LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    rsyslogd

    
    
    

    SYNOPSIS

           rsyslogd [ -4 ] [ -6 ] [ -A ] [ -d ] [ -f config file ]
           [ -i pid file ] [ -l hostlist ] [ -n ] [ -N level ]
           [ -q ] [ -Q ] [ -s domainlist ] [ -u userlevel ] [ -v ] [ -w ] [ -x ]
    
    
    

    DESCRIPTION

           Rsyslogd  is  a  system  utility providing support for message logging.
           Support of both internet and unix domain sockets enables  this  utility
           to support both local and remote logging.
    
           Note that this version of rsyslog ships with extensive documentation in
           html format.  This is provided in the ./doc subdirectory  and  probably
           in  a separate package if you installed rsyslog via a packaging system.
           To use rsyslog's advanced features, you need to look at the html  docu-
           mentation, because the man pages only cover basic aspects of operation.
           For details and configuration examples, see the  rsyslog.conf  (5)  man
           page and the online documentation at http://www.rsyslog.com/doc
    
           Rsyslogd(8)  is  derived  from  the  sysklogd  package which in turn is
           derived from the stock BSD sources.
    
           Rsyslogd provides a kind of logging  that  many  modern  programs  use.
           Every  logged  message  contains  at least a time and a hostname field,
           normally a program name field, too, but that depends on how trusty  the
           logging  program  is.  The  rsyslog package supports free definition of
           output formats via templates. It also supports precise  timestamps  and
           writing  directly  to  databases. If the database option is used, tools
           like phpLogCon can be used to view the log data.
    
           While the rsyslogd sources have been heavily modified a couple of notes
           are  in  order.   First  of  all there has been a systematic attempt to
           ensure that rsyslogd follows its default,  standard  BSD  behavior.  Of
           course,  some configuration file changes are necessary in order to sup-
           port the template system. However, rsyslogd should be  able  to  use  a
           standard  syslog.conf  and  act  like the original syslogd. However, an
           original syslogd will not work correctly with a  rsyslog-enhanced  con-
           figuration  file.  At  best, it will generate funny looking file names.
           The second important concept to note is that this version  of  rsyslogd
           interacts  transparently  with the version of syslog found in the stan-
           dard libraries.  If a binary linked to the  standard  shared  libraries
           fails  to  function correctly we would like an example of the anomalous
           behavior.
    
           The main configuration file /etc/rsyslog.conf or an  alternative  file,
           given  with  the  -f  option, is read at startup.  Any lines that begin
           with the hash mark (''#'') and empty lines are ignored.   If  an  error
           occurs  during  parsing  the  error  element is ignored. It is tried to
           parse the rest of the line.
    
                  the system.
    
           -6     Causes rsyslogd to listen to IPv6 addresses only.  If neither -4
                  nor -6 is given, rsyslogd listens to all configured addresses of
                  the system.
    
           -c version
                  Selects  the desired backward compatibility mode. It must always
                  be the first option on the command line, as it  influences  pro-
                  cessing  of  the  other  options.  To  use the rsyslog v3 native
                  interface, specify -c3. To use compatibility mode  ,  either  do
                  not  use -c at all or use -c<version> where version is the rsys-
                  log version that it shall be compatible with.  Using  -c0  tells
                  rsyslog  to be command-line compatible to sysklogd, which is the
                  default if -c is not given.  Please note  that  rsyslogd  issues
                  warning  messages  if  the -c3 command line option is not given.
                  This is to alert you that  your  are  running  in  compatibility
                  mode.  Compatibility mode interferes with your rsyslog.conf com-
                  mands and may cause some undesired side-effects. It is meant  to
                  be used with a plain old rsyslog.conf - if you use new features,
                  things become messy. So the best advice is to work through  this
                  document,  convert  your  options  and  config file and then use
                  rsyslog in native mode. In order to aid  you  in  this  process,
                  rsyslog  logs  every compatibility-mode config file directive it
                  has generated. So you can simply copy them from your logfile and
                  paste them to the config.
    
