/* $CoreSDI: README,v 1.20 2002/03/04 21:47:14 claudio Exp $ */ SPECIAL NOTE ------------ Most of the documentation and examples are on the manual pages provided. They are meant to be the ultimate reference. See im_bsd.8, im_linux.8 im_udp.8, om_mysql.8, om_regex.8, peochk.8 im_doors.8, im_streams.8 im_unix.8, om_peo.8, om_tcp.8, syslog.conf.5, im_file.8, im_tcp.8 om_classic.8, om_pgsql.8, om_udp.8, and syslogd.8. Installation ------------ Please read the file INSTALL. About Modular Syslog -------------------- This is a daemon for the syslog system log interface. It is based on OpenBSD's syslog daemon implementation, with many improvements (ie. log hash protection). This project is intended as a whole revision of previous Secure Syslogd project (wich is unsupported by now). It has all functionalities and some more. The remaining things are Solaris support and Audit compatibility (on the works). There are also a few lines taken from the sysklogd project, wich got them modified from BSD. Specifically the '!', '=' use on configuration. Reporting Bugs -------------- Submit bugs at this project's Sourceforge Bug reporting system at: http://sourceforge.net/tracker/?func=add&group_id=25741&atid=385117 You may also report them directly to the authors; send an email to core.devel.alat@corest.com, describing the problem the most you can, containing also machine description, hardware description, the configuration file (/etc/syslog.conf), the OS description, and the invoking command line. The more you describe the bug, the faster we can fix it. Known Bugs ---------- - If a module blocks on I/O the hole daemon blocks, and messages can get lost on extremely busy hosts. Thanks ------ We'd like to thank for helping and supporting Florin Andrei Arthur Korn Ari Edelkind "You guys rock!" - Alejo Main differences with previous BSD syslog ----------------------------------------- The whole internal structure was redesigned to work with input and output modules, standarizing interfaces to facilitate development for using special devices and flexible configurations. Special care was taken to remain backwards compatible on configuration files. You can use you previous BSD config files with this improved version of syslog. A new notation was made for configuration of modules. This new approach allows adding new functionality without complicating the code. Current available output modules are classic, mysql, peo, pgsql, regex and tcp. Available input modules are bsd, linux, unix, tcp and udp. Classic Output Module --------------------- Performs the previous BSD syslogd output tasks: save to a file or pipe, forward to a remote host though UDP, mail a user, send a message to a console, send a message to a tty, send message to all users (WALL). MySQL Output Module ------------------- Performs loggin in a MySQL server, either local or remote. The table format must be specified as om_mysql(8) manpage. PostgreSQL Output Module ------------------------ Performs loggin in a PostgreSQL server, either local or remote. The table format must be specified as om_pgsql(8) manpage. Regular Expression Output Module -------------------------------- This module acts as a filter, applying a regular expression to a message, hour, date or host. If message matches all, the next module in the configuration file is called. If reverse flag is used, pass all but matching messages. See om_regex(8) manpage for more details. Peo Output Module ----------------- This module does hash protection on logs. See om_peo(8) manpage for more information on useage. TCP Output Module ----------------- Send messages t an TCP socket. Use it simply as this on command line -i tcp -h -p -s . You may specify an optional buffer to save lines on dropped connections with -s. BSD Input Module ---------------- Gets messages from a BSD special kernel logging device. Use it simply as this on command line -i /dev/klog. Linux Input Module ------------------ Gets messages from a Linux special kernel logging device. Read im_linux(8) manpage for more details. UDP Input Module ---------------- Read messages from an UDP socket. Use it simply as this on command line -i udp . The port number is optional, and default is the one specified on /etc/services for "udp" and "syslog". TCP Input Module ---------------- Read messages from an TCP socket. Use it simply as this on command line -i tcp -h -p . Unix Input Module ----------------- Reads messages from a unix domain socket. Use it simply as this on command line -i 'unix /dev/log' or -i unix:/dev/log. Streams Input Module -------------------- This module handles stream devices (Solaris, and other SYSV like). Invoke on command line like this -i streams or -i streams:/dev/log (or equivalent). Note: this module may require Doors input module to work. Doors Input Module ------------------ May be needed on for other input modules. Invoke it like this on command line -i doors or -i doors:/etc/.syslog_door (or equivalent). OpenBSD binary packages ----------------------- It is possible to generate two OpenBSD packages: msyslog and msyslog-devel the first contains the msyslog binaries and the other some files for external module makers (external module means: a module not included into the "libmsyslog.so.X.X" library, this module should be named "libmsyslog_.so" and located into the msyslog library directory). To generate the packages some steps should be done: $ ./configure $ make ports This generates three tar balls: msyslog-vX.XX-src.tar.gz, msyslog_port-X.XX.tgz, and msyslog_port-devel-X.XX.tgz. A common way to generate the packages is: $ sudo cp msyslog-vX.XX-src.tar.gz /usr/ports/distfiles/ $ tar zxf msyslog_port-X.XX.tgz $ tar zxf msyslog_port-devel-X.XX.tgz $ cd msyslog_port-X.XX && make && sudo make package $ cd ../msyslog_port-devel-X.XX && make && sudo make package Both packages will be created at /usr/ports/packages//All. You can avoid the sudo command by using DISTDIR and PACKAGES variables (see bsd.port.mk(5)).