently underway and this is a proof-of-concept implementation to aid this effort)</li> @@ -94,6 +94,7 @@ loadable plug-in</li> via custom plugins</li> <li> an easy-to-write to plugin interface</li> <li> ability to send SNMP trap messages</li> +<li> ability to filter out messages based on sequence of arrival</li> <li>support for arbitrary complex boolean, string and arithmetic expressions in message filters</li> </ul> diff --git a/doc/free_support.html b/doc/free_support.html new file mode 100644 index 00000000..182a82cd --- /dev/null +++ b/doc/free_support.html @@ -0,0 +1,56 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html><head> +<meta http-equiv="Content-Language" content="en"> +<title>Free Support for Rsyslog</title> + +</head> +<body> +<h1>Free Services for Rsyslog</h1> +<p><i>A personal word from Rainer, the lead developer of rsyslog:</i> +<p><b>The rsyslog community provides ample free support resources. Please see our +<a href="troubleshoot.html">troubleshooting guide</a> to get started.</b></p> +<p>Every now and then I receive private mail with support questions. I appreciate +any feedback, but I must limit my resources so that I can help driver a great logging +system forward. +<p>To do so, I have decided not to reply to unsolicited support emails, at least not +with a solution (but rather a link to this page ;)). I hope this does not offend you. The +reason is quite simple: If I do personal support, you gain some advantage without +contributing something back. Think about it: if you ask your question on the public +forum or mailing list, other with the same problem can you and, most importantly, even +years later find your post (and the answer) and get the problem solved. So by +solving your issue in public, you help create a great community ressource and also +help your fellow users finding solutions quicker. In the long term, this +also contributes to improved code because the more questions users can find +solutions to themselves, the fewer I need to look at. +<p>But it comes even better: the rsyslog community is much broader than Rainer ;) - there +are helpful other members hanging around at the public places. They often answer +questions, so that I do not need to look at them (btw, once again a big "thank you", folks!). +And, more important, those folks have different background than me. So they often +either know better how to solve your problem (e.g. because it is distro-specific) +or they know how to better phrase it (after all, I like abstract terms and concepts ;)). +So you do yourself a favor if you use the public places. +<p>An excellent place to go to is the +<a href="http://kb.monitorware.com/rsyslog-f40.html">rsyslog forum</a> inside the +knowledge base (which in itself is a great place to visit!). For those used to +mailing lists, the +<a href="http://lists.adiscon.net/mailman/listinfo/rsyslog">rsyslog mailing list</a> +also offers excellent advise. +<p><b>Don't like to post your question in a public place?</b> Well, then you should +consider purchasing <a href="professional_support.html">rsyslog professional support</a>. +The fees are very low and help fund the project. If you use rsyslog seriously inside +a corporate environment, there is no excuse for not getting one of the support +packages ;) +<p>Of course, things are different when I ask you to mail me privately. I'll usually do +that when I think it makes sense, for example when we exchange debug logs. +<p>I hope you now understand the free support options and the reasoning for them. +I hope I haven't offended you with my words - this is not my intension. I just needed to +make clear why there are some limits on my responsiveness. Happy logging! +<p>[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> +<p><font size="2">This documentation is part of the +<a href="http://www.rsyslog.com/">rsyslog</a> +project.<br> +Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer +Gerhards</a> and +<a href="http://www.adiscon.com/">Adiscon</a>. +Released under the GNU GPL version 3 or higher.</font></p> +</body></html> diff --git a/doc/imuxsock.html b/doc/imuxsock.html index ee367dbc..77491992 100644 --- a/doc/imuxsock.html +++ b/doc/imuxsock.html @@ -1,7 +1,7 @@ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html><head> -<meta http-equiv="Content-Language" content="en"><title>Unix Socket Input</title> - +<meta http-equiv="Content-Language" content="en"> +<title>Unix Socket Input</title> </head> <body> <h1>Unix Socket Input</h1> @@ -9,31 +9,65 @@ <p><b>Author: </b>Rainer Gerhards <rgerhards@adiscon.com></p> <p><b>Description</b>:</p> -<p>Provides the ability to accept syslog messages via local Unix +<p><b>Provides the ability to accept syslog messages via local Unix sockets. Most importantly, this is the mechanism by which the syslog(3) -call delivers syslog messages to rsyslogd. So you need to have this +call delivers syslog messages to rsyslogd.