Package: rsyslog
Version: 8.2404.0-2
Severity: minor
Tags: patch
Dear Maintainer,
* What led up to the situation?
Checking for defects with
[test-]groff -mandoc -t -K utf8 -ww -b -z < "man page"
[test-groff is a script in the repository for "groff"]
* What was the outcome of this action?
an.tmac:<stdin>:93: warning: cannot nest .TP or .TQ inside .TP; supply a tag
* What outcome did you expect instead?
No output (warnings).
-.-
Remarks and a patch are in the attachments.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.7.12-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1),
LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages rsyslog depends on:
ii libc6 2.38-12
ii libestr0 0.1.11-1+b1
ii libfastjson4 1.2304.0-1+b1
ii liblognorm5 2.0.6-4+b1
ii libsystemd0 256~rc4-1
ii libuuid1 2.40.1-8
ii libzstd1 1.5.5+dfsg2-2
ii zlib1g 1:1.3.dfsg+really1.3.1-1
Versions of packages rsyslog recommends:
ii logrotate 3.21.0-2
Versions of packages rsyslog suggests:
ii rsyslog-doc 8.2404.0+dfsg-1
pn rsyslog-gssapi <none>
pn rsyslog-mongodb <none>
pn rsyslog-mysql | rsyslog-pgsql <none>
pn rsyslog-openssl | rsyslog-gnutls <none>
pn rsyslog-relp <none>
-- no debconf information
Any program (person), that produces man pages, should check its content for
defects by using
groff -mandoc -t -ww -b -z [ -K utf8 | k ] <man page>
The same goes for man pages that are used as an input.
For a style guide use
mandoc -T lint
-.-
So any generator should check its products with the above mentioned
'groff' and additionally with 'nroff ...'.
This is just a simple quality control measure.
The generator may have to be corrected to get a better man page,
the source file may, and any additional file may.
-.-
The difference between the formatted outputs can be seen with:
nroff -mandoc <file1> > <out1>
nroff -mandoc <file2> > <out2>
diff -u <out1> <out2>
and for groff, using
"printf '%s\n%s\n' '.kern 0' '.ss 12 0' | groff -mandoc -Z - "
instead of "nroff -mandoc"
Add the option "-t", if the file contains a table.
Read the output of "diff -u" with "less -R" or similar.
-.-.
If "man" (man-db) is used to check the manual for warnings,
the following must be set:
The option "-warnings=w"
The environmental variable:
export MAN_KEEP_STDERR=yes (or any non-empty value)
or
(produce only warnings):
export MANROFFOPT="-ww -z"
export MAN_KEEP_STDERR=yes (or any non-empty value)
-.-.
Output from "mandoc -T lint rsyslog.conf.5": (possibly shortened list)
mandoc: rsyslog.conf.5:31:96: STYLE: input text line longer than 80 bytes:
manpage. Rsyslog.con...
mandoc: rsyslog.conf.5:92:2: WARNING: line scope broken: TP breaks TP
mandoc: rsyslog.conf.5:134:85: STYLE: input text line longer than 80 bytes:
Rsyslog.conf should ...
mandoc: rsyslog.conf.5:138:94: STYLE: input text line longer than 80 bytes:
Global directives se...
mandoc: rsyslog.conf.5:139:85: STYLE: input text line longer than 80 bytes:
message queue ($Main...
mandoc: rsyslog.conf.5:140:85: STYLE: input text line longer than 80 bytes: All
global directive...
mandoc: rsyslog.conf.5:141:95: STYLE: input text line longer than 80 bytes: a
dollar-sign. The c...
mandoc: rsyslog.conf.5:146:91: STYLE: input text line longer than 80 bytes:
Templates allow you ...
mandoc: rsyslog.conf.5:147:90: STYLE: input text line longer than 80 bytes:
file name generation...
mandoc: rsyslog.conf.5:152:84: STYLE: input text line longer than 80 bytes:
Output channels prov...
