From b68871533aaae9eff0e8acb038e06a42702973d3 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Mon, 13 Aug 2007 12:41:23 +0000 Subject: improved doc quality, changed some very old text. Also, added more links to new online resources. --- doc/features.html | 9 ++++--- doc/history.html | 73 ++++++++++++++++++++++++++++++++----------------------- doc/manual.html | 7 +++--- doc/status.html | 17 ++++++------- 4 files changed, 61 insertions(+), 45 deletions(-) diff --git a/doc/features.html b/doc/features.html index 466b99cb..725c3d7d 100644 --- a/doc/features.html +++ b/doc/features.html @@ -31,7 +31,8 @@ is going on, you can also subscribe to the syslog-protocol compliant messages (it is volatile because standardization is currently underway and this is a proof-of-concept implementation to aid this effort)
  • +
  • ability to limit the allowed network senders
  • powerful BSD-style hostname and program name blocks for easy multi-host support
  • multi-threaded (is + this important? why?)
  • very experimental and volatile support for syslog-protocol compliant messages (it is volatile because standardization is currently underway and this is a proof-of-concept implementation to aid this effort)
  • experimental support for syslog-transport-tls based framing on syslog/tcp connections
  • a copy of klogd.c has been included under the name of rklogd for those Linux @@ -62,9 +63,11 @@ at some time moved back to the sourceforge tracker.

    knowledge
  • provide an on-disk queue for syslog messages; should be combined with reliable delivery to the next hop
  • support for native SSL enryption of plain tcp syslog sessions. This will most probably happen based on syslog-transport-tls.
  • even more enhanced multi-threading, - with a message queue for each selector line (when implementing this, search + with a message queue for each action (when implementing this, search for CHECKMULTIQUEUE comments in the source - they already contain hints of - what to look at).
  • pcre filtering - maybe (depending on feedback)  - simple regex already + what to look at). Some detail information on this can already be found in + + Rainer's blog.
  • pcre filtering - maybe (depending on feedback)  - simple regex already partly added. So far, this seems sufficient so that there is no urgent need to do pcre
  • support for RFC 3195 as a sender - this is currently unlikely to happen, because there is no real demand for it. Any work on RFC 3195 has been suspend until we see some real diff --git a/doc/history.html b/doc/history.html index 02dec93c..48a64892 100644 --- a/doc/history.html +++ b/doc/history.html @@ -8,54 +8,52 @@ Rsyslog is a GPL-ed, enhanced syslogd. Among others, it offers support for reliable syslog over TCP, writing to MySQL databases and fully configurable output formats (including great timestamps). -Rsyslog was initiated by Rainer Gerhards. It has -been forked from the sysklogd standard package. +Rsyslog was initiated by Rainer Gerhards. +If you are interested to learn why  Rainer initiated  the project, you +may want to read his blog posting on "why +the world neeeds another syslogd".

    Rsyslog has +been forked in 2004 from the sysklogd standard package. The goal of the -rsyslog project is to provide a more configurable and reliable -syslog deamon while retaining drop-in replacement capabilities for stock syslogd. By "reliable", we mean support for reliable transmission -modes like TCP or RFC 3195 (syslog-reliable). -We do NOT imply that the sysklogd package is unreliable. In fact, the -opposite is the case and we assume that for the time being the well-used -sysklogd package offers better program reliability than our -brand-new modifications to it. - -

    The name "rsyslog" stems back to the +rsyslog project is to provide a feature-richer and reliable +syslog deamon while retaining drop-in replacement capabilities to stock syslogd. By "reliable", we mean support for reliable transmission +modes like TCP or RFC 3195 +(syslog-reliable). We do NOT imply that the sysklogd package is unreliable.

