Syslogd2 Wiki
High capacity syslog data collection, filtering, and management.
Brought to you by:
efreesmeyer
Menu
▾
▴
Home
Welcome to the Syslogd2 Documentation Wiki
Quick Start
If you are new to Syslogd2 and wish to get started right away, here is a sample configuration file to convert from an rsyslog configuration.
If you are a (non-rsylog user,) Syslogd2 can be deployed with traditional syslog configuration files and traditional syslog command-line options (-c <alt-configuration-file>) and (-r) to enable IP and IP forwarding. (You may still be interested in the syntax enhancements outlined here).
In either case, the power of Syslogd2 comes from the conceptual extensions and additional features not found in currently-deployed syslog daemons.
The rest of Syslogd2's features can be enabled and/or configured as your time and needs permit.
Please take the time to read through the documentation in the table below.
(...and forgive me for the typos and wordiness that my writing usually contains in documents with less than about 10 revissions -- This wiki is a work-in-progress and has been written over time while the code itself has been rewritten and added to over that same time period).
Deploy Now, Configure Later
Syslogd2 is (at its core) a syslog-processing daemon that can function as a replacement for the default syslog service that ships with any Linux distribution. Syslogd2 can alternatively be deployed as a stand-alone application alongside existing syslog service daemons, collecting data from sources that are unsupported by standard syslog daemons and injecting that data into existing syslog-management systems.
Syslogd2 was designed from scratch as a network-and-host-management-system syslog-date-collection process with emphasis on data-collection from files and on high-speed data-collection from network devices in addition to 'slumming' as a local host processes that receives and logs data from local-host-processes and local-kernel-output.
Central to Syslogd2's design is a strong desire to avoid any type of arbitrary code limits on overall performance or throughput.
For example: Syslogd2 provides up to 1000 (16 by default) 'extra' facilities that can be used for routing and syslog 'sorting' in network-management situations.
Syslogd2 provides input options and 'transform-filters' to modify the contents, facilities, priorities and/or hostnames of incoming data in order to provide source identification of individual data sources after by central syslog-analysis console(s).
Syslogd2's filters also function as "data-reduction' filters to discard syslog events (nearest the source) that have been received but that are of no interest to centralized display consoles. "Reduction filters" control both network and central-port congestion by reducing the traffic volume that is sent to centralized hosts.
To support forensic anaylsys of network outages and to ease traffic flow through firewalls, Syslogd2 provides native support for TCP/IP and automated store-and-forward of TCP-transmitted data in the event of network outages. This assures that data collected from both 'sides' of the outage are availabe for forensic analysis. To provide future relevance, Syslogd2 also provides default native support of both IPv4 and IPv6 network protocols.
The table below contains links to additional information, discussion and details about various aspects of Syslogd2 as well as command-reference tables and sample configuration files. It is my goal to keep this documention current, but documentation will always lag the code by some period of time....
| Configuration and Administration Topics in Syslogd2 | ||
| Syslogd2 History and Design | Interfacing with Syslogd2 | The Syslogd2 Command-Line |
| The Syslogd2 Configuration File | ||
| Configuring Compile-Time Options | Related Projects and Tools | Future Features |
| CAP_*-abilities | |||
| [CAP_CACHE] | [CAP_HOUSEKEEPING] | CAP_SINGLEPORT | [CAP_SPOOLFILES] |
| [CAP_COMMAND] | CAP_KERNELTHREADS | CAP_SINGLETHREAD | CAP_TAILFILES |
| CAP_FILEROTATE | [CAP_OUTPUTTHREADS] | CAP_STATS | CAP_USERTHREADS |
| CAP_FILTERSIN | CAP_RECONFIG | CAP_STREAMIN | CAP_WHATIF |
| CAP_FILTERSOUT | CAP_SINGLEPOOL | CAP_STREAMOUT | [CAP_WORKERTHREADS] |
|
Notes: (1): CAP_WORKERTHREADS and CAP_OUTPUTTHREADS change the underlying multi-thread structure of Syslogd2 for high-performance systems. (2): CAP_HOUSEKEEPING is recommended for all but the smallest and most basic configurations. (3): CAP_WHATIF and CAP_COMMAND are primarily intended for interacting with and debugging large, complex (network-management) configurations, though CAP_WHATIF can also be a good run-time debugging and reporting tool. |
|||
Quick Start Example
Current rsyslog configurations can be easily converted to syslogd2:
(1) Put an optional "stderr" specification at the top of the main file to log syntax and configuration errors.
(2) Specify customized working directories at the top of the file so the working configuration-directory will be defined for include-files.
(3) Change syntax of the "include" command from rsyslog.
(4) Syslogd2 uses command-line parameters for most configuration tasks instead of embedded 'commands' as in rsyslog. Syslogd2 scans each line beyond the 1st '#' character searching for a tilde (followed by a '-' indicating a command-line options. A 2nd '#' character indicates a 'hard' comment.
(5) Almost all command-line options may be embedded in the configuration file. Command-line options in the configuration file are identified by a tilde (~) as the first non-comment/non-whitespace character in the line. (See Syslogd2's comment-parsing policy for full details.)
(6) For a quick start, cut-and-Paste the example below for a working configuration file using the same include-files from rsyslog.
###################################################### ###################################################### ## Syslogd2 main configuration file (starter) ## ## (All keywords are non-case-sensitive) ## ###################################################### ###################################################### ###################################################### ## Parse-control settings ## ###################################################### # ~ --stderr=/opt2/build/syslog/errors.log,uid=ed,gid=ed,mode=666,level=7 # ###################################################### ## (default config file is '/etc/syslog.conf') ## ## (default ConfigDir is '/etc/syslog.d') ## ###################################################### # # Set (alternative) working directory # ~ --defaults ConfigDir=/etc/syslog.d # ################################################################ ## Optionally control hostname display for local files only ## ################################################################ # # List of hostnames to be logged to local files without domain-names: # ~ --Localhosts = ubuntuserver # # List of domains to be stripped off when logging to local files: # ~ --StripDomains = localdomain # ################################################################ ## Enable IP, forwarding of IP-input to IP-outputs, and DNS lookup ################################################################ # ~ --Enable Inet,Forwarding,dns # ################################################################ ## Syslogd2 requires all included files to end in ".conf" ## ## With no parameters, all files in the declared ## ## (Or default) 'ConfigDir' wil be included. ## ## Given a directory parameter, all '*.conf' files in that ## ## directory will be included. ## ## Individual absolute filenames may also be used. ## ## ## ## Syslogd2 allows nesting of IncludeConfig files. ## ## Syslogd2 tracks filenames and will prevent loops. ## ################################################################ # ~ --IncludeConfig ## ~ --IncludeConfig <2nd directory of include-files>
Project Members:
- Ed Freesmeyer (admin)
Discussion
Anonymous