mandoc: rsyslog.conf.5:153:90: STYLE: input text line longer than 80 bytes:
They have to be defi...
mandoc: rsyslog.conf.5:158:83: STYLE: input text line longer than 80 bytes:
Every rule line cons...
mandoc: rsyslog.conf.5:159:84: STYLE: input text line longer than 80 bytes: two
fields are separ...
mandoc: rsyslog.conf.5:181:81: STYLE: input text line longer than 80 bytes: and
should not be us...
mandoc: rsyslog.conf.5:234:93: STYLE: input text line longer than 80 bytes: The
action field of ...
mandoc: rsyslog.conf.5:235:90: STYLE: input text line longer than 80 bytes: is
written to a kind...
mandoc: rsyslog.conf.5:239:93: STYLE: input text line longer than 80 bytes:
Typically messages a...
mandoc: rsyslog.conf.5:244:113: STYLE: input text line longer than 80 bytes:
*.* /var/log/tra...
mandoc: rsyslog.conf.5:265:92: STYLE: input text line longer than 80 bytes:
This version of rsys...
mandoc: rsyslog.conf.5:266:90: STYLE: input text line longer than 80 bytes:
named pipe can be us...
mandoc: rsyslog.conf.5:267:93: STYLE: input text line longer than 80 bytes: to
the name of the f...
mandoc: rsyslog.conf.5:271:89: STYLE: input text line longer than 80 bytes: If
the file you spec...
mandoc: rsyslog.conf.5:274:90: STYLE: input text line longer than 80 bytes:
There are three ways...
mandoc: rsyslog.conf.5:275:90: STYLE: input text line longer than 80 bytes:
lossy but standard, ...
mandoc: rsyslog.conf.5:276:86: STYLE: input text line longer than 80 bytes:
situations but is wi...
mandoc: rsyslog.conf.5:279:89: STYLE: input text line longer than 80 bytes: To
forward messages ...
mandoc: rsyslog.conf.5:280:90: STYLE: input text line longer than 80 bytes: To
forward it via pl...
mandoc: rsyslog.conf.5:288:96: STYLE: input text line longer than 80 bytes: In
the example above...
mandoc: rsyslog.conf.5:289:96: STYLE: input text line longer than 80 bytes:
port defaults to 514...
mandoc: rsyslog.conf.5:290:95: STYLE: input text line longer than 80 bytes: If
you expect high t...
mandoc: rsyslog.conf.5:293:94: STYLE: input text line longer than 80 bytes:
Sockets for forwarde...
mandoc: rsyslog.conf.5:301:96: STYLE: input text line longer than 80 bytes: In
the example above...
mandoc: rsyslog.conf.5:302:83: STYLE: input text line longer than 80 bytes: the
device eth0. TCP...
mandoc: rsyslog.conf.5:304:90: STYLE: input text line longer than 80 bytes: For
Linux with VRF s...
mandoc: rsyslog.conf.5:313:94: STYLE: input text line longer than 80 bytes:
Keep in mind that yo...
mandoc: rsyslog.conf.5:327:95: STYLE: input text line longer than 80 bytes:
Emergency messages o...
mandoc: rsyslog.conf.5:328:83: STYLE: input text line longer than 80 bytes: is
happening with th...
mandoc: rsyslog.conf.5:332:81: STYLE: input text line longer than 80 bytes: By
default, a Monito...
mandoc: rsyslog.conf.5:333:94: STYLE: input text line longer than 80 bytes:
create that schema w...
mandoc: rsyslog.conf.5:334:95: STYLE: input text line longer than 80 bytes: use
any other schema...
mandoc: rsyslog.conf.5:340:92: STYLE: input text line longer than 80 bytes: If
the discard actio...
mandoc: rsyslog.conf.5:341:93: STYLE: input text line longer than 80 bytes: can
be highly effect...
