Syslog client
The configuration file for client is optional.
Its name is syslog.host and it should contain host
name or IPv4 address optionally followed by the colon and the port number.
By default port is 514.
If the file is missing then localhost is assumed.
This may look a bit ugly but if you have a better idea, send me a patch.
But keep in mind that client should not have any dependencies like daemon.
Syslog daemon
The concept is quite simple: there are message sources,
message filters and destinations.
Each item has its unique (among other items of the same kind) name.
The logpath ties together source, filter and destination.
Only one of the items of each kind may be specified in logpath.
But several logpaths may refer to the same source, filter or destination.
The configuration file for daemon has XML format.
It is not so convinient as its counterpart for any UNIX syslog.
Following the windows way I plan to implement GUI configuration tool.
So its content is not intended to be convinient for human.
The root element should be conf.
It is not checked by the parser however.
Top-level elements and their attributes are described below.
<source/>
Attributes
name
Required.
The name of message source.
type
Required.
There are two source types: internal
and udp.
Internal type corresponds to syslog daemon itself
and udp defines a listening UDP socket.
interface
Optional.
If the source type is udp, it defines interface
the socket will be bound to.
Default is 0.0.0.0.
port
Optional.
If source type is udp it defines listening port number.
Default is 514.
<destination/>
Attributes
name
Required.
The name of the destination.
The type of destination may be either file
or relay
.
It is determined by the presence of attributes file
or collector
respectively.
file
The presence of this attribute defines destination type as file
.
The value of attribute is a pattern for the file name.
It may contain the following format characters:
FormatDescription
%Yfour-digit year
%Mtwo-digit month, 01...12
%mmonth, 1...12
%Dtwo-digit day of month, 01...31
%dday of month, 1...31
%Wday of week, 1...7, 1 for sunday
%Ffacility name
%ffacility in numeric form
%Lpriority level name
%lpriority level in numeric form
%Hsource host name (a device
, according to RFC 3164)
%hsender host name (datagram sender, which may be device or relay)
%Pprogram name
%%% character
rotate
File-specific, optional.
Rotate log files periodically.
Possible values are:
daily,
weekly,
monthly.
Note that if rotation is turned on then it is strongly recommended
not to use format characters in the filename pattern.
size
File-specific, optional.
Log files are rotated when they grow bigger then size bytes.
If size is followed by M, the size if assumed to be in megabytes.
If the k is used, the size is in kilobytes.
So size 100, size 100k, and size 100M are all valid.
backlogs
File-specific, optional.
If rotation is turned on this attribute specifies the number of backlog files.
ifempty
File-specific, optional.
Rotate the log file even if it is empty.
Possible values are: yes, no.
Default is yes.
olddir
File-specific, optional.
Logs are moved to this directory for rotation.
If value is a relative path then this directory will be located in the same
directory with syslogd executable.
compresscmd
File-specific, optional.
Command to use to compress log file.
compressoptions
File-specific, optional.
Command line options may be passed to the compression program, if one is in use.
Options may contain $PATHNAME and $FILENAME substrings which will be replaced
with backlog pathname and basename respectively.
collector
The presence of this attribute defines destination type as relay
.
The value of attribute is a name or IPv4 address of the collector optionally
followed by the colon and port number.
omit_hostname
Relay-specific, optional.
Do not include source hostname in the datagramm.
Some syslog daemons by default do not rely on the hostname part of datagramm
and insert actual sender hostname in the logged message.
Note that ommiting hostname violates RFC 3164.
Possible values are: yes, no.
Default is no
<filter/>
Attributes
name
Required.
The name of the filter.
This element may contain sub-elements facility
and priority.
<facility/>
Attributes
name
Facility name. May be one of the following:
kern
user
mail
daemon
auth
syslog
lpr
news
uucp
cron
authpriv
ftp
local0
local1
local2
local3
local4
local5
local6
local7
value
Alternatively, the facility may be given in the numeric form.
Possible range is 0...23.
<priority/>
Attributes
name
Priority name. May be one of the following:
emerg
alert
crit
error
warning
notice
info
debug
value
Alternatively, the priority may be given in the numeric form.
Possible range is 0...7.
<logpath/>
Attributes
source
Required.
The name of the source.
filter
Optional.
The name of the filter.
destination
Required.
The name of the destination.
<purge/>
When destination file name contains format characters, this option is quite useful.
Attributes
directory
Required.
Directory to purge.
Must be a relative path inside logdir
(see configuration options below).
keep_days
Required.
How long to keep files.
<options/>
Attributes
logdir
Required.
Drectory for the log files.
If value is a relative path then this directory will be located in the same
directory with syslogd executable.
dns
Optional.
Use resolver to determine sender host name.
Possible values are: yes, no.
Default is yes.
source_encoding
Optional.
Convert incoming messages from specified encoding to
destination_encoding.
Default is do not convert.
destination_encoding
Required, if source_encoding is given.
mark_interval
Optional.
Interval in second between emissions of mark message.
Zero means do not emit mark messages and this is the
default value.
mark_message
Optional.
The content of mark message.
Default is -- MARK --
.
hold
Optional.
Number of seconds to hold a single message in queue.
During this time identical messages are coalesced.
Minimum is 1, default is 3 seconds.