</b> So you need to have this module loaded to read the system log socket and be able to process log -messages from applications running on the local system.</p><p>Application-provided -timestamps are ignored by default. This is needed, as some programs -(e.g. sshd) log with inconsistent timezone information, what +messages from applications running on the local system.</p> +<p><b>Application-provided +timestamps are ignored by default.</b> This is needed, as some programs +(e.g. sshd) log with inconsistent timezone information, what messes up the local logs (which by default don't even contain time zone information). This seems to be consistent with what sysklogd did for the past four years. Alternate behaviour may be desirable if gateway-like processes send messages via the local log slot - in this case, it can be enabled via the -$InputUnixListenSocketIgnoreMsgTimestamp and $SystemLogSocketIgnoreMsgTimestamp config directives</p><p><b>Configuration Directives</b>:</p> +$InputUnixListenSocketIgnoreMsgTimestamp and $SystemLogSocketIgnoreMsgTimestamp config directives</p> +<p><b>Unix log sockets can be flow-controlled.</b> That is, if processing queues fill up, +the unix socket reader is blocked for a short while. This may be useful to prevent overruning +the queues (which may cause exessive disk-io where it actually would not be needed). However, +flow-controlling a log socket (and especially the system log socket) can lead to a very +unresponsive system. As such, flow control is disabled by default. That means any log records +are places as quickly as possible into the processing queues. If you would like to have +flow control, you need to enable it via the $SystemLogSocketFlowControl and +$InputUnixListenSocketFlowControl config directives. Just make sure you thought about +the implications. Note that for many systems, turning on flow control does not hurt. +<p><b>Configuration Directives</b>:</p> <ul> -<li><span style="font-weight: bold;">$InputUnixListenSocketIgnoreMsgTimestamp</span> [<span style="font-weight: bold;">on</span>/off]<strong></strong><br>Ignore timestamps included in the message. Applies to the next socket being added.</li><li><span style="font-weight: bold;">$SystemLogSocketIgnoreMsgTimestamp</span> [<span style="font-weight: bold;">on</span>/off]<br>Ignore timestamps included in the messages, applies to messages received via the system log socket.</li><li><span style="font-weight: bold;">$OmitLocalLogging</span> (imuxsock) [on/<b>off</b>] -- -former -o option</li><li><span style="font-weight: bold;">$SystemLogSocketName</span> <name-of-socket> -- -former -p option</li><li><span style="font-weight: bold;">$AddUnixListenSocket</span> <name-of-socket> adds -additional unix socket, default none -- former -a option</li></ul> +<li><b>$InputUnixListenSocketIgnoreMsgTimestamp</b> [<b>on</b>/off] +<br>Ignore timestamps included in the message. Applies to the next socket being added.</li> +<li><b>$InputUnixListenSocketFlowControl</b> [on/<b>off</b>] - specifies if flow control should be applied +to the next socket.</li> +<li><b>$SystemLogSocketIgnoreMsgTimestamp</b> [<b>on</b>/off]<br> +Ignore timestamps included in the messages, applies to messages received via the system log socket.</li> +<li><b>$OmitLocalLogging</b> (imuxsock) [on/<b>off</b>] -- former -o option</li> +<li><b>$SystemLogSocketName</b> <name-of-socket> -- former -p option</li> +<li><b>$SystemLogFlowControl</b> [on/<b>off</b>] - specifies if flow control should be applied +to the system log socket.</li> +<li><b>$AddUnixListenSocket</b> <name-of-socket> adds additional unix socket, default none -- former -a option</li> +<li><b>$InputUnixListenSocketHostName</b> <hostname> permits to override the hostname that +shall be used inside messages taken from the <b>next</b> $AddUnixListenSocket socket. Note that +the hostname must be specified before the $AddUnixListenSocket configuration directive, and it +will only affect the next one and then automatically be reset. This functionality is provided so +that the local hostname can be overridden in cases where that is desired.