mandoc: rsyslog.conf.5:342:83: STYLE: input text line longer than 80 bytes:
fill your log files....
mandoc: rsyslog.conf.5:343:89: STYLE: input text line longer than 80 bytes:
This often plays wel...
mandoc: rsyslog.conf.5:355:97: STYLE: input text line longer than 80 bytes:
Binds an output chan...
mandoc: rsyslog.conf.5:356:99: STYLE: input text line longer than 80 bytes:
must start with a $-...
mandoc: rsyslog.conf.5:357:96: STYLE: input text line longer than 80 bytes: to
the action, use "...
mandoc: rsyslog.conf.5:361:98: STYLE: input text line longer than 80 bytes:
This executes a prog...
mandoc: rsyslog.conf.5:362:103: STYLE: input text line longer than 80 bytes:
only command line pa...
mandoc: rsyslog.conf.5:369:105: STYLE: input text line longer than 80 bytes:
The program-to-execu...
mandoc: rsyslog.conf.5:380:2: ERROR: skipping end of block that is not open: RE
mandoc: rsyslog.conf.5:380:2: WARNING: skipping paragraph macro: br before sp
mandoc: rsyslog.conf.5:384:91: STYLE: input text line longer than 80 bytes:
They have been kept ...
mandoc: rsyslog.conf.5:385:95: STYLE: input text line longer than 80 bytes:
effective and also n...
mandoc: rsyslog.conf.5:386:95: STYLE: input text line longer than 80 bytes:
need to filter based...
mandoc: rsyslog.conf.5:387:81: STYLE: input text line longer than 80 bytes: not
second-class cit...
mandoc: rsyslog.conf.5:390:103: STYLE: input text line longer than 80 bytes:
Property-based filte...
mandoc: rsyslog.conf.5:393:99: STYLE: input text line longer than 80 bytes: A
property-based fil...
mandoc: rsyslog.conf.5:394:94: STYLE: input text line longer than 80 bytes:
filter type. The col...
mandoc: rsyslog.conf.5:395:103: STYLE: input text line longer than 80 bytes:
operation to carry o...
mandoc: rsyslog.conf.5:396:90: STYLE: input text line longer than 80 bytes:
There can be spaces ...
mandoc: rsyslog.conf.5:397:108: STYLE: input text line longer than 80 bytes:
case-sensitive, so "...
mandoc: rsyslog.conf.5:413:112: STYLE: input text line longer than 80 bytes:
Compares the "value"...
mandoc: rsyslog.conf.5:442:17: WARNING: undefined escape, printing literally: \\
mandoc: rsyslog.conf.5:442:18: WARNING: undefined escape, printing literally: \7
mandoc: rsyslog.conf.5:446:85: STYLE: input text line longer than 80 bytes:
contains a template....
mandoc: rsyslog.conf.5:447:88: STYLE: input text line longer than 80 bytes:
bell (this is an ASC...
mandoc: rsyslog.conf.5:452:81: STYLE: input text line longer than 80 bytes:
message. Properties ...
mandoc: rsyslog.conf.5:453:86: STYLE: input text line longer than 80 bytes:
pick a substring or ...
mandoc: rsyslog.conf.5:478:85: STYLE: input text line longer than 80 bytes: The
<options> part i...
mandoc: rsyslog.conf.5:479:86: STYLE: input text line longer than 80 bytes: See
details below. B...
mandoc: rsyslog.conf.5:480:86: STYLE: input text line longer than 80 bytes:
later ones are proce...
mandoc: rsyslog.conf.5:488:88: STYLE: input text line longer than 80 bytes:
format the string su...
mandoc: rsyslog.conf.5:490:100: STYLE: input text line longer than 80 bytes:
("\'" and "\\") insi...
mandoc: rsyslog.conf.5:495:90: STYLE: input text line longer than 80 bytes:
format the string su...
