From 17b5f2264fad2e3866f9f3325f2bd67bf4aa69f0 Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Wed, 15 Jul 2009 10:21:20 +0200
Subject: removed outdated html version of man page

html doc is better
---
 doc/man_rsyslogd.html | 438 --------------------------------------------------
 1 file changed, 438 deletions(-)
 delete mode 100644 doc/man_rsyslogd.html

(limited to 'doc/man_rsyslogd.html')

diff --git a/doc/man_rsyslogd.html b/doc/man_rsyslogd.html
deleted file mode 100644
index d18fd88a..00000000
--- a/doc/man_rsyslogd.html
+++ /dev/null
@@ -1,438 +0,0 @@
-<BODY><PRE>
-RSYSLOGD(8)               Linux System Administration              RSYSLOGD(8)
-
-
-
-<B>NAME</B>
-       rsyslogd - reliable and extended syslogd
-
-<B>SYNOPSIS</B>
-       <B>rsyslogd </B>[ <B>-4 </B>] [ <B>-6 </B>] [ <B>-A </B>] [ <B>-a </B><I>socket </I>] [ <B>-d </B>] [ <B>-e </B>]
-       [ <B>-f </B><I>config file </I>] [ <B>-h </B>] [ <B>-i </B><I>pid file </I>] [ <B>-l </B><I>hostlist </I>]
-       [ <B>-m </B><I>interval </I>] [ <B>-n </B>] [ <B>-o </B>] [ <B>-p </B><I>socket </I>]
-       [ <B>-r </B><I>[port] </I>] [ <B>-s </B><I>domainlist </I>] [ <B>-t </B><I>port,max-nbr-of-sessions </I>]
-       [ <B>-v </B>] [ <B>-w </B>] [ <B>-x </B>]
-
-
-<B>DESCRIPTION</B>
-       <B>Rsyslogd  </B>is  a  system  utility providing support for message logging.
-       Support of both internet and unix domain sockets enables  this  utility
-       to support both local and remote logging (via UDP and TCP).
-
-       <B>Rsyslogd</B>(8)  is  derived  from  the  sysklogd  package which in turn is
-       derived from the stock BSD sources.
-
-       <B>Rsyslogd </B>provides a kind of logging  that  many  modern  programs  use.
-       Every  logged  message  contains  at least a time and a hostname field,
-       normally a program name field, too, but that depends on how trusty  the
-       logging  program  is.  The  rsyslog package supports free definition of
-       output formats via templates. It also supports precise  timestamps  and
-       writing  directly  to  MySQL databases. If the database option is used,
-       tools like phpLogCon can be used to view the log data.
-
-       While the <B>rsyslogd </B>sources have been heavily modified a couple of notes
-       are  in  order.   First  of  all there has been a systematic attempt to
-       insure that rsyslogd follows its default,  standard  BSD  behavior.  Of
-       course,  some configuration file changes are necessary in order to sup-
-       port the template system. However, rsyslogd should be  able  to  use  a
-       standard  syslog.conf  and  act  like  the original syslogd. However, an
-       original syslogd will not work correctly with a  rsyslog-enhanced  con-
-       figuration  file.  At  best, it will generate funny looking file names.
-       The second important concept to note is that this version  of  rsyslogd
-       interacts  transparently  with the version of syslog found in the stan-
-       dard libraries.  If a binary linked to the  standard  shared  libraries
-       fails  to  function correctly we would like an example of the anomalous
-       behavior.
-
-       The main configuration file <I>/etc/rsyslog.conf </I>or an  alternative  file,
-       given  with  the  <B>-f  </B>option, is read at startup.  Any lines that begin
-       with the hash mark (‘‘#’’) and empty lines are ignored.   If  an  error
-       occurs  during  parsing  the  error  element is ignored. It is tried to
-       parse the rest of the line.
-
-       For details and configuration examples, see the  <B>rsyslog.conf  (5)  </B>man
-       page.
-
-
-
-<B>OPTIONS</B>
-       <B>-A     </B>When sending UDP messages, there are potentially multiple paths
-              to the target destination. By default, <B>rsyslogd  </B>only  sends  to
-              the  first  target  it can successfully send to. If -A is given,
-              messages are sent to all targets. This may improve  reliability,
-              but  may  also  cause  message  duplication.  This  option should
-              enabled only if it is fully understood.
-
-       <B>-4     </B>Causes <B>rsyslogd </B>to listen to IPv4 addresses only.  If neither -4
-              nor -6 is given, <B>rsyslogd </B>listens to all configured addresses of
-              the system.