</li> +</ul> <b>Caveats/Known Bugs:</b><br> <br> This documentation is sparse and incomplete. <p><b>Sample:</b></p> <p>The following sample is the minimum setup required to accept syslog messages from applications running on the local system.<br> </p> -<textarea rows="15" cols="60">$ModLoad imuxsock # needs to be done just once +<textarea rows="2" cols="70">$ModLoad imuxsock # needs to be done just once +$SystemLogSocketFlowControl on # enable flow control (use if needed) +</textarea> +<p>The following sample is a configuration where rsyslogd pulls logs from two +jails, and assigns different hostnames to each of the jails: </p> +<textarea rows="6" cols="60">$ModLoad imuxsock # needs to be done just once + +$InputUnixListenSocketHostName jail1.example.net +$AddUnixListenSocket /jail/1/dev/log +$InputUnixListenSocketHostName jail2.example.net +$AddUnixListenSocket /jail/2/dev/log </textarea> <p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> @@ -44,4 +78,4 @@ Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and <a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL version 3 or higher.</font></p> -</body></html>
\ No newline at end of file +</body></html> diff --git a/doc/manual.html b/doc/manual.html index 91c58a43..d672da52 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -16,7 +16,7 @@ relay chains while at the same time being very easy to setup for the novice user. And as we know what enterprise users really need, there is also <a href="professional_support.html">professional rsyslog support</a> available directly from the source!</p> -<p><b>This documentation is for version 3.19.11 (beta branch) of rsyslog.</b> +<p><b>This documentation is for version 3.21.2 (devel branch) of rsyslog.</b> Visit the <i> <a href="http://www.rsyslog.com/doc-status.html">rsyslog status page</a></i></b> to obtain current version information and project status. </p><p><b>If you like rsyslog, you might @@ -33,19 +33,14 @@ the links below for the</b><br></p><ul> <li><a href="troubleshoot.html">troubleshooting rsyslog problems</a></li> <li><a href="rsyslog_conf.html">configuration file syntax (rsyslog.conf)</a></li> -<li> <a href="property_replacer.html">property -replacer, an important core component</a></li> -<li>a commented <a href="sample.conf.html">sample -rsyslog.conf</a> -</li> +<li> <a href="property_replacer.html">property replacer, an important core component</a></li> +<li>a commented <a href="sample.conf.html">sample rsyslog.conf</a></li> <li><a href="bugs.html">rsyslog bug list</a></li> -<li><a href="rsyslog_packages.html"> rsyslog -packages</a></li> +<li><a href="rsyslog_packages.html"> rsyslog packages</a></li> <li><a href="generic_design.html">backgrounder on generic syslog application design</a><!-- not good as it currently is ;) <li><a href="contributors.html">contributor "Hall of Fame"</a>--></li> -<li><a href="modules.html">description of rsyslog -modules</a></li><li><a href="man_rsyslogd.html">rsyslogd man page</a> -(heavily outdated)</li> +<li><a href="modules.html">description of rsyslog modules</a></li> +<li><a href="man_rsyslogd.html">rsyslogd man page</a> (heavily outdated)</li> </ul> <p><b>We have some in-depth papers on</b></p> <ul> @@ -74,8 +69,7 @@ the world needs another syslogd</a>".</p> <p>Documentation is added continuously. Please note that the documentation here matches only the current version of rsyslog. If you use an older -version, be sure -to use the doc that came with it.</p> +version, be sure to use the doc that came with it.</p> <p><b>You can also browse the following online resources:</b></p> <ul> <li>the <a href="http://wiki.rsyslog.com/">rsyslog @@ -101,4 +95,6 @@ If you would like to use rsyslog source code inside your open source project, yo any restriction as long as your license is GPLv3 compatible. If your license is incompatible to GPLv3, you may even be still permitted to use rsyslog source code. However, then you need to look at the way <a href="licensing.html">rsyslog is licensed</a>.</p> +<p>Feedback is always welcome, but if you have a support question, please do not +mail Rainer directly (<a href="free_support.html">why not?</a>). </body></html> diff --git a/doc/ommail.html b/doc/ommail.html index 62ded6d0..c18cf3f8 100644 --- a/doc/ommail.html +++ b/doc/ommail.html @@ -50,7 +50,10 @@ standard SMTP port.</li> <li><span style="font-weight: bold;">$ActionMailFrom</span><br> The email address used as the senders address. There is no default.