[deployment-guide/comm-rel: 722/727] updated the rsyslog section of the Log Files chapter
Jaromir Hradilek
jhradile at fedoraproject.org
Tue Oct 19 13:26:31 UTC 2010
commit 525383f9e2d99c86c1d63e145a0bea44827fa5f6
Author: Martin Prpic <mprpic at redhat.com>
Date: Mon Oct 11 17:11:32 2010 +0200
updated the rsyslog section of the Log Files chapter
en-US/Log_Files.xml | 102 +++++++++++++++++++++++++++++++++++++-------------
1 files changed, 75 insertions(+), 27 deletions(-)
---
diff --git a/en-US/Log_Files.xml b/en-US/Log_Files.xml
index 6c08699..062c079 100644
--- a/en-US/Log_Files.xml
+++ b/en-US/Log_Files.xml
@@ -221,12 +221,14 @@ cron.!info,!debug # Selects all cron syslog messages except those with the <c
!!!!!!!!!!!!!!!!!!!!!!!!!!!
-->
- <itemizedlist>
+ <variablelist>
+ <varlistentry>
+ <term>Syslog message placement</term>
<listitem>
<para>
- Syslog message placement — The majority of actions specify to which log file a syslog message is saved. This is done by specifying a file path after your already defined selector. The following is a rule comprised of a selector that selects all <application>cron</application> syslog messages and an action that saves them into the <filename>/var/log/cron</filename> log file:
+ The majority of actions specify to which log file a syslog message is saved. This is done by specifying a file path after your already defined selector. The following is a rule comprised of a selector that selects all <application>cron</application> syslog messages and an action that saves them into the <filename>/var/log/cron</filename> log file:
</para>
- <screen>cron. /var/log/cron
+ <screen>cron.* /var/log/cron
</screen>
<para>
Use a dash mark (<literal>-</literal>) as a prefix of the file path you specified if you want to omit syncing the desired log file after every syslog message is generated.
@@ -235,11 +237,14 @@ cron.!info,!debug # Selects all cron syslog messages except those with the <c
Your specified file path can be either static or dynamic. Static files are represented by a simple file path as was shown in the example above. Dynamic files are represented by a template and a question mark (<literal>?</literal>) prefix. For more information on templates, refer to <xref linkend="s2-templates"/>.
</para>
</listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Sending syslog messages over the network</term>
<listitem>
<para>
- Sending syslog messages over the network — <command>rsyslog</command> allows you to send and receive syslog messages over the network. This feature allows to administer syslog messages of multiple hosts on one machine. To forward syslog messages to a remote machine, use the following syntax:
+ <command>rsyslog</command> allows you to send and receive syslog messages over the network. This feature allows to administer syslog messages of multiple hosts on one machine. To forward syslog messages to a remote machine, use the following syntax:
</para>
- <screen>@(<replaceable><OPTION></replaceable>,<replaceable><MORE OPTIONS></replaceable>)<replaceable><HOST></replaceable>:<replaceable><PORT></replaceable>
+ <screen>@<optional>(<replaceable><OPTION></replaceable>,<replaceable><MORE OPTIONS></replaceable>)</optional><replaceable><HOST></replaceable>:<optional><replaceable><PORT></replaceable></optional>
</screen>
<para>
where:
@@ -247,41 +252,84 @@ cron.!info,!debug # Selects all cron syslog messages except those with the <c
<itemizedlist>
<listitem>
<para>
- the at sign (<literal>@</literal>) indicates that the syslog messages are forwarded to a host using the <systemitem class="protocol">UDP</systemitem> protocol. To use the <systemitem class="protocol">TCP</systemitem> protocol, use two at signs with no space between them (<literal>@@</literal>),
+ The at sign (<literal>@</literal>) indicates that the syslog messages are forwarded to a host using the <systemitem class="protocol">UDP</systemitem> protocol. To use the <systemitem class="protocol">TCP</systemitem> protocol, use two at signs with no space between them (<literal>@@</literal>).
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <replaceable><OPTION></replaceable> and <replaceable><MORE OPTIONS></replaceable> attributes can be replaced with an option such as <command>z<replaceable><NUMBER></replaceable></command>. This option enables <application>zlib</application> compression for syslog messages; the <replaceable><NUMBER></replaceable> attribute specifies the level of compression.
+ <!-- ASK ABOUT OTHER OPTIONS!!! -->
</para>
</listitem>
<listitem>
<para>
- the <replaceable><OPTION></replaceable> and <replaceable><MORE OPTIONS></replaceable> specify TBD
+ The <replaceable><HOST></replaceable> attribute specifies the host which receives the selected syslog messages.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <replaceable><PORT></replaceable> attribute specifies the host machine's port.
</para>
</listitem>
</itemizedlist>
- </listitem>
- <listitem>
<para>
-
+ When specifying an <systemitem class="protocol">IPv6</systemitem> address as the hoset, enclose the address in square brackets (<literal>[</literal>, <literal>]</literal>).
</para>
- </listitem>
- </itemizedlist>
-
+ <para>
+ The following are some examples of actions that forward syslog messages over the network (note that all actions are preceded with a selector that selects all messages with any priority):
+ </para>
+ <screen>*.* @192.168.0.1 # Forwards messages to 192.168.0.1 via the <systemitem class="protocol">UDP</systemitem> protocol</screen>
+ <screen>*.* @@example.com:18 # Forwards messages to "example.com" using port 18 and the <systemitem class="protocol">TCP</systemitem> protocol</screen>
+ <screen>
+*.* @(z9)[2001::1] # Compresses messages with <application>zlib</application> (level 9 compression)
+ # and forwards them to 2001::1 using the <systemitem class="protocol">UDP</systemitem> protocol</screen>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Sending syslog messages to specific users</term>
+ <listitem>
+ <para>
+ <application>rsyslog</application> can send syslog messages to specific users by simply specifying a username of the user you wish to send the messages to. To specify more than one user, separate each username with a comma (<literal>,</literal>). To send messages to every user that is currently logged on, use an asterisk (<literal>*</literal>).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>Discarding syslog messages</term>
+ <listitem>
+ <para>
+ To discard your selected messages, use the tilde character (<literal>~</literal>). The following rule discards any cron syslog messages:
+ </para>
+ <screen>cron.* ~</screen>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ <!-- TODO: specifying multiple actions!!! -->
+ </para>
+ <para>
+ Note that any action can be followed by a template that formats the message. To specify a template, suffix an action with a semicolon (<literal>;</literal>) and specify the name of the template.
+ </para>
+ <warning>
+ <title>Caution</title>
+ <para>
+ A template must be defined before it is used in an action.
+ </para>
+ </warning>
+ <para>
+ For more information on templates, refer to <xref linkend="s2-templates"/>.
+ </para>
+ <para>
+ For more information on various <application>rsyslog</application> actions, refer to <filename>/usr/share/doc/rsyslog-4.4.2/rsyslog_conf_actions.html</filename>.
+ </para>
- <!-- most actions specify where a specific syslog message will be "placed"
- - The filename can be either static (always the same) or dynamic (different based on message received)
- - Creating directories is also supported?
-
- syslog messages can also be sent over the network and receive messages from remote hosts.
-
- can be sent to specific users, groups of users
-
- discard
-
+
+ <!--
including a template, more on templates in ... Beware: templates MUST be defined BEFORE they are used
- -->
- <para>
- <!-- TODO: specifying multiple actions!!! -->
- </para>
+ /usr/share/doc/rsyslog-4.4.2/rsyslog_conf_actions.html
+ -->
+
</section>
</section>
<section id="s2-templates">
More information about the docs-commits
mailing list