-
-       <B>-6     </B>Causes <B>rsyslogd </B>to listen to IPv6 addresses only.  If neither -4
-              nor -6 is given, <B>rsyslogd </B>listens to all configured addresses of
-              the system.
-
-       <B>-a </B><I>socket</I>
-              Using this argument you can specify additional sockets from that
-              <B>rsyslogd  </B>has  to  listen to.  This is needed if you’re going to
-              let some daemon run within a chroot() environment.  You can  use
-              up  to  19  additional  sockets.  If your environment needs even
-              more, you have to increase the symbol <B>MAXFUNIX </B>within  the  sys-
-              logd.c  source  file.   An  example  for  a  chroot()  daemon is
-              described     by     the     people     from     OpenBSD      at
-              http://www.psionic.com/papers/dns.html.
-
-       <B>-d     </B>Turns  on  debug mode.  Using this the daemon will not proceed a
-              <B>fork</B>(2) to set itself in the background, but  opposite  to  that
-              stay  in  the foreground and write much debug information on the
-              current tty.  See the DEBUGGING section for more information.
-
-       <B>-e     </B>Set the default of $RepeatedMsgReduction config option to "off".
-              Hine:  "e"  like  "every  message". For further information, see
-              there.
-
-       <B>-f </B><I>config file</I>
-              Specify an alternative configuration file instead of  <I>/etc/rsys-</I>
-              <I>log.conf</I>, which is the default.
-
-       <B>-h     </B>By  default  rsyslogd will not forward messages it receives from
-              remote hosts.  Specifying this switch on the command  line  will
-              cause  the log daemon to forward any remote messages it receives
-              to forwarding hosts which have been defined.
-
-       <B>-i </B><I>pid file</I>
-              Specify an alternative pid file  instead  of  the  default  one.
-              This  option  must  be  used  if  multiple instances of rsyslogd
-              should run on a single machine.
-
-       <B>-l </B><I>hostlist</I>
-              Specify a hostname that should be logged only  with  its  simple
-              hostname  and  not  the  fqdn.   Multiple hosts may be specified
-              using the colon (‘‘:’’) separator.
-
-       <B>-m </B><I>interval</I>
-              The <B>rsyslogd </B>logs  a  mark  timestamp  regularly.   The  default
-              <I>interval  </I>between  two <I>-- MARK -- </I>lines is 20 minutes.  This can
-              be changed with this option.  Setting the <I>interval </I>to zero turns
-              it off entirely.
-
-       <B>-n     </B>Avoid  auto-backgrounding.   This  is  needed  especially if the
-              <B>rsyslogd </B>is started and controlled by <B>init</B>(8).
-
-       <B>-o     </B>Omit reading the standard local log socket. This option is  most
-              useful  for  running  multiple instances of rsyslogd on a single
-              machine. When specified, no local log socket is opened at all.
-
-       <B>-p </B><I>socket</I>
-              You can specify an alternative unix  domain  socket  instead  of
-              <I>/dev/log</I>.
-
-       <B>-r </B><I>["port"]</I>
-              Activates  the  syslog/udp  listener  service. The listener will
-              listen to the specified port.  If no port  is  specified,  0  is
-              used  as port number, which in turn will lead to a lookup of the
-              system default syslog port. If there is no system  default,  514
-              is  used.  Please note that the port must immediately follow the
-              -r option. Thus "-r514" is valid while "-r 514" is invalid (note
-              the space).
-
-       <B>-s </B><I>domainlist</I>
-              Specify a domainname that should be stripped off before logging.
-              Multiple domains may be specified using the colon (‘‘:’’)  sepa-
-              rator.   Please  be advised that no sub-domains may be specified
-              but only entire domains.  For example if <B>-s north.de  </B>is  speci-
-              fied  and the host logging resolves to satu.infodrom.north.de no
-              domain would be cut, you will have to specify two domains  like:
-              <B>-s north.de:infodrom.north.de</B>.
-
-       <B>-t </B><I>port,max-nbr-of-sessions</I>
-              Activates  the  syslog/tcp  listener  service. The listener will
-              listen to the specified port. If max-nbr-of-sessions  is  speci-
-              fied,  that  becomes  the  maximum number of concurrent tcp ses-
-              sions. If not specified, the default is 200.  Please  note  that
-              syslog/tcp  is not standardized, but the implementation in rsys-
-              logd follows common practice and is compatible with  e.g.  Cisco
-              PIX,  syslog-ng and MonitorWare (Windows).  Please note that the
-              port must immediately follow the  -t  option.  Thus  "-t514"  is
-              valid while "-t 514" is invalid (note the space).
