From ffeff9b652755a219bb4efb3450a17990f366e6b Mon Sep 17 00:00:00 2001 From: Michael Biebl Date: Mon, 17 Mar 2014 17:17:03 +0100 Subject: Stop installing debian/sample.conf Upstream ships a more up-to-date example configuration file. --- debian/changelog | 2 + debian/rsyslog-doc.examples | 1 - debian/sample.conf | 284 -------------------------------------------- 3 files changed, 2 insertions(+), 285 deletions(-) delete mode 100644 debian/rsyslog-doc.examples delete mode 100644 debian/sample.conf (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index d8a602b..0fc504f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,6 +9,8 @@ rsyslog (7.6.2-1) UNRELEASED; urgency=medium * Drop useless "exit 0" from maintainer scripts. * Enable and install the mmutf8fix, mmpstrucdata and mmsequence message modification modules. + * Stop installing debian/sample.conf. Upstream ships a more up-to-date + example configuration file. -- Michael Biebl Thu, 13 Mar 2014 18:07:48 +0100 diff --git a/debian/rsyslog-doc.examples b/debian/rsyslog-doc.examples deleted file mode 100644 index 7ca2e48..0000000 --- a/debian/rsyslog-doc.examples +++ /dev/null @@ -1 +0,0 @@ -debian/sample.conf diff --git a/debian/sample.conf b/debian/sample.conf deleted file mode 100644 index a27de0c..0000000 --- a/debian/sample.conf +++ /dev/null @@ -1,284 +0,0 @@ -# This is a sample configuation file for rsyslogd. See the -# doc/manual.html for details. If you can not find the -# manual set, please visit -# -# http://www.rsyslog.com/doc/ -# -# to obtain it online. -# -# WARNING: We do NOT keep the comments in this file always -# up to date. Be sure to consult the doc set that -# came with your package, especially the file on -# rsyslog.conf - it probably has some better information -# than is provided here in comments. The main purpose -# of sample.conf is to show you some actual directives, -# not to be the authorative doc source. -# -# Please note that rsyslogd by default -# reads /etc/rsyslogd.conf (and NOT /etc/syslogd.conf!). -# -# A commented sample configuration. More a man page than a real -# sample ;) -# -# We try to keep things as consistent with existing syslog implementation -# as possible. We use "$" to start lines that contain new directives. - -# We limit who can send us messages: -$AllowedSender UDP, 192.0.2.0/24, 10.0.0.1 # all machines in 192.0.2 as well as 10.0.0.1 -$AllowedSender TCP, 10.0.0.1 # for TCP, we allow only 10.0.0.1 -# remove the AllowedSender directives if you do not want to limit -# who can send rsyslogd messages (not recommended) - -# Templates are a key feature of rsyslog. They allow to specify any -# format a user might want. Every output in rsyslog uses templates - this -# holds true for files, user messages and so on. The database writer -# expects its template to be a proper SQL statement - so this is highly -# customizable too. You might ask how does all of this work when no templates -# at all are specified. Good question ;) The answer is simple, though. Templates -# compatible with the stock syslogd formats are hardcoded into rsyslog. So if -# no template is specified, we use one of these hardcoded templates. Search for -# "template_" in syslogd.c and you will find the hardcoded ones. -# -# A template consists of a template directive, a name, the actual template text -# and optional options. A sample is: -# -# $template MyTemplateName,"\7Text %property% some more text\n", -# -# The "$template" is the template directive. It tells rsyslog that this -# line contains a template. -# -# "MyTemplateName" is the template name. All other config lines refer to -# this name. -# -# The text within quotes is the actual template text. The backslash is -# a escape character, much as in C. It does all these "cool" things. For -# example, \7 rings the bell (this is an ASCII value), \n is a new line. -# C programmers and perl coders have the advantage of knowing this, but the -# set in rsyslog is a bit restricted currently. All text in the template -# is used literally, except for things within percent signs. These are -# properties and allow you access to the contents of the syslog message. -# Properties are accessed via the property replacer (nice name, huh) and -# it can do cool things, too. For example, it can pick a substring or -# do date-specific formatting. More on this is below, on some lines of the -# property replacer. -# -# The part is optional. It carries options that influence the -# template as whole. Details are below. Be sure NOT to mistake template -# options with property options - the later ones are processed by the -# property replacer and apply to a SINGLE property, only (and not the -# whole template). -# -# Template options are case-insensitive. Currently defined are: -# sql - format the string suitable for a SQL statement. This will replace single -# quotes ("'") by two single quotes ("''") inside each field. This option MUST -# be specified when a template is used for writing to a database, otherwise SQL -# injection might occur. -# -# Please note that the database writer *checks* that the sql option is -# present in the template. If it is not present, the write database action -# is disabled. This is to guard you against accidential forgetting it and -# then becoming vulnerable for SQL injection. -# The sql option can also be useful with files - especially if you want -# to run them on another machine for performance reasons. However, do NOT -# use it if you do not have a real need for it - among others, it takes -# some toll on the processing time. Not much, but on a really busy system -# you might notice it ;) -# -# To escape: -# % = \% -# \ = \\ -# --> '\' is used to escape (as in C) -#$template TraditionalFormat,%timegenerated% %HOSTNAME% %syslogtag%%msg%\n" -# -# Properties can be accessed by the property replacer. They are accessed -# inside the template by putting them between percent signs. Properties -# can be modifed by the property replacer. The full syntax is as follows: -# -# %propname:fromChar:toChar:options% -# -# propname is the name of the property to access. This IS case-sensitive! -# Currently supported are: -# msg the MSG part of the message (aka "the message" ;)) -# rawmsg the message excactly as it was received from the -# socket. Should be useful for debugging. -# UxTradMsg will disappear soon - do NOT use! -# HOSTNAME hostname from the message -# source alias for HOSTNAME -# syslogtag TAG from the message -# PRI PRI part of the message - undecoded (single value) -# IUT the monitorware InfoUnitType - used when talking to a -# MonitorWare backend (also for phpLogCon) -# syslogfacility the facility from the message - in numerical form -# syslogpriority the priority (actully severity!) from the -# message - in numerical form -# timegenerated timestamp when the message was RECEIVED. Always in high -# resolution -# timereported timestamp from the message. Resolution depends on what -# was provided in the message (in most cases, only seconds) -# TIMESTAMP alias for timereported -# -# Other properties might be available at the time you read this. Be sure -# to consult the property replacer documentation in the doc set for all -# properties. -# -# FromChar and toChar are used to build substrings. They specify the -# offset within the string that should be copied. Offset counting -# starts at 1, so if you need to obtain the first 2 characters of the -# message text, you can use this syntax: "%msg:1:2%". -# If you do not whish to specify from and to, but you want to -# specify options, you still need to include the colons. For example, -# if you would like to convert the full message text to lower case -# only, use "%msg:::lowercase%". -# -# property options are case-insensitive, currently defined are: -# uppercase convert property to lowercase only -# lowercase convert property text to uppercase only -# drop-last-lf The last LF in the message (if any), is dropped. -# Especially useful for PIX. -# date-mysql format as mysql date -# date-rfc3164 format as RFC 3164 date -# date-rfc3339 format as RFC 3339 date -# escape-cc NOT yet implemented - -# Below find some samples of what a template can do. Have a good -# time finding out what they do [or just tun them] ;) - -# A template that resambles traditional syslogd file output: -$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n" - -# a template useful for debugging format issues -$template DEBUG,"Debug line with all properties:\nFROMHOST: '%FROMHOST%', HOSTNAME: '%HOSTNAME%', PRI: %PRI%,\nsyslogtag '%syslogtag%', programname: '%programname%', APP-NAME: '%APP-NAME%', PROCID: '%PROCID%', MSGID: '%MSGID%',\nTIMESTAMP: '%TIMESTAMP%', STRUCTURED-DATA: '%STRUCTURED-DATA%',\nmsg: '%msg%'\nescaped msg: '%msg:::drop-cc%'\nrawmsg: '%rawmsg%'\n\n" -# -# A template that resembles RFC 3164 on-the-wire format: -# (yes, there is NO space betwen syslogtag and msg! that's important!) -$template RFC3164fmt,"<%PRI%>%TIMESTAMP% %HOSTNAME% %syslogtag%%msg%" - -# a template resembling traditional wallmessage format: -$template wallmsg,"\r\n\7Message from syslogd@%HOSTNAME% at %timegenerated% ...\r\n %syslogtag%%msg%\n\r" - -# The template below emulates winsyslog format, but we need to check the time -# stamps used. for now, it is good enough ;) This format works best with -# other members of the MonitorWare product family. It is also a good sample -# where you can see the property replacer in action. -$template WinSyslogFmt,"%HOSTNAME%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%timegenerated:1:10:date-rfc3339%,%timegenerated:12:19:date-rfc3339%,%syslogfacility%,%syslogpriority%,%syslogtag%%msg%\n" - -# A template used for database writing (notice it *is* an actual -# sql-statement): -$template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values ('%msg%', %syslogfacility%, '%HOSTNAME%',%syslogpriority%, '%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, '%syslogtag%')",sql - -# Selector lines are somewhat different from stock syslogd. With -# rsyslog, you can add a semicolon ";" after the target and then -# the template name. That will assign this template to the respective -# action. If no template name is given, a hardcoded template is used. -# If a template name is given, but the template was not defined, the -# selector line is DEACTIVATED. -# -# ############# -# # IMPORTANT # -# ############# -# Templates MUST be defined BEFORE they are used! It is OK to -# intermix template definitions and selector lines within the -# config file, but each template MUST be defined before it is -# used the first time! -# - -# We have some very rough samples here - This sample file focusses -# on the new syntax, so we do NOT describe all possible selections. -# Use the syslog.conf if you are interested to see how to select -# based on facility and severits (aka priority). - -*.* /var/log/winsyslog-like.log;WinSyslogFmt - -# A selector using the traditional format defined above: -*.* /var/log/traditionalfile.log;TraditionalFormat - -# And another one using the hardcoded traditional format: -*.* /var/log/anothertraditionalfile.log - -# Templates are also fully supportd for forwarding: -*.* @172.19.2.16;RFC3164fmt - -# And this finally is a database action -# The semicolon at the end is not necessary, -# but some previous versions of rsyslogd had a bug that -# made them abort if it were missing. As Dennis Olvany -# pointed out, it would be extremely nice to have this -# semicolon in the sample conf - so we did in a previous -# version and it still sticks around ;) -*.* >hostname,dbname,userid,password; -# It uses the default schema (MonitorWare format). The parameters -# should be self-explanatory. - -# And this one uses the template defined above: -*.* >hostname,dbname,userid,password;dbFormat - - -# -# Rsyslog supports TCP-based syslog. To enable receiving TCP messages, -# use the -t command line option (where port is the port it -# shall listen to. To forward messages to the remote host, you must -# specify a forwarding action and include the host and port. TCP -# and UDP-based forwarding has basically the same syntax, except that -# TCP delivery is triggered by specifying a second at-sign (@) in the -# message. -# This is UDP forwarding to port 514: -*.* @172.19.2.16 -# This is UDP forwarding to port 1514: -*.* @172.19.2.16:1514 -# This is TCP forwarding to port 1514: -*.* @@172.19.2.16:1514 -# The second @-sign is all you need (except, of course, a tcp-capable -# syslogd like rsyslogd ;)). -# Of course, you can also specify a template with TCP: -*.* @@172.19.2.16:1514;RFC3164Fmt -# There are also some options you can select. These come between -# paranthesis. Available are: -# z - turn on compression, number is compression mode 0 - none, 9 max -# o - (tcp only) use octet counting for framing EXPERIMENTAL -# -# Forward via TCP with maximum compression and octet couting framing: -*.* @@(z9,o)172.19.2.16:1514;RFC3164Fmt -# Forward via UDP with maximum compression to port 1514 -*.* @(z9)172.19.2.16:1514 - -# We also support property-based filters, which allow for nice -# things. Let's for example assume that you receive a lot of -# nonsense messages with "ID-4711" in the message text. You know -# that you will never need these messages. So you simply discard them -:msg, contains, "ID-4711" ~ - -# or you would like to store messages from a specific host to -# a different file: -:FROMHOST, isequal,"myhost.example.com" /var/log/myhost.log - -# everyting that does not contain "error" should also be -# discarded -:msg, !contains, "error" ~ -# and the rest go to a seperate file -*.* /var/log/error -# (keep in mind that the two directives shown immediately -# above must be kept in that order to actually work) - -# you can also execute a script. Let's assume, for example, you need -# to execute "turn-diesel-generator-on" when "power failed" is contained -# in a message... ;) -:msg, contains, "power failed" ^turn-diesel-generator-on -# (The script is passed the syslog message as first and only parameter. -# Other parameters can currently not be specified.) - -# Note that boolean operations (other than not [!]) are not -# currently supported. As such, you can not filter out different -# facilities from different machines - hopefully later ;) - -# -# A final world. rsyslog is considered a part of Adiscon's MonitorWare product line. -# As such, you can find current information as well as information on the -# other product line members on http://www.monitorware.com. Please be warned, there -# are a number of closed-source commercial Windows applications among these products ;) -# -# You might want to check the GPL'ed phpLogCon (http://www.phplogcon.org) -# as a web-based front-end to a syslog message database. -# -# I hope this work is useful. -# 2005-09-27 Rainer Gerhards -# -- cgit v1.2.3