</li> <li><span style="font-weight: bold;">$ActionMailTo</span><br> -The recipients email address. There is no default.</li> +The recipient email addresses. There is no default. To specify multiple +recpients, repeat this directive as often as needed. Note: <b>This directive +must be specified for each new action and is automatically reset.</b> +[Multiple recipients are supported for 3.21.2 and above.]</li> <li><span style="font-weight: bold;">$ActionMailSubject</span><br> The name of the <span style="font-weight: bold;">template</span> to be used as the mail subject. If this is not specified, a more or @@ -112,14 +115,28 @@ $ActionExecOnlyOnceEveryInterval 21600 # the if ... then ... mailBody mus be on one line! if $msg contains 'hard disk fatal failure' then :ommail:;mailBody </textarea> +<p>The sample below is the same, but sends mail to two recipients:</p> +<textarea rows="15" cols="80">$ModLoad ommail +$ActionMailSMTPServer mail.example.net +$ActionMailFrom rsyslog@example.net +$ActionMailTo operator@example.net +$ActionMailTo admin@example.net +$template mailSubject,"disk problem on %hostname%" +$template mailBody,"RSYSLOG Alert\r\nmsg='%msg%'" +$ActionMailSubject mailSubject +# make sure we receive a mail only once in six +# hours (21,600 seconds ;)) +$ActionExecOnlyOnceEveryInterval 21600 +# the if ... then ... mailBody mus be on one line! +if $msg contains 'hard disk fatal failure' then :ommail:;mailBody +</textarea> <p>A more advanced example plus a discussion on using the email feature inside a reliable system can be found in Rainer's blogpost "<a style="font-style: italic;" href="http://rgerhards.blogspot.com/2008/04/why-is-native-email-capability.html">Why is native email capability an advantage for a syslogd?</a>" <p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> -<p><font size="2">This documentation is part of the -<a href="http://www.rsyslog.com/">rsyslog</a> +<p><font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a> project.<br> Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and diff --git a/doc/rsyslog_conf.html b/doc/rsyslog_conf.html index 8f258a8b..aab30f5e 100644 --- a/doc/rsyslog_conf.html +++ b/doc/rsyslog_conf.html @@ -79,8 +79,17 @@ default, it is usually well-chosen and applicable in most cases.</p> execute action only if the last execute is at last <seconds> seconds in the past (more info in <a href="ommail.html">ommail</a>, but may be used with any action)</li> -<li>$ActionFileDefaultTemplate [templateName] - sets a new -default template for file actions</li> +<li>$ActionExecOnlyEveryNthTime <number> - If configured, the next action will +only be executed every n-th time. For example, if configured to 3, the first two messages +that go into the action will be dropped, the 3rd will actually cause the action to execute, +the 4th and 5th will be dropped, the 6th executed under the action, ... and so on. Note: +this setting is automatically re-set when the actual action is defined.</li> +<li>$ActionExecOnlyEveryNthTimeTimeout <number-of-seconds> - has a meaning only if +$ActionExecOnlyEveryNthTime is also configured for the same action. If so, the timeout +setting specifies after which period the counting of "previous actions" expires and +a new action count is begun. Specify 0 (the default) to disable timeouts.:w + +<li>$ActionFileDefaultTemplate [templateName] - sets a new default template for file actions</li> <li>$ActionFileEnableSync [on/<span style="font-weight: bold;">off</span>] - enables file syncing capability of omfile</li> <li>$ActionForwardDefaultTemplate [templateName] - sets a new @@ -142,6 +151,7 @@ default 60000 (1 minute)]</li> <li><a href="rsconf1_droptrailinglfonreception.html">$DropTrailingLFOnReception</a></li> <li><a href="rsconf1_dynafilecachesize.html">$DynaFileCacheSize</a></li> <li><a href="rsconf1_escapecontrolcharactersonreceive.html">$EscapeControlCharactersOnReceive</a></li> +<li>$ErrorMessagesToStderr [<b>on</b>|off] - direct rsyslogd error message to stderr (in addition to other targets)</li> <li><a href="rsconf1_failonchownfailure.html">$FailOnChownFailure</a></li> <li><a href="rsconf1_filecreatemode.html">$FileCreateMode</a></li> <li><a href="rsconf1_filegroup.html">$FileGroup</a></li> @@ -787,7 +797,7 @@ administration needs.<br> forward messages it has received from the network to another host. Specify the "-h" option to enable this.