From 80b1798e2ddaf9ee4090321dba7465f233207682 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 19 Feb 2008 07:49:40 +0000 Subject: added professional support options to doc set (also somthing that we need to have in order to be an alternative to syslog-ng) --- doc/Makefile.am | 1 + doc/manual.html | 6 +- doc/professional_support.html | 129 +++++++++++++++++++++++++++++++++++++++++ doc/rsyslog_ng_comparison.html | 2 +- 4 files changed, 133 insertions(+), 5 deletions(-) create mode 100644 doc/professional_support.html diff --git a/doc/Makefile.am b/doc/Makefile.am index 33200037..e081f88f 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -29,6 +29,7 @@ html_files = \ omsnmp.html \ omlibdbi.html \ imfile.html \ + professional_support.html \ queues.html \ queueWorkerLogic.dia \ queueWorkerLogic.jpg \ diff --git a/doc/manual.html b/doc/manual.html index f73ae83a..80358f39 100644 --- a/doc/manual.html +++ b/doc/manual.html @@ -1,7 +1,5 @@ -rsyslog documentation - - +rsyslog documentation

RSyslog - Documentation

Rsyslog @@ -14,7 +12,7 @@ It is quite compatible to stock sysklogd and can be used as a drop-in replacement. Its advanced features make it suitable for enterprise-class, encryption protected syslog relay chains while at the same time being very easy to setup for the -novice user.

+novice user. And as we know what enterprise users really need, there is also professional rsyslog support available directly from the source!

Visit the rsyslog status page to obtain current version information and ports. If you like rsyslog, you might diff --git a/doc/professional_support.html b/doc/professional_support.html new file mode 100644 index 00000000..3cc8308d --- /dev/null +++ b/doc/professional_support.html @@ -0,0 +1,129 @@ + + +Text File Input Monitor + + + + +
Text File Input Module
+
Module Name: imfile
+
Author: Rainer Gerhards +<rgerhards@adiscon.com>
+
Description:
+
Provides the ability to convert any standard text file into +a syslog message. A standard +text file is a file consisting of printable characters with lines +being delimited by LF.
+
The file is read line-by-line and any line read is passed to +rsyslog's rule engine. The rule engine applies filter conditons and +selects which actions needs to be carried out.
+
As new lines are written they are taken from the file and +processed. Please note that this happens based on a polling interval +and not immediately. The file monitor support file rotation. To fully +work, rsyslogd must run while the file is rotated. Then, any remaining +lines from the old file are read and processed and when done with that, +the new file is being processed from the beginning. If rsyslogd is +stopped during rotation, the new file is read, but any not-yet-reported +lines from the previous file can no longer be obtained.
+
When rsyslogd is stopped while monitoring a text file, it +records the last processed location and continues to work from there +upon restart. So no data is lost during a restart (except, as noted +above, if the file is rotated just in this very moment).
+
Currently, the file must have a fixed name and location +(directory). It is planned to add support for dynamically generating +file names in the future.
+
Multiple files may be monitored by specifying +$InputRunFileMonitor multiple times. +
+
Configuration Directives:
+
+
$InputFileName /path/to/file
+The file being monitored. So far, this must be an absolute name (no +macros or templates)
+
$InputFileTag +tag:
+The tag to be used for messages that originate from this file. If you +would like to see the colon after the tag, you need to specify it here +(as shown above).
+
$InputFileStateFile +<name-of-state-file>
+Rsyslog must keep track of which parts of the to be monitored file it +already processed. This is done in the state file. This file always is +created in the rsyslog working directory (configurable via +$WorkDirectory). Be careful to use unique names for different files +being monitored. If there are duplicates, all sorts of "interesting" +things may happen. Rsyslog currently does not check if a name is +specified multiple times.
+
$InputFileFacility +facility
+The syslog facility to be assigned to lines read. Can be specified in +textual form (e.g. "local0", "local1", ...) or as numbers (e.g. 128 for +"local0"). Textual form is suggested. Default is "local0".
+
$InputFileSeverity
+The +syslog severity to be assigned to lines read. Can be specified in +textual form (e.g. "info", "warning", ...) or as numbers (e.g. 4 for +"info"). Textual form is suggested. Default is "notice".
+
$InputRunFileMonitor
+This activates +the current monitor. It has no parameters. If you forget this +directive, no file monitoring will take place.
+
$InputFilePollInterval +seconds
+This is a global setting. It specifies how often files are to be polled +for new data. The time specified is in seconds. The default value is 10 +seconds. Please note that future +releases of imfile may support per-file polling intervals, but +currently this is not the case. If multiple $InputFilePollInterval +statements are present in rsyslog.conf, only the last one is used.
+A short poll interval provides more rapid message forwarding, but +requires more system ressources. While it is possible, we stongly +recommend not to set the polling interval to 0 seconds. That will make +rsyslogd become a CPU hog, taking up considerable ressources. It is +supported, however, for the few very unusual situations where this +level may be needed. Even if you need quick response, 1 seconds should +be well enough. Please note that imfile keeps reading files as long as +there is any data in them. So a "polling sleep" will only happen when +nothing is left to be processed.
+
+Caveats/Known Bugs: +
So far, only 100 files can be monitored. If more are needed, +the source needs to be patched. See define MAX_INPUT_FILES in imfile.c +
+
Sample:
+
The following sample monitors two files. If you need just one, +remove the second one. If you need more, add them according to the +sample ;). This code must be placed in /etc/rsyslog.conf (or wherever +your distro puts rsyslog's config files). Note that only commands +actually needed need to be specified. The second file uses less +commands and uses defaults instead.
+
+$ModLoad imfile.so # +needs to be done just once +# File 1 +$InputFileName /path/to/file1 +$InputFileTag tag1: +$InputFileStateFile stat-file1 +$InputFileSeverity error +$InputFileFacility local7 +$InputRunFileMonitor +# File 2 +$InputFileName /path/to/file2 +$InputFileTag tag2: +$InputFileStateFile stat-file2 +$InputRunFileMonitor +# ... and so on ... +# +# check for new lines every 10 seconds +$InputFilePollingInterval 10 + +
[rsyslog.conf overview] +[manual index] [rsyslog site]
+
This documentation is part of the +rsyslog +project.
+Copyright © 2008 by Rainer +Gerhards and +Adiscon. +Released under the GNU GPL version 3 or higher.
+ \ No newline at end of file diff --git a/doc/rsyslog_ng_comparison.html b/doc/rsyslog_ng_comparison.html index 54d322ad..53f69442 100644 --- a/doc/rsyslog_ng_comparison.html +++ b/doc/rsyslog_ng_comparison.html @@ -230,7 +230,7 @@ Solaris yes - +Professional Supportyesyes
Network (Protocol) Support
-- cgit