-
-       <B>-v     </B>Print version and exit.
-
-       <B>-w     </B>Supress  warnings  issued  when  messages are received from non-
-              authorized machines (those, that are in no AllowedSender  list).
-
-       <B>-x     </B>Disable DNS for remote messages.
-
-
-<B>SIGNALS</B>
-       <B>Rsyslogd  </B>reacts  to a set of signals.  You may easily send a signal to
-       <B>rsyslogd </B>using the following:
-
-              kill -SIGNAL ‘cat /var/run/rsyslogd.pid‘
-
-
-       <B>SIGHUP </B>This lets <B>rsyslogd </B>perform a re-initialization.  All open  files
-              are  closed,  the  configuration  file  (default  is  <I>/etc/rsys-</I>
-              <I>log.conf</I>) will be reread and the <B>rsyslog</B>(3) facility is  started
-              again.
-
-       <B>SIGTERM</B>
-              <B>Rsyslogd </B>will die.
-
-       <B>SIGINT</B>, <B>SIGQUIT</B>
-              If  debugging  is  enabled these are ignored, otherwise <B>rsyslogd</B>
-              will die.
-
-       <B>SIGUSR1</B>
-              Switch debugging on/off.  This option can only be used if  <B>rsys-</B>
-              <B>logd </B>is started with the <B>-d </B>debug option.
-
-       <B>SIGCHLD</B>
-              Wait for childs if some were born, because of wall’ing messages.
-
-
-<B>SUPPORT FOR REMOTE LOGGING</B>
-       <B>Rsyslogd </B>provides network support to  the  syslogd  facility.   Network
-       support  means  that  messages  can  be forwarded from one node running
-       rsyslogd to another node  running  rsyslogd  (or  a  compatible  syslog
-       implementation) where they will be actually logged to a disk file.
-
-       To  enable  this  you have to specify either the <B>-r </B>or <B>-t </B>option on the
-       command line.  The default behavior is that <B>rsyslogd  </B>won’t  listen  to
-       the  network.  You can also combine these two options if you want rsys-
-       logd to listen to both TCP and UDP messages.
-
-       The strategy is to have rsyslogd listen on a  unix  domain  socket  for
-       locally  generated  log messages.  This behavior will allow rsyslogd to
-       inter-operate with the syslog found in the standard C library.  At  the
-       same  time  rsyslogd  listens  on the standard syslog port for messages
-       forwarded from other hosts.  To  have  this  work  correctly  the  <B>ser-</B>
-       <B>vices</B>(5) files (typically found in <I>/etc</I>) must have the following entry:
-
-                   syslog          514/udp
-
-       If this entry is missing <B>rsyslogd </B>will use the well known port  of  514
-       (so in most cases, it’s not really needed).
-
-       To  cause  messages  to be forwarded to another host replace the normal
-       file line in the <I>rsyslog.conf </I>file with the name of the host  to  which
-       the  messages  is  to be sent prepended with an @ (for UDP delivery) or
-       the sequence @@ (for TCP delivery). The host name can also be  followed
-       by  a colon and a port number, in which case the message is sent to the
-       specified port on the remote host.
-
-              For example, to forward <B>ALL </B>messages to a remote  host  use  the
-              following <I>rsyslog.conf </I>entry:
-
-                   # Sample rsyslogd configuration file to
-                   # messages to a remote host forward all.
-                   *.*            @hostname
-              More samples can be found in sample.conf.
-
-              If  the  remote  hostname cannot be resolved at startup, because
-              the name-server might not be accessible (it may be started after
-              rsyslogd)  you  don’t  have  to  worry.   <B>Rsyslogd </B>will retry to
-              resolve the name ten times and then complain.  Another possibil-
-              ity to avoid this is to place the hostname in <I>/etc/hosts</I>.
-
-              With  normal <B>syslogd</B>s you would get syslog-loops if you send out
-              messages that were received from a remote host to the same  host
-              (or  more  complicated to a third host that sends it back to the
-              first one, and so on).
-
-              To avoid this no messages that were received from a remote  host
-              are  sent out to another (or the same) remote host. You can dis-
-              able this feature by the <B>-h </B>option.
-
-              If the remote host is located in the same domain  as  the  host,
-              <B>rsyslogd  </B>is running on, only the simple hostname will be logged
-              instead of the whole fqdn.
-
-              In a local network you may provide a central log server to  have
-              all  the important information kept on one machine.  If the net-
-              work consists of different domains you don’t  have  to  complain
-              about logging fully qualified names instead of simple hostnames.
-              You may want to use the strip-domain feature <B>-s </B>of this  server.
-              You  can  tell  <B>rsyslogd </B>to strip off several domains other than
-              the one the server is located in and only log simple  hostnames.
-
-              Using  the <B>-l </B>option there’s also a possibility to define single
-              hosts as local machines.  This, too,  results  in  logging  only
-              their simple hostnames and not the fqdns.
-
-
-<B>OUTPUT TO DATABASES</B>
-       <B>Rsyslogd  </B>has  support  for  writing data to MySQL database tables. The
-       exact specifics are described in the <B>rsyslog.conf (5) </B>man page. Be sure
-       to read it if you plan to use database logging.
-
-       While  it  is  often  handy to have the data in a database, you must be
-       aware of the implications. Most importantly, database logging takes far
-       longer  than  logging  to a text file. A system that can handle a large
-       log volume when writing to text files can most likely not handle a sim-
-       ilar large volume when writing to a database table.
-
-
-<B>OUTPUT TO NAMED PIPES (FIFOs)</B>
-       <B>Rsyslogd </B>has support for logging output to named pipes (fifos).  A fifo
-       or named pipe can be used as a destination for log messages by prepend-
-       ing  a  pipy symbol (‘‘|’’) to the name of the file.  This is handy for
-       debugging.  Note that the fifo must be created with the mkfifo  command
-       before <B>rsyslogd </B>is started.
-
-              The  following configuration file routes debug messages from the
-              kernel to a fifo:
-
-                   # Sample configuration to route kernel debugging
-                   # messages ONLY to /usr/adm/debug which is a
-                   # named pipe.
-                   kern.=debug              |/usr/adm/debug
-
-
-<B>INSTALLATION CONCERNS</B>
-       There is probably one important consideration when installing rsyslogd.
-       It  is  dependent  on proper formatting of messages by the syslog func-
-       tion.  The functioning of the syslog function in the  shared  libraries
-       changed  somewhere  in  the  region of libc.so.4.[2-4].n.  The specific
-       change was to null-terminate the message before transmitting it to  the
-       <I>/dev/log  </I>socket.   Proper  functioning  of this version of rsyslogd is
-       dependent on null-termination of the message.
-
-       This problem will typically manifest itself if  old  statically  linked
-       binaries  are being used on the system.  Binaries using old versions of
-       the syslog function will cause empty lines to be logged followed by the
-       message  with  the  first  character in the message removed.  Relinking
-       these binaries to newer versions of the shared libraries  will  correct
-       this problem.
-
-       The  <B>rsyslogd</B>(8) can be run from <B>init</B>(8) or started as part of the rc.*
-       sequence.  If it is started from init the option <I>-n </I>must be set, other-
-       wise  you’ll  get  tons  of  syslog  daemons  started.  This is because
-       <B>init</B>(8) depends on the process ID.
-
-
-<B>SECURITY THREATS</B>
-       There is the potential for the rsyslogd daemon to be used as a  conduit
-       for a denial of service attack.  A rogue program(mer) could very easily
-       flood the rsyslogd daemon with syslog messages  resulting  in  the  log
-       files  consuming all the remaining space on the filesystem.  Activating
-       logging over the inet domain sockets will of course expose a system  to
-       risks outside of programs or individuals on the local machine.
-
-       There are a number of methods of protecting a machine:
-
-       1.     Implement  kernel  firewalling  to limit which hosts or networks
-              have access to the 514/UDP socket.
-
-       2.     Logging can be directed to an isolated  or  non-root  filesystem
-              which, if filled, will not impair the machine.
-
-       3.     The ext2 filesystem can be used which can be configured to limit
-              a certain percentage of a filesystem  to  usage  by  root  only.
-              <B>NOTE  </B>that  this  will  require rsyslogd to be run as a non-root
-              process.  <B>ALSO NOTE </B>that this will prevent usage of remote  log-
-              ging  since  rsyslogd  will  be  unable  to  bind to the 514/UDP
-              socket.
-
-       4.     Disabling inet domain sockets  will  limit  risk  to  the  local
-              machine.
