[deployment-guide: 31/185] finished the "Actions" section of Log Files chapter
Jaromir Hradilek
jhradile at fedoraproject.org
Sun May 15 21:12:36 UTC 2011
commit 05d62d7e841efaf66793c631922e1708ec1975b2
Author: Martin Prpic <mprpic at redhat.com>
Date: Fri Jan 21 15:16:42 2011 +0100
finished the "Actions" section of Log Files chapter
en-US/Log_Files.xml | 97 +++++++++++++++++++++++++++++++++++---------------
1 files changed, 68 insertions(+), 29 deletions(-)
---
diff --git a/en-US/Log_Files.xml b/en-US/Log_Files.xml
index 79b535e..f9c7c32 100644
--- a/en-US/Log_Files.xml
+++ b/en-US/Log_Files.xml
@@ -206,12 +206,6 @@ mail.crit # Selects all mail syslog messages with priority <command>crit</com
cron.!info,!debug # Selects all cron syslog messages except those with the <command>info</command> or <command>debug</command> priority.
</screen>
</section>
- <!-- TODO!!!!!!!!!!!!!!!!!!!!
-
- check for terms "syslog message" and "syslog file"
-
- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- -->
<section id="s3-actions">
<title>Actions</title>
<para>
@@ -232,7 +226,9 @@ cron.!info,!debug # Selects all cron syslog messages except those with the <c
<para>
Your specified file path can be either static or dynamic. Static files are represented by a simple file path as was shown in the example above. Dynamic files are represented by a template and a question mark (<literal>?</literal>) prefix. For more information on templates, refer to <xref linkend="s2-templates"/>.
</para>
- <!-- TBD: If the file you specified is a tty, special tty-handling is done, same with /dev/console. -->
+ <para>
+ If the file you specified is an existing <application>tty</application> or <filename>/dev/console</filename> device, syslog messages are sent to standard output (using special <application>tty</application>-handling) or your console (using special <filename>/dev/console</filename>-handling) when using the X Window System, respectively.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
@@ -290,36 +286,79 @@ cron.!info,!debug # Selects all cron syslog messages except those with the <c
</para>
</listitem>
</varlistentry>
- <!--TDB
- # Program to execute
-
- *.* ^alsaunmute # set default volume to soundcard
-
<varlistentry>
- <term>Executing programs</term>
+ <term>Executing a program</term>
<listitem>
<para>
-
+ <application>rsyslog</application> lets you execute a program and uses the <systemitem>system()</systemitem> call to execute it in shell. To specify a program to be executed, prefix it with a caret character (<literal>^</literal>). In the following example, any syslog message with any priority is selected and passed as a parameter to the <application>test-program</application> program, which is then executed with the provided parameter:
</para>
+ <screen>*.* ^test-program</screen>
+ <warning>
+ <title>Warning</title>
+ <para>
+ When accepting messages from any host, and using the shell execute action, you may be vulnerable to command injection. An attacker may try to inject and execute commands specified by the attacker in the program you specified (in your action) to be executed. To avoid any possible security threats, thoroughly consider the use of the shell execute action.
+ </para>
+ </warning>
</listitem>
- </varlistentry> -->
-
- <!--TDB in file:///usr/share/doc/rsyslog-4.6.3/rsyslog_conf_actions.html DATABASE TABLE
- # Database action
-
- # (you must have rsyslog-mysql package installed)
- # !!! Don't forget to set permission of rsyslog.conf to 600 !!!
- *.* >hostname,dbname,userid,password # (default Monitorware schema, can be created by /usr/share/doc/rsyslog-mysql-1.19.6/createDB.sql)
-
+ </varlistentry>
<varlistentry>
- <term>Database Table</term>
+ <term>Inputting syslog messages in a Database</term>
<listitem>
<para>
-
+ Selected syslog messages can be directly written into a database table using the <emphasis>database writer</emphasis> action. The database writer uses the following syntax:
+ </para>
+ <screen>><replaceable><DB_HOST></replaceable>,<replaceable><DB_NAME></replaceable>,<replaceable><DB_USER></replaceable>,<replaceable><DB_PASSWORD></replaceable>;<optional><replaceable><TEMPLATE></replaceable></optional> </screen>
+ <para>
+ where:
</para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The greater-than sign (<literal>></literal>) calls the database writer.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <replaceable><DB_HOST></replaceable> attribute specifies the database hostname.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <replaceable><DB_NAME></replaceable> attribute specifies the name of the database.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <replaceable><DB_USER></replaceable> attribute specifies the database user.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <replaceable><DB_PASSWORD></replaceable> attribute specifies the password used with the aforementioned database user.
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ The <replaceable><TEMPLATE></replaceable> attribute specifies an optional use of a template that modifies the syslog message. For more information on templates, refer to <xref linkend="s2-templates"/>.
+ </para>
+ </listitem>
+ </itemizedlist>
+ <important>
+ <title>Important</title>
+ <para>
+ <!-- TBD: WHICH DBs are supported? So far MySQL, PostgreSQL?. Other? File permissions???-->
+ Currently, <application>rsyslog</application> provides support for MySQL and PostgreSQL databases only.
+ In order to use the MySQL and PostgreSQL database writer functionality, install the <package>rsyslog-mysql</package> and <package>rsyslog-pgsql</package> packages installed, respectively. Also, make sure you load the appropriate modules in your <filename>/etc/rsyslog.conf</filename> configuration file:
+ </para>
+ <screen>
+$ModLoad ommysql # Output module for MySQL support
+$ModLoad ompgsql # Output module for PostgreSQL support
+ </screen>
+ <para>For more information on <application>rsyslog</application> modules, refer to <xref linkend="s2-modules"/>.
+ </para>
+ </important>
</listitem>
- </varlistentry> -->
-
+ </varlistentry>
<varlistentry>
<term>Discarding syslog messages</term>
<listitem>
@@ -364,7 +403,7 @@ kern.=crit joe
<section id="s2-templates">
<title>Templates</title>
<para>
-
+
</para>
</section>
<section id="s2-filter-conditions">
@@ -381,7 +420,7 @@ kern.=crit joe
</section>
</section>
<section id="s1-rsyslog-performance">
- <title><command>rsyslog</command> Performance</title>
+ <title><application>rsyslog</application> Performance</title>
<para>
</para>
More information about the docs-commits
mailing list