           -d     Turns on debug mode. See the DEBUGGING section for more informa-
                  tion.
    
           -f config file
                  Specify an alternative configuration file instead of  /etc/rsys-
                  log.conf, which is the default.
    
           -i pid file
                  Specify  an  alternative  pid  file  instead of the default one.
                  This option must be  used  if  multiple  instances  of  rsyslogd
                  should run on a single machine.
    
           -l hostlist
                  Specify  a  hostname  that should be logged only with its simple
                  hostname and not the fqdn.   Multiple  hosts  may  be  specified
                  using the colon ('':'') separator.
    
           -n     Avoid  auto-backgrounding.   This  is  needed  especially if the
                  rsyslogd is started and controlled by init(8).
    
           -N  level
                  Do a coNfig check. Do NOT run in regular mode, just  check  con-
                  figuration  file  correctness.  This option is meant to verify a
                  config file. To do so, run rsyslogd interactively in foreground,
                  specifying  -f  <config-file>  and -N level.  The level argument
    
           -s domainlist
                  Specify a domainname that should be stripped off before logging.
                  Multiple  domains may be specified using the colon ('':'') sepa-
                  rator.  Please be advised that no sub-domains may  be  specified
                  but  only  entire domains.  For example if -s north.de is speci-
                  fied and the host logging resolves to satu.infodrom.north.de  no
                  domain  would be cut, you will have to specify two domains like:
                  -s north.de:infodrom.north.de.
    
           -u userlevel
                  This is a "catch all" option for some  very  seldomly-used  user
                  settings.  The "userlevel" variable selects multiple things. Add
                  the specific values to get the combined effect of them.  A value
                  of  1  prevents  rsyslogd from parsing hostnames and tags inside
                  messages.  A value of 2 prevents rsyslogd from changing  to  the
                  root  directory.  This is almost never a good idea in production
                  use. This option was  introduced  in  support  of  the  internal
                  testbed.   To  combine  these two features, use a userlevel of 3
                  (1+2). Whenever you use an  -u  option,  make  sure  you  really
                  understand what you do and why you do it.
    
           -v     Print version and exit.
    
           -w     Suppress  warnings  issued  when messages are received from non-
                  authorized machines (those, that are in no AllowedSender  list).
    
           -x     Disable DNS for remote messages.
    
    
    

    SIGNALS

           Rsyslogd  reacts  to a set of signals.  You may easily send a signal to
           rsyslogd using the following:
    
                  kill -SIGNAL $(cat /var/run/rsyslogd.pid)
    
           Note that -SIGNAL must be replaced with the actual signal you are  try-
           ing to send, e.g. with HUP. So it then becomes:
    
                  kill -HUP $(cat /var/run/rsyslogd.pid)
    
           HUP    This  lets rsyslogd perform close all open files.  Also, in v3 a
                  full restart will be done in order to read changed configuration
                  files.   Note  that  this means a full rsyslogd restart is done.
                  This has, among others, the consequence that TCP and other  con-
                  nections  are  torn down. Also, if any queues are not running in
                  disk assisted mode or are not set to persist data  on  shutdown,
                  queue  data  is  lost. HUPing rsyslogd is an extremely expensive
                  operation and should only be done when actually necessary. Actu-
                  ally,  it  is a rsyslgod stop immediately followed by a restart.
                  Future versions will remove this restart  functionality  of  HUP
    
           There  is the potential for the rsyslogd daemon to be used as a conduit
           for a denial of service attack.  A rogue program(mer) could very easily
           flood  the  rsyslogd  daemon  with syslog messages resulting in the log
           files consuming all the remaining space on the filesystem.   Activating
           logging  over the inet domain sockets will of course expose a system to
           risks outside of programs or individuals on the local machine.
    
           There are a number of methods of protecting a machine:
    
           1.     Implement kernel firewalling to limit which  hosts  or  networks
                  have access to the 514/UDP socket.
    