-
-       5.     Use step 4 and if the problem persists and is not secondary to a
-              rogue program/daemon get a 3.5 ft (approx. 1  meter)  length  of
-              sucker rod* and have a chat with the user in question.
-
-              Sucker  rod  def.  —  3/4,  7/8 or 1in. hardened steel rod, male
-              threaded on each end.  Primary use in the oil industry in  West-
-              ern North Dakota and other locations to pump ’suck’ oil from oil
-              wells.  Secondary uses are for the construction of  cattle  feed
-              lots  and  for  dealing with the occasional recalcitrant or bel-
-              ligerent individual.
-
-   <B>Message replay and spoofing</B>
-       If remote logging is  enabled,  messages  can  easily  be  spoofed  and
-       replayed.   As  the messages are transmitted in clear-text, an attacker
-       might use the information  obtained  from  the  packets  for  malicious
-       things.  Also,  an  attacker  might  reply recorded messages or spoof a
-       sender’s IP address, which could lead to a wrong perception  of  system
-       activity.  Be  sure  to  think  about  syslog  network  security before
-       enabling it.
-
-
-<B>DEBUGGING</B>
-       When debugging is turned on using <B>-d </B>option then <B>rsyslogd </B>will be  very
-       verbose  by  writing much of what it does on stdout.  Whenever the con-
-       figuration file is reread and re-parsed you’ll see  a  tabular,  corre-
-       sponding to the internal data structure.  This tabular consists of four
-       fields:
-
-       <I>number </I>This field contains a serial number starting by zero.  This num-
-              ber represents the position in the internal data structure (i.e.
-              the array).  If one number is left out then there  might  be  an
-              error in the corresponding line in <I>/etc/rsyslog.conf</I>.
-
-       <I>pattern</I>
-              This  field  is  tricky  and  represents  the internal structure
-              exactly.  Every column stands for  a  facility  (refer  to  <B>sys-</B>
-              <B>log</B>(3)).   As  you can see, there are still some facilities left
-              free for former use, only the left most are used.   Every  field
-              in a column represents the priorities (refer to <B>syslog</B>(3)).
-
-       <I>action </I>This  field  describes  the  particular  action that takes place
-              whenever a message is received that matches the pattern.   Refer
-              to the <B>syslog.conf</B>(5) manpage for all possible actions.
-
-       <I>arguments</I>
-              This field shows additional arguments to the actions in the last
-              field.  For file-logging this is the filename for  the  logfile;
-              for  user-logging  this  is  a list of users; for remote logging
-              this is the hostname of the machine to log to; for  console-log-
-              ging this is the used console; for tty-logging this is the spec-
-              ified tty; wall has no additional arguments.
-
-
-          <B>templates</B>
-              There will also be a second internal structure which  lists  all
-              defined  templates  and there contents. This also enables you to
-              see the internally-defined, hardcoded templates.
-
-<B>FILES</B>
-       <I>/etc/rsyslog.conf</I>
-              Configuration file for <B>rsyslogd</B>.  See <B>rsyslog.conf</B>(5) for  exact
-              information.
-       <I>/dev/log</I>
-              The  Unix  domain socket to from where local syslog messages are
-              read.
-       <I>/var/run/rsyslogd.pid</I>
-              The file containing the process id of <B>rsyslogd</B>.
-
-<B>BUGS</B>
-       Please review the file BUGS for up-to-date information  on  known  bugs
-       and annoyances.
-
-<B>Further Information</B>
-       Please  visit  <B>http://www.rsyslog.com/doc  </B>for  additional information,
-       tutorials and a support forum.
-
-<B>SEE ALSO</B>
-       <B>rsyslog.conf</B>(5),   <B>logger</B>(1),   <B>syslog</B>(2),   <B>syslog</B>(3),    <B>services</B>(5),
-       <B>savelog</B>(8)
-
-
-<B>COLLABORATORS</B>
-       <B>rsyslogd </B>is derived from sysklogd sources, which in turn was taken from
-       the BSD sources. Special thanks  to  Greg  Wettstein  (greg@wind.enjel-
-       lic.com) and Martin Schulze (joey@linux.de) for the fine sysklogd pack-
-       age.
-
-       Rainer Gerhards
-       Adiscon GmbH
-       Grossrinderfeld, Germany
-       rgerhards@adiscon.com
-
-       Michael Meckelein
-       Adiscon GmbH
-       mmeckelein@adiscon.com
-
-
-
-Version 1.16.1 (devel)           17 July 2007                      RSYSLOGD(8)
-</PRE></BODY>
-- 
cgit