diff options
Diffstat (limited to 'doc/omjournal.html')
| -rw-r--r-- | doc/omjournal.html | 83 |
1 files changed, 0 insertions, 83 deletions
diff --git a/doc/omjournal.html b/doc/omjournal.html deleted file mode 100644 index c42d984..0000000 --- a/doc/omjournal.html +++ /dev/null @@ -1,83 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head> -<meta http-equiv="Content-Language" content="en"> -<title>Linux Journal Output Module (omjournal)</title></head> - -<body> -<a href="rsyslog_conf_modules.html">back</a> - -<h1>Linux Journal Output Module (omjournal)</h1> -<p><b>Module Name: omjournal</b></p> -<p><b>Author: </b>Rainer Gerhards <rgerhards@adiscon.com></p> -<p><b>Available since</b>: 7.3.7</p> -<p><b>Description</b>:</p> -<p>The omjournal output module provides an interface to the Linux journal. -It is meant to be used in those cases where the Linux journal is being used -as the sole system log database. With omjournal, messages from various -sources (e.g. files and remote devices) can also be written to the journal -and processed by its tools. -<p>A typical use case we had on our mind is a SOHO environment, where the -user wants to include syslog data obtained from the local router to be -part of the journal data. -<p> </p> - -<p><b>Module Configuration Parameters</b>:</p> -<p>Currently none. -<p> </p> -<p><b>Action Confguration Parameters</b>:</p> -<p>Currently none. - -<p><b>Caveats/Known Bugs:</b> -<ul> -<li>One needs to be careful that no message routing loop is created. The -systemd journal forwards messages it receives to the traditional syslog -system (if present). That means rsyslog will receive the same message that -it just wrote as new input on imuxsock. If not handled specially and assuming -all messages be written to the journal, the message would be emitted to the -journal again and a deadly loop is started. -<p>To prevent that, imuxsock by default does not accept messages originating -from its own process ID, aka it ignores messages from the current instance of -rsyslogd. However, this setting can be changed, and if so the problem may occur. -</ul> - -<p><b>Sample:</b></p> -<p>We assume we have a DSL router inside the network and would like to -receive its syslog message into the journal. Note that this configuration can be -used without havoing any other syslog functionality at all (most importantly, there -is no need to write any file to /var/log!). We assume syslog over UDP, as this -is the most probable choice for the SOHO environment that this use case reflects. -To log to syslog data to the journal, add the following snippet to rsyslog.conf: -<textarea rows="20" cols="60">/* first, we make sure all necessary - * modules are present: - */ -module(load="imudp") # input module for UDP syslog -module(load="omjournal") # output module for journal - -/* then, define the actual server that listens to the - * router. Note that 514 is the default port for UDP - * syslog and that we use a dedicated ruleset to - * avoid mixing messages with the local log stream - * (if there is any). - */ -input(type="imudp" port="514" ruleset="writeToJournal") - -/* inside that ruleset, we just write data to the journal: */ -ruleset(name="writeToJournal") { - action(type="omjournal") -} -</textarea> -<p>Note that this can be your sole rsyslog.conf if you do not use rsyslog -for anything else than receving the router syslog messages. -<p>If you do not receive messages, <b>you probably need to enable inbound UDP -syslog traffic in your firewall</b>. - - -<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>] [<a href="manual.html">manual -index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p> -<p><font size="2">This documentation is part of the -<a href="http://www.rsyslog.com/">rsyslog</a> project.<br> -Copyright © 2008-2013 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and -<a href="http://www.adiscon.com/">Adiscon</a>. Released under the GNU GPL -version 3 or higher.</font></p> - -</body></html> |