           2.     Logging  can  be  directed to an isolated or non-root filesystem
                  which, if filled, will not impair the machine.
    
           3.     The ext2 filesystem can be used which can be configured to limit
                  a  certain  percentage  of  a  filesystem to usage by root only.
                  NOTE that this will require rsyslogd to be  run  as  a  non-root
                  process.   ALSO NOTE that this will prevent usage of remote log-
                  ging on the default port since rsyslogd will be unable  to  bind
                  to the 514/UDP socket.
    
           4.     Disabling  inet  domain  sockets  will  limit  risk to the local
                  machine.
    
       Message replay and spoofing
           If remote logging is  enabled,  messages  can  easily  be  spoofed  and
           replayed.   As  the messages are transmitted in clear-text, an attacker
           might use the information  obtained  from  the  packets  for  malicious
           things.  Also,  an  attacker  might replay recorded messages or spoof a
           sender's IP address, which could lead to a wrong perception  of  system
           activity.  These  can  be prevented by using GSS-API authentication and
           encryption. Be sure to  think  about  syslog  network  security  before
           enabling it.
    
    
    

    DEBUGGING

           When  debugging  is  turned  on  using the -d option, rsyslogd produces
           debugging information according to the RSYSLOG_DEBUG environment  vari-
           able  and the signals received. When run in foreground, the information
           is written to stdout. An additional output file can be specified  using
           the RSYSLOG_DEBUGLOG environment variable.
    
    
    

    FILES

           /etc/rsyslog.conf
                  Configuration  file for rsyslogd.  See rsyslog.conf(5) for exact
                  information.
           /dev/log
                  The Unix domain socket to from where local syslog  messages  are
                  read.
           /var/run/rsyslogd.pid
                  The file containing the process id of rsyslogd.
                         can  be  toggled  by  sending SIGUSR1. Mutually exclusive
                         with Debug.
                  LogFuncFlow
                         Print out the logical flow  of  functions  (entering  and
                         exiting them)
                  FileTrace
                         Specifies  which  files  to trace LogFuncFlow. If not set
                         (the default), a LogFuncFlow trace is  provided  for  all
                         files.  Set  to limit it to the files specified.FileTrace
                         may be specified multiple  times,  one  file  each  (e.g.
                         export  RSYSLOG_DEBUG="LogFuncFlow  FileTrace=vm.c  File-
                         Trace=expr.c"
                  PrintFuncDB
                         Print the content of the debug function database whenever
                         debug information is printed (e.g. abort case)!
                  PrintAllDebugInfoOnExit
                         Print  all  debug information immediately before rsyslogd
                         exits (currently not implemented!)
                  PrintMutexAction
                         Print mutex action as  it  happens.  Useful  for  finding
                         deadlocks and such.
                  NoLogTimeStamp
                         Do  not  prefix log lines with a timestamp (default is to
                         do that).
                  NoStdOut
                         Do not emit debug messages to stdout. If RSYSLOG_DEBUGLOG
                         is  not  set, this means no messages will be displayed at
                         all.
                  Help   Display a very short list of commands - hopefully a  life
                         saver if you can't access the documentation...
    
           RSYSLOG_DEBUGLOG
                  If  set,  writes (almost) all debug message to the specified log
                  file in addition to stdout.
           RSYSLOG_MODDIR
                  Provides the default directory in which loadable modules reside.
    
    
    

    BUGS

           Please  review  the  file BUGS for up-to-date information on known bugs
           and annoyances.
    
    
    

    Further Information

           Please visit  http://www.rsyslog.com/doc  for  additional  information,
           tutorials and a support forum.
    
    
    

    SEE ALSO

           rsyslog.conf(5),    logger(1),   syslog(2),   syslog(3),   services(5),
           savelog(8)
    
    
    

    COLLABORATORS

           rsyslogd is derived from sysklogd sources, which in turn was taken from
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz