Welcome to the rsyslog package for Linux. This package has been forked from the sysklogd standard package. The goal of the rsyslog project is to provide a more configurable and reliable syslog deamon. By "reliable", we mean support for reliable transmission modes like TCP or RFC 3195 (syslog-reliable). We do NOT imply that the sysklogd package is unreliable. In fact, the opposite is the case and we assume that for the time being the well- used sysklogd package offers better program reliability than our brand-new modifications to it. The name "rsyslog" stems back to the planned support for syslog-reliable. Ironically, all releases of rsyslog up to now do NEITHER support syslog-reliable NOR tcp based syslog. Instead, it contains enhanced configurability and other enhancements (like database support). The reason for this is that full support for RFC 3195 would require even more changes and especially fundamental architectural changes. Also, questions asked on the loganalysis list and at other places indicated that RFC3195 is NOT a prime priority for users, but rather better control over the output format. So here we are, with a rsyslogd that covers a lot of enhancements, but not a single one of these that made its name ;) The next enhancement scheduled is support for the new syslog-protocol internet draft format, not the least to see how easy/compliated it is to implement. We already know that some subleties of syslog-protocol will require at least one considerable architectural change to the syslogd and this might delay things a little. Our immediate goal is to receive feedback and get the bugs out of the current release. Only after that we intend to advance the code and introduce new features. The database support was included so that our web-based syslog interface can be used. This is another open source project which can be found under http://www.liblogging.org . We highly recommend having a look at it. It might not work for you if you expect thousands of messages per second (because your database won't be able to provide adequate performace), but in many cases it is a very handy analysis and troubleshooting tool. The utility (rsyslogd) can be either run from init or started as part of the rc.* sequence. Caution should be used when starting it from init since the default configuration is for it is to auto-background itself. Depending on the version of init being used this could either result in the process table being filled or at least 10 copies of the daemon being started. If auto-backgrounding is NOT desired the command line option -n should be used to disable the auto-fork feature. There is a mailing list covering this package and syslog in general. The lists address is rsyslog@lists.adiscon.com . New versions of this package and additional information will be available under www.monitorware.com/rsyslog as well as under the rsyslog project on sourceforge.net. IMPORTANT Starting with version 0.9.0, rsyslogd supports files larger than 2gb. This was added simply by some c compiler definitions which ask the run time library to include different code. Depending on your file system, glibc, kernel or whatever, you might not be able to use this support. If so, rsyslogd might be terminated by the operating system when a file reaches 2gb of size. To guard against this, use the output channel file size limitation (see man rsyslog.conf for details). Best regards, Rainer Gerhards Adiscon 2005-06-22