1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
Welcome to the rsyslog package for Linux. This package has
been forked from the sysklogd standard package. The goal of the
rsyslog project is to provide a more configurable and reliable
syslog deamon. By "reliable", we mean support for reliable transmission
modes like TCP or RFC 3195 (syslog-reliable).
We do NOT imply that the sysklogd package is unreliable. In fact, the
opposite is the case and we assume that for the time being the well-
used sysklogd package offers better program reliability than our
brand-new modifications to it. The name "rsyslog" stems back to the
planned support for syslog-reliable. Ironically, all releases
of rsyslog up to now do NEITHER support syslog-reliable NOR tcp based syslog.
Instead, it contains enhanced configurability and other enhancements
(like database support). The reason for this is that full support for
RFC 3195 would require even more changes and especially fundamental architectural
changes. Also, questions asked on the loganalysis list and at other
places indicated that RFC3195 is NOT a prime priority for users, but
rather better control over the output format. So here we are, with
a rsyslogd that covers a lot of enhancements, but not a single one
of these that made its name ;)
The next enhancement scheduled is support for the new syslog-protocol
internet draft format, not the least to see how easy/compliated it is
to implement. We already know that some subleties of syslog-protocol will
require at least one considerable architectural change to the syslogd
and this might delay things a little. Our immediate goal is to receive
feedback and get the bugs out of the current release. Only after that
we intend to advance the code and introduce new features.
The database support was included so that our web-based syslog interface
can be used. This is another open source project which can be found
under http://www.liblogging.org . We highly recommend having a look at
it. It might not work for you if you expect thousands of messages per
second (because your database won't be able to provide adequate performace),
but in many cases it is a very handy analysis and troubleshooting tool.
The utility (rsyslogd) can be either run from init or started
as part of the rc.* sequence. Caution should be used when starting
it from init since the default configuration is for it
is to auto-background itself. Depending on the
version of init being used this could either result in the process
table being filled or at least 10 copies of the daemon being started.
If auto-backgrounding is NOT desired the command line option -n should
be used to disable the auto-fork feature.
There is a mailing list covering this package and syslog in general.
The lists address is rsyslog@lists.adiscon.com .
New versions of this package and additional information will be available
under www.monitorware.com/rsyslog as well as under the rsyslog project
on sourceforge.net.
IMPORTANT
Starting with version 0.9.0, rsyslogd supports files larger than 2gb.
This was added simply by some c compiler definitions which ask the run
time library to include different code. Depending on your file system,
glibc, kernel or whatever, you might not be able to use this support. If
so, rsyslogd might be terminated by the operating system when a file
reaches 2gb of size. To guard against this, use the output channel
file size limitation (see man rsyslog.conf for details).
Best regards,
Rainer Gerhards
Adiscon
2005-06-22
|