</b></p> <p>To forward messages to another host, prepend the hostname with -the at sign ("@"). A single at sign means that messages will +the at sign ("@"). A single at sign means that messages will be forwarded via UDP protocol (the standard for syslog). If you prepend two at signs ("@@"), the messages will be transmitted via TCP. Please note that plain TCP based syslog is not officially standardized, but diff --git a/doc/rsyslog_ng_comparison.html b/doc/rsyslog_ng_comparison.html index 600875a8..1bab4d74 100644 --- a/doc/rsyslog_ng_comparison.html +++ b/doc/rsyslog_ng_comparison.html @@ -209,10 +209,8 @@ priority</td> <td></td> </tr> <tr> -<td valign="top">ability to filter on any other -message -field not mentioned above -(including substrings and the like)</td> +<td valign="top">ability to filter on any other message +field not mentioned above (including substrings and the like)</td> <td valign="top">yes</td> <td valign="top">no</td> </tr> @@ -248,6 +246,12 @@ based on filters</td> <td></td> </tr> <tr> +<td valign="top">ability to filter out messages based on sequence of appearing</td> +<td valign="top">yes (starting with 3.21.3)</td> +<td valign="top">no</td> +<td></td> +</tr> +<tr> <td valign="top">powerful BSD-style hostname and program name blocks for easy multi-host support</td> <td valign="top">yes</td> diff --git a/doc/status.html b/doc/status.html index 90932fca..15ea43cc 100644 --- a/doc/status.html +++ b/doc/status.html @@ -2,24 +2,22 @@ <html><head><title>rsyslog status page</title></head> <body> <h2>rsyslog status page</h2> -<p>This page reflects the status as of 2008-07-15.</p> +<p>This page reflects the status as of 2008-08-08.</p> <h2>Current Releases</h2> -<!-- no devel at this time! -<p><b>development:</b> 3.19.9 [2008-07-07] - -<a href="http://www.rsyslog.com/Article250.phtml">change log</a> - -<a href="http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-117.phtml">download</a> ---> +<p><b>development:</b> 3.21.2 [2008-08-04] - +<a href="http://www.rsyslog.com/Article264.phtml">change log</a> - +<a href="http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-124.phtml">download</a> <br><b>beta:</b> 3.19.10 [2008-07-15] - <a href="http://www.rsyslog.com/Article256.phtml">change log</a> - -<a href="http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-109.phtml">download</a></p> +<a href="http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-120.phtml">download</a></p> -<p><b>v3 stable:</b> 3.18.0 [2008-07-11] - <a href="http://www.rsyslog.com/Article254.phtml">change log</a> - -<a href="http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-120.phtml">download</a> +<p><b>v3 stable:</b> 3.18.2 [2008-08-08] - <a href="http://www.rsyslog.com/Article268.phtml">change log</a> - +<a href="http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-126.phtml">download</a> -<br><b>v2 stable:</b> 2.0.5 [2008-05-15] - <a href="http://www.rsyslog.com/Article226.phtml">change log</a> - -<a href="http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-104.phtml">download</a> +<br><b>v2 stable:</b> 2.0.6 [2008-08-07] - <a href="http://www.rsyslog.com/Article266.phtml">change log</a> - +<a href="http://www.rsyslog.com/Downloads-req-viewdownloaddetails-lid-125.phtml">download</a> <br>v0 and v1 are deprecated and no longer supported. If you absolutely do not like to upgrade, you may consider purchasing a <a href="professional_support.html">commercial rsyslog support package</a>. Just let us point diff --git a/doc/syslog-protocol.html b/doc/syslog_protocol.html index 72de5c27..72de5c27 100644 --- a/doc/syslog-protocol.html +++ b/doc/syslog_protocol.html diff --git a/doc/troubleshoot.html b/doc/troubleshoot.html index f2e9206b..7decbba2 100644 --- a/doc/troubleshoot.html +++ b/doc/troubleshoot.html @@ -12,7 +12,18 @@ the most recent development version. However, there is a version-specific doc set in each tarball. If you installed rsyslog from a package, there usually is a rsyslog-doc package, that often needs to be installed separately. <li>The <a href="http://wiki.rsyslog.com">rsyslog wiki</a> provides user tips and experiences. +<li>Check <a href="http://bugzilla.adiscon.com">the bugzilla</a> to see if your problem is a known +(and even fixed ;)) bug. </ul> +<p><b>Configuration Problems</b> +<p>Rsyslog 3.21.1 and above has been enhanced to support extended configuration checking. +It offers a special command line switch (-N1) that puts it into "config verfication mode". +In that mode, it interprets and check the configuration file, but