From ac718fe9695cb2e53b7ecfaed4f3eed3be128f44 Mon Sep 17 00:00:00 2001 From: Joachim Nilsson Date: Sat, 12 Oct 2019 21:37:28 +0200 Subject: [PATCH] Document new RFC5424 style formatting for sending to remote hosts Signed-off-by: Joachim Nilsson --- README.md | 1 + man/klogd.8 | 2 +- man/sysklogd.8 | 27 +++++++++++++++------------ man/syslog.conf.5 | 26 ++++++++++++++++---------- 4 files changed, 33 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 37bc195..e84a5a6 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,7 @@ Main differences from the original sysklogd are: - Touch PID file on `SIGHUP`, for integration with [Finit][] - GNU configure & build system to ease porting/cross-compiling - Support for configuring remote syslog timeout +- Support for sending RFC5424 style remote syslog messages Build & Install diff --git a/man/klogd.8 b/man/klogd.8 index 87e5f9b..0a2bbd3 100644 --- a/man/klogd.8 +++ b/man/klogd.8 @@ -2,7 +2,7 @@ .\" Copyright 1997-2007 Martin Schulze .\" May be distributed under the GNU General Public License .\" -.TH KLOGD 8 "27 May 2007" "Version 1.5" "Linux System Administration" +.TH KLOGD 8 "12 October 2019" "Version 2.0" "Linux System Administration" .SH NAME klogd \- Kernel Log Daemon .SH SYNOPSIS diff --git a/man/sysklogd.8 b/man/sysklogd.8 index 0a63a8f..3ffcba3 100644 --- a/man/sysklogd.8 +++ b/man/sysklogd.8 @@ -2,7 +2,7 @@ .\" Copyright 2004,6-8 Martin Schulze .\" May be distributed under the GNU General Public License .\" -.TH SYSKLOGD 8 "02 Aug 2018" "Version 1.5" "Linux System Administration" +.TH SYSKLOGD 8 "12 October 2019" "Version 2.0" "Linux System Administration" .SH NAME sysklogd \- Linux system logging utilities. .SH SYNOPSIS @@ -39,10 +39,13 @@ sysklogd \- Linux system logging utilities. .RB [ " \-v " ] .SH DESCRIPTION .B Sysklogd -provides two system utilities which provide support for -system logging and kernel message trapping. Support of both internet and -unix domain sockets enables this utility package to support both local -and remote logging. +provides two system utilities which provide support for system logging +and kernel message trapping. Support of both internet and unix domain +sockets enables this utility package to support both local and remote +logging. The latter can optionally use RFC5424 style formatting of +messages, see +.BR syslog.conf (5) +for more information. System logging is provided by a version of .BR syslogd (8) @@ -369,11 +372,11 @@ port cant be opened. Instead .B syslogd will die immediately, blowing out an error message. -To cause messages to be forwarded to another host replace -the normal file line in the +To forward messages to to a remote host, replace the file line in the .I syslog.conf -file with the name of the host to which the messages is to be sent -prepended with an @. +file with the name of the hostname to which the messages is to be sent +prepended with an @ sign. For remote logging the hostname can also be +appended with the flag ;RFC5424 to enable RFC5424 style formatting. .IP For example, to forward .B ALL @@ -383,9 +386,9 @@ following entry: .IP .nf - # Sample syslogd configuration file to - # messages to a remote host forward all. - *.* @hostname + # Sample syslogd configuration file to forward all message + # messages to a remote host using RFC5424 style formatting + *.* @hostname;RFC5424 .fi To forward all \fBkernel\fP messages to a remote host the diff --git a/man/syslog.conf.5 b/man/syslog.conf.5 index 1bb1f03..fa907d5 100644 --- a/man/syslog.conf.5 +++ b/man/syslog.conf.5 @@ -17,7 +17,7 @@ .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. .\" -.TH SYSLOG.CONF 5 "27 November 2009" "Version 1.5" "Linux System Administration" +.TH SYSLOG.CONF 5 "12 October 2019" "Version 2.0" "Linux System Administration" .SH NAME syslog.conf \- syslogd(8) configuration file .SH DESCRIPTION @@ -208,6 +208,10 @@ is able to sort log messages by host name or program name on the central log host. This way it is possible to split the log into separate files. +By default messages to remote remote hosts are formatted in the original +BSD style. To enable new RFC5424 style formatting, append ``;RFC5424`` +after the hostname. + .SS List of Users Usually critical messages are also directed to ``root'' on that machine. You can specify a list of users that ought to receive the @@ -248,7 +252,7 @@ with the exception of any kernel messages. # to another host and to the console # kern.* /var/adm/kernel -kern.crit @finlandia +kern.crit @finlandia;RFC5424 kern.crit /dev/console kern.info;kern.!err /var/adm/kernel-info .fi @@ -260,10 +264,11 @@ file The second statement directs all kernel messages of priority .B crit -and higher to the remote host finlandia. This is useful, because if -the host crashes and the disks get irreparable errors you might not be -able to read the stored messages. If they're on a remote host, too, -you still can try to find out the reason for the crash. +and higher to the remote host finlandia in RFC5424 style formatting. +This is useful, because if the host crashes and the disks get +irreparable errors you might not be able to read the stored messages. +If they're on a remote host, too, you still can try to find out the +reason for the crash. The third rule directs kernel messages of priority crit and higher to the actual console, so the person who works on the machine will get @@ -404,12 +409,13 @@ and ``joey'' if they're logged in. .IP .nf -*.* @finlandia +*.* @finlandia;RFC5424 .fi .LP -This rule would redirect all messages to a remote host called -finlandia. This is useful especially in a cluster of machines where -all syslog messages will be stored on only one machine. +This rule would redirect all messages to a remote host called finlandia +with RFC5424 style formatting. This is useful especially in a cluster +of machines where all syslog messages will be stored on only one +machine. .SH CONFIGURATION FILE SYNTAX DIFFERENCES .B Syslogd uses a slightly different syntax for its configuration file than