This repository has been archived by the owner on Jul 9, 2019. It is now read-only.
sosyslog is a modular syslog daemon
License
rhaamo/sosyslog
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
SPECIAL NOTE ------------ Most of the documentation and examples are on the manual pages provided. They are meant to be the ultimate reference. See im_bsd.8, im_linux.8 im_udp.8, om_mysql.8, om_regex.8, peochk.8 im_doors.8, im_streams.8 im_unix.8, om_peo.8, om_tcp.8, syslog.conf.5, im_file.8, im_tcp.8 om_classic.8, om_pgsql.8, om_udp.8, and syslogd.8. Installation ------------ Please read the file INSTALL. About sosyslog -------------------- sosyslog is a fork of MSyslog, there is the MSyslog original description: This is a daemon for the syslog system log interface. It is based on OpenBSD's syslog daemon implementation, with many improvements (ie. log hash protection). This project is intended as a whole revision of previous Secure Syslogd project (wich is unsupported by now). It has all functionalities and some more. The remaining things are Solaris support and Audit compatibility (on the works). There are also a few lines taken from the sysklogd project, wich got them modified from BSD. Specifically the '!', '=' use on configuration. Reporting Bugs -------------- Contact directly the authors at rhaamo@gruik.at. Describe much as possible bugs and provide patchs if possible ;) Known Bugs ---------- - If a module blocks on I/O the hole daemon blocks, and messages can get lost on extremely busy hosts. Main differences with previous BSD syslog ----------------------------------------- The whole internal structure was redesigned to work with input and output modules, standarizing interfaces to facilitate development for using special devices and flexible configurations. Special care was taken to remain backwards compatible on configuration files. You can use you previous BSD config files with this improved version of syslog. A new notation was made for configuration of modules. This new approach allows adding new functionality without complicating the code. Current available output modules are classic, mysql, peo, pgsql, regex and tcp. Available input modules are bsd, linux, unix, tcp and udp. Classic Output Module --------------------- Performs the previous BSD syslogd output tasks: save to a file or pipe, forward to a remote host though UDP, mail a user, send a message to a console, send a message to a tty, send message to all users (WALL). MySQL Output Module ------------------- Performs loggin in a MySQL server, either local or remote. The table format must be specified as om_mysql(8) manpage. PostgreSQL Output Module ------------------------ Performs loggin in a PostgreSQL server, either local or remote. The table format must be specified as om_pgsql(8) manpage. Regular Expression Output Module -------------------------------- This module acts as a filter, applying a regular expression to a message, hour, date or host. If message matches all, the next module in the configuration file is called. If reverse flag is used, pass all but matching messages. See om_regex(8) manpage for more details. Peo Output Module ----------------- This module does hash protection on logs. See om_peo(8) manpage for more information on useage. TCP Output Module ----------------- Send messages t an TCP socket. Use it simply as this on command line -i tcp -h <host> -p <port number> -s <bytes>. You may specify an optional buffer to save lines on dropped connections with -s. BSD Input Module ---------------- Gets messages from a BSD special kernel logging device. Use it simply as this on command line -i /dev/klog. Linux Input Module ------------------ Gets messages from a Linux special kernel logging device. Read im_linux(8) manpage for more details. UDP Input Module ---------------- Read messages from an UDP socket. Use it simply as this on command line -i udp <port number>. The port number is optional, and default is the one specified on /etc/services for "udp" and "syslog". TCP Input Module ---------------- Read messages from an TCP socket. Use it simply as this on command line -i tcp -h <host> -p <port number>. Unix Input Module ----------------- Reads messages from a unix domain socket. Use it simply as this on command line -i 'unix /dev/log' or -i unix:/dev/log. Streams Input Module -------------------- This module handles stream devices (Solaris, and other SYSV like). Invoke on command line like this -i streams or -i streams:/dev/log (or equivalent). Note: this module may require Doors input module to work. Doors Input Module ------------------ May be needed on for other input modules. Invoke it like this on command line -i doors or -i doors:/etc/.syslog_door (or equivalent). OpenBSD binary packages ----------------------- It is possible to generate two OpenBSD packages: sosyslog and sosyslog-devel the first contains the sosyslog binaries and the other some files for external module makers (external module means: a module not included into the "libsosyslog.so.X.X" library, this module should be named "libsosyslog_<modulenaem>.so" and located into the sosyslog library directory). To generate the packages some steps should be done: $ ./configure $ make ports This generates three tar balls: sosyslog-vX.XX-src.tar.gz, sosyslog_port-X.XX.tgz, and sosyslog_port-devel-X.XX.tgz. A common way to generate the packages is: $ sudo cp sosyslog-vX.XX-src.tar.gz /usr/ports/distfiles/ $ tar zxf sosyslog_port-X.XX.tgz $ tar zxf sosyslog_port-devel-X.XX.tgz $ cd sosyslog_port-X.XX && make && sudo make package $ cd ../sosyslog_port-devel-X.XX && make && sudo make package Both packages will be created at /usr/ports/packages/<plat>/All. You can avoid the sudo command by using DISTDIR and PACKAGES variables (see bsd.port.mk(5)).
About
sosyslog is a modular syslog daemon
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published