does not startup. This +mode can be used in parallel to a running instance of rsyslogd. +<p>To enable it, run rsyslog interactively as follows: +<p><b><i>/path/to/rsyslogd -f/path/to/config-file -N1</i></b> +<p>You should also specify other options you usually give (like -c3 and whatever else). +Any problems experienced are reported to stderr [aka "your screen" (if not redirected)]. <p><b>Asking for Help</b> <p>If you can't find the answer yourself, you should look at these places for community help. @@ -23,6 +34,54 @@ the preferred method of obtaining support. This is a low-volume list which occasional gets traffic spikes. The mailing list is probably a good place for complex questions. </ul> +<p><b>Debug Log</b> +<p>If you ask for help, there are chances that we need to ask for an rsyslog debug log. +The debug log is a detailled report of what rsyslog does during processing. As such, it may +even be useful for your very own troubleshooting. People have seen things inside their debug +log that enabled them to find problems they did not see before. So having a look at the +debug log, even before asking for help, may be useful. +<p>Note that the debug log contains most of those things we consider useful. This is a lot +of information, but may still be too few. So it sometimes may happen that you will be asked +to run a specific version which has additional debug output. Also, we revise from time to +time what is worth putting into the standard debug log. As such, log content may change +from version to version. We do not guarantee any specific debug log contents, so do not +rely on that. The amount of debug logging can also be controlled via some environment +options. Please see <a href="debug.html">debugging support</a> for further details. +<p>In general, it is advisable to run rsyslogd in the foreground to obtain the log. +To do so, make sure you know which options are usually used when you start rsyslogd +as a background daemon. Let's assume "-c3" is the only option used. Then, do the following: +<ul> +<li>make sure rsyslogd as a daemon is stopped (verify with ps -ef|grep rsyslogd) +<li>make sure you have a console session with root permissions +<li>run rsyslogd interactively: /sbin/rsyslogd ..your options.. -dn > logfile +<br>where "your options" is what you usually use. /sbin/rsyslogd is the full path +to the rsyslogd binary (location different depending on distro). +In our case, the command would be +<br>/sbin/rsyslogd -c3 -dn > logfile +<li>press ctrl-C when you have sufficient data (e.g. a device logged a record) +<br><b>NOTE: rsyslogd will NOT stop automatically - you need to ctrl-c out of it!</b> +<li>Once you have done all that, you can review logfile. It contains the debug output. +<li>When you are done, make sure you re-enable (and start) the background daemon! +</ul> +<p>If you need to submit the logfile, you may want to check if it contains any +passwords or other sensitive data. If it does, you can change it to some <b>consistent</b> +meaningless value. <b>Do not delete the lines</b>, as this renders the debug log +unusable (and makes Rainer quite angry for wasted time, aka significantly reduces the chance +he will remain motivated to look at your problem ;)). For the same reason, make sure +whatever you change is change consistently. Really! +<p>Debug log file can get quite large. Before submitting them, it is a good idea to zip them. +Rainer has handled files of around 1 to 2 GB. If your's is larger ask before submitting. Often, +it is sufficient to submit the first 2,000 lines of the log file and around another 1,000 around +the area where you see a problem. Also, +ask you can submit a file via private mail. Private mail is usually a good way to go for large files +or files with sensitive content. However, do NOT send anything sensitive that you do not want +the outside to be known. While Rainer so far made effort no to leak any sensitive information, +there is no guarantee that doesn't happen. If you need a guarantee, you are probably a +candidate for a <a href="professional_support.html">commercial support contract</a>. Free support +comes without any guarantees, include no guarantee on confidentiality +[aka "we don't want to be sued for work were are not even paid for ;)]. +<b>So if you submit debug logs, do so at your sole risk</b>. By submitting them, you accept +this policy. <p>[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> <p><font size="2">This documentation is part of the |