    +

    The name "rsyslog" stems back to the planned support for syslog-reliable. Ironically, the initial release of rsyslog did NEITHER support syslog-reliable NOR tcp based syslog. -Instead, it contains enhanced configurability and other enhancements -(like database support). The reason for this is that full support for -RFC 3195 would require even more changes and especially fundamental architectural +Instead, it contained enhanced configurability and other enhancements +(like database support). The reason for this is that full support for RFC 3195 would require even more changes and especially fundamental architectural changes. Also, questions asked on the loganalysis list and at other places indicated that RFC3195 is NOT a prime priority for users, but -rather better control over the output format. So here we are, with +rather better control over the output format. So there we were, with a rsyslod that covers a lot of enhancements, but not a single one of these that made its name ;) Since version 0.9.2, receiving syslog messages via plain tcp is finally supported, a bit later sending via TCP, too. Starting with 1.11.0, RFC 3195 is finally support at the receiving side (a.k.a. "listener"). Support for sending via RFC 3195 is still due. Anyhow, rsyslog has come much -closer to what it name promises.

    -The next enhancement scheduled is support for the new syslog-protocol -internet draft format, not the least to see how easy/complicated it is -to implement. We already know that some subleties of syslog-protocol will -require at least one considerable architectural change to the syslogd -and this might delay things a little. Our immediate goal is to receive -feedback and get the bugs out of the current release. Only after that -we intend to advance the code and introduce new features. -

    -The database support was included so that our web-based syslog interface -can be used. This is another open source project which can be found +closer to what it name promises.

    +

    +The database support was initially included so that our web-based syslog +interface could be used. This is another open source project which can be found under http://www.phplogcon.org. We highly recommend having a look at it. It might not work for you if you expect thousands of messages per second (because your database won't be able to provide adequate performance), but in many cases it is a very handy analysis and troubleshooting tool. +In the mean time, of course, lots of people have found many applications for +writing to databases, so the prime focus is no longer on phpLogcon. +

    Rsyslogd supports an enhanced syslog.conf file format, and also works with the standard syslog.conf. In theory, it should be possible to simply replace the syslogd binary with the one that comes with rsyslog. Of course, in order to use any of the new features, you must re-write your syslog.conf. To learn how to do this, please review our commented sample.conf -file. It outlines the enhancements over stock syslogd. +file. It outlines the enhancements over stock syslogd. Discussion has often +arisen of whether having an "old syslogd" logfile format is good or evil. So +far, this has not been solved (but Rainer likes the idea of a new format), so we +need to live with it for the time being. It is planned to be reconsidered in the +3.x release time frame.

    If you are interested in the IHE environment, you might be interested to hear that rsyslog supports message with sizes of 32k and more. This feature has been tested, but by default is turned off @@ -65,14 +63,29 @@ will find easy and precise instructions on what you need to change (it's just one line of code!). Please note that RFC 3195/COOKED supports 1K message sizes only. It'll probably support longer messages in the future, but it is our believe that using larger messages with current RFC 3195 is a violation of the -standard.

    In June 2007, Peter Vrabec from Red Hat helped us to create +standard.

    In February 2007, 1.13.1 was released and served for quite a +while as a stable reference. Unfortunately, it was not later released as stable, +so the stable build became quite outdated.

    In June 2007, Peter Vrabec from Red Hat helped us to create RPM files for Fedora as well as supporting IPv6. There also seemed to be some interest from the Red Hat community. This interest and new ideas resulted in a very busy time with many great additions.

    In July 2007, Andrew Pantyukhin added BSD ports files for rsyslog and liblogging. We were strongly encouraged by this too. It looks like rsyslog is getting more and more momentum. -Let's see what comes next...

    Be sure to visit Rainer's syslog block -to get some more insight into the development of rsyslog and syslog in general.

    +Let's see what comes next...

    Also in July 2007 (and beginning of +August), Rainer remodled the output part of rsyslog. It got a clean object model +and is now prepared for a plug-in architecture. During that time, some base +ideas for the overall new object model appeared.

    In August 2007 +community involvment grew more and more. Also, more packages appeared. We were +quite happy about that. To facilitate user contributíons, we set up a +wiki on August 10th, 2007. Also in August +2007, rsyslog 1.18.2 appeared, which is deemed to be quite close to the final +2.0.0 release. With its appearance, the pace of changes was deliberatly reduced, +in order to allow it to mature (see Rainers's + +blog post on this topic, written a bit early, but covering the essence).

    Be sure to visit Rainer's syslog block +to get some more insight into the development and futures of rsyslog and syslog in general. +Don't be shy to post to either the blog or the +rsyslog forums.

    Some useful links