mandoc: rsyslog.conf.5:496:96: STYLE: input text line longer than 80 bytes: sql
server. This wil...
mandoc: rsyslog.conf.5:497:90: STYLE: input text line longer than 80 bytes: You
must use stdsql ...
mandoc: rsyslog.conf.5:581:88: STYLE: input text line longer than 80 bytes:
Output Channels are ...
mandoc: rsyslog.conf.5:582:82: STYLE: input text line longer than 80 bytes: it
is most likely th...
mandoc: rsyslog.conf.5:583:88: STYLE: input text line longer than 80 bytes: So
if you use them, ...
mandoc: rsyslog.conf.5:586:84: STYLE: input text line longer than 80 bytes:
Output channels are ...
mandoc: rsyslog.conf.5:592:87: STYLE: input text line longer than 80 bytes:
name is the name of ...
mandoc: rsyslog.conf.5:593:91: STYLE: input text line longer than 80 bytes:
written to, max-size...
mandoc: rsyslog.conf.5:594:90: STYLE: input text line longer than 80 bytes:
when the max size is...
mandoc: rsyslog.conf.5:595:90: STYLE: input text line longer than 80 bytes:
that part of action-...
mandoc: rsyslog.conf.5:598:90: STYLE: input text line longer than 80 bytes:
Keep in mind that $o...
mandoc: rsyslog.conf.5:599:91: STYLE: input text line longer than 80 bytes: To
do so, you must u...
mandoc: rsyslog.conf.5:607:91: STYLE: input text line longer than 80 bytes: The
property replace...
mandoc: rsyslog.conf.5:608:92: STYLE: input text line longer than 80 bytes: a
number of well-def...
mandoc: rsyslog.conf.5:609:94: STYLE: input text line longer than 80 bytes:
manipulated by the p...
mandoc: rsyslog.conf.5:613:94: STYLE: input text line longer than 80 bytes:
Syslog message prope...
mandoc: rsyslog.conf.5:614:98: STYLE: input text line longer than 80 bytes:
percent signs. Prope...
mandoc: rsyslog.conf.5:629:87: STYLE: input text line longer than 80 bytes: the
message exactly ...
mandoc: rsyslog.conf.5:635:102: STYLE: input text line longer than 80 bytes:
hostname of the syst...
mandoc: rsyslog.conf.5:642:97: STYLE: input text line longer than 80 bytes: the
"static" part of...
mandoc: rsyslog.conf.5:652:94: STYLE: input text line longer than 80 bytes: the
monitorware Info...
mandoc: rsyslog.conf.5:670:112: STYLE: input text line longer than 80 bytes:
timestamp from the m...
mandoc: rsyslog.conf.5:676:85: STYLE: input text line longer than 80 bytes: The
contents of the ...
mandoc: rsyslog.conf.5:679:84: STYLE: input text line longer than 80 bytes: The
contents of the ...
mandoc: rsyslog.conf.5:709:93: STYLE: input text line longer than 80 bytes:
Properties starting ...
mandoc: rsyslog.conf.5:713:96: STYLE: input text line longer than 80 bytes:
FromChar and toChar ...
mandoc: rsyslog.conf.5:714:97: STYLE: input text line longer than 80 bytes:
should be copied. Of...
mandoc: rsyslog.conf.5:715:98: STYLE: input text line longer than 80 bytes: the
message text, yo...
mandoc: rsyslog.conf.5:716:96: STYLE: input text line longer than 80 bytes: but
you want to spec...
mandoc: rsyslog.conf.5:717:98: STYLE: input text line longer than 80 bytes:
like to convert the ...
mandoc: rsyslog.conf.5:718:96: STYLE: input text line longer than 80 bytes:
extract from a posit...
mandoc: rsyslog.conf.5:724:97: STYLE: input text line longer than 80 bytes:
This tells rsyslog t...
mandoc: rsyslog.conf.5:728:99: STYLE: input text line longer than 80 bytes: by
the string "--end...
