Configuration

Syslog client

The configuration file for client is optional. Its name is syslog.host and it should contain host name or IPv4 address optionally followed by the colon and the port number. By default port is 514. If the file is missing then localhost is assumed.

This may look a bit ugly but if you have a better idea, send me a patch. But keep in mind that client should not have any dependencies like daemon.

Syslog daemon

The concept is quite simple: there are message sources, message filters and destinations. Each item has its unique (among other items of the same kind) name. The logpath ties together source, filter and destination.

Only one of the items of each kind may be specified in logpath. But several logpaths may refer to the same source, filter or destination.

The configuration file for daemon has XML format. It is not so convinient as its counterpart for any UNIX syslog. Following the windows way I plan to implement GUI configuration tool. So its content is not intended to be convinient for human.

The root element should be conf. It is not checked by the parser however. Top-level elements and their attributes are described below.

<source/>

Attributes

name

Required. The name of message source.

type

Required. There are two source types: internal and udp. Internal type corresponds to syslog daemon itself and udp defines a listening UDP socket.

interface

Optional. If the source type is udp, it defines interface the socket will be bound to. Default is 0.0.0.0.

port

Optional. If source type is udp it defines listening port number. Default is 514.

<destination/>

Attributes

name

Required. The name of the destination. The type of destination may be either “file” or “relay”. It is determined by the presence of attributes “file” or “collector” respectively.

file

The presence of this attribute defines destination type as “file”. The value of attribute is a pattern for the file name. It may contain the following format characters:

FormatDescription
%Yfour-digit year
%Mtwo-digit month, 01...12
%mmonth, 1...12
%Dtwo-digit day of month, 01...31
%dday of month, 1...31
%Wday of week, 1...7, 1 for sunday
%Ffacility name
%ffacility in numeric form
%Lpriority level name
%lpriority level in numeric form
%Hsource host name (a “device”, according to RFC 3164)
%hsender host name (datagram sender, which may be device or relay)
%Pprogram name
%%% character

rotate

File-specific, optional. Rotate log files periodically. Possible values are: daily, weekly, monthly.

Note that if rotation is turned on then it is strongly recommended not to use format characters in the filename pattern.

size

File-specific, optional. Log files are rotated when they grow bigger then size bytes. If size is followed by M, the size if assumed to be in megabytes. If the k is used, the size is in kilobytes. So size 100, size 100k, and size 100M are all valid.

backlogs

File-specific, optional. If rotation is turned on this attribute specifies the number of backlog files.

ifempty

File-specific, optional. Rotate the log file even if it is empty. Possible values are: yes, no. Default is yes.

olddir

File-specific, optional. Logs are moved to this directory for rotation. If value is a relative path then this directory will be located in the same directory with syslogd executable.

compresscmd

File-specific, optional. Command to use to compress log file.

compressoptions

File-specific, optional. Command line options may be passed to the compression program, if one is in use. Options may contain $PATHNAME and $FILENAME substrings which will be replaced with backlog pathname and basename respectively.

collector

The presence of this attribute defines destination type as “relay”. The value of attribute is a name or IPv4 address of the collector optionally followed by the colon and port number.

omit_hostname

Relay-specific, optional. Do not include source hostname in the datagramm. Some syslog daemons by default do not rely on the hostname part of datagramm and insert actual sender hostname in the logged message. Note that ommiting hostname violates RFC 3164. Possible values are: yes, no. Default is no

<filter/>

Attributes

name

Required. The name of the filter.

This element may contain sub-elements facility and priority.

<facility/>

Attributes

name

Facility name. May be one of the following:

kern
user
mail
daemon
auth
syslog
lpr
news
uucp
cron
authpriv
ftp
local0
local1
local2
local3
local4
local5
local6
local7

value

Alternatively, the facility may be given in the numeric form. Possible range is 0...23.

<priority/>

Attributes

name

Priority name. May be one of the following:

emerg
alert
crit
error
warning
notice
info
debug

value

Alternatively, the priority may be given in the numeric form. Possible range is 0...7.

<logpath/>

Attributes

source

Required. The name of the source.

filter

Optional. The name of the filter.

destination

Required. The name of the destination.

<purge/>

When destination file name contains format characters, this option is quite useful.

Attributes

directory

Required. Directory to purge. Must be a relative path inside logdir (see configuration options below).

keep_days

Required. How long to keep files.

<options/>

Attributes

logdir

Required. Drectory for the log files. If value is a relative path then this directory will be located in the same directory with syslogd executable.

dns

Optional. Use resolver to determine sender host name. Possible values are: yes, no. Default is yes.

source_encoding

Optional. Convert incoming messages from specified encoding to destination_encoding. Default is do not convert.

destination_encoding

Required, if source_encoding is given.

mark_interval

Optional. Interval in second between emissions of mark message. Zero means do not emit mark messages and this is the default value.

mark_message

Optional. The content of mark message. Default is “-- MARK --”.

hold

Optional. Number of seconds to hold a single message in queue. During this time identical messages are coalesced. Minimum is 1, default is 3 seconds.


Syslog for windows

    Project
    Download
    Documentation
       Compiling
      +Configuration <-
       Syslogd
       Logger
       Test
       Internals

DocBook
Libxslt
GIMP
SourceForge
$Date: 2005/10/17 19:30:14 $HomeCreated by Alexander Yaworsky