mandoc: rsyslog.conf.5:729:101: STYLE: input text line longer than 80 bytes: If
you are using reg...
mandoc: rsyslog.conf.5:730:95: STYLE: input text line longer than 80 bytes:
that matches the reg...
mandoc: rsyslog.conf.5:733:102: STYLE: input text line longer than 80 bytes:
Also, extraction can...
mandoc: rsyslog.conf.5:734:98: STYLE: input text line longer than 80 bytes: in
its current defin...
mandoc: rsyslog.conf.5:735:96: STYLE: input text line longer than 80 bytes:
default is TAB (US-A...
mandoc: rsyslog.conf.5:736:106: STYLE: input text line longer than 80 bytes:
specifying a comma a...
mandoc: rsyslog.conf.5:737:103: STYLE: input text line longer than 80 bytes: to
use comma (",") a...
mandoc: rsyslog.conf.5:738:101: STYLE: input text line longer than 80 bytes:
this is a quicker wa...
mandoc: rsyslog.conf.5:739:105: STYLE: input text line longer than 80 bytes:
counting starts at 1...
mandoc: rsyslog.conf.5:740:105: STYLE: input text line longer than 80 bytes:
happens if a field n...
mandoc: rsyslog.conf.5:741:104: STYLE: input text line longer than 80 bytes:
must be placed in th...
mandoc: rsyslog.conf.5:742:97: STYLE: input text line longer than 80 bytes:
property is extracte...
mandoc: rsyslog.conf.5:745:105: STYLE: input text line longer than 80 bytes:
Please note that the...
mandoc: rsyslog.conf.5:746:102: STYLE: input text line longer than 80 bytes:
will return an error...
mandoc: rsyslog.conf.5:750:84: STYLE: input text line longer than 80 bytes:
Property options are...
mandoc: rsyslog.conf.5:771:245: STYLE: input text line longer than 80 bytes:
replace control char...
mandoc: rsyslog.conf.5:777:152: STYLE: input text line longer than 80 bytes:
drop control charact...
mandoc: rsyslog.conf.5:802:98: STYLE: input text line longer than 80 bytes: The
complete documen...
mandoc: rsyslog.conf.5:808:98: STYLE: input text line longer than 80 bytes:
Please note that the...
mandoc: rsyslog.conf.5:809:96: STYLE: input text line longer than 80 bytes: the
HTML documentati...
-.-.
Change two HYPHEN-MINUSES (code 0x2D) to an em-dash (\(em),
if one is intended. An en-dash is usually surrounded by a space,
while an em-dash is used without spaces.
"man" (1 byte characters in input) transforms an en-dash (\(en) to one
HYPHEN-MINUS,
and an em-dash to two HYPHEN-MINUSES without considering the space
around it.
If "--" are two single "-" (end of options) then use "\-\-".
rsyslog.conf.5:460: \\ = \\\\ --> '\\' is used to escape (as in C)
rsyslog.conf.5:728:by the string "--end". It denotes the end of the regular
expression and will not become part of it.
rsyslog.conf.5:731:expression is: "%msg:R:.*Sev:. \\(.*\\) \\[.*--end%"
-.-.
Change (or include a "FIXME" paragraph about) misused SI (metric)
numeric prefixes (or names) to the binary ones, like Ki (kibi), Mi
(mebi), Gi (gibi), or Ti (tebi), if indicated.
If the metric prefixes are correct, add the definitions or an
explanation to avoid misunderstanding.
442:.B $template MyTemplateName,"\\\\7Text %property% some more
text\\\\n",<options>
560:$template wallmsg,"\\r\\n\\7Message from syslogd@%HOSTNAME% at
%timegenerated%"
-.-.
Mark a full stop (.) and the exclamation mark (!) with "\&",
if it does not mean an end of a sentence.
This is a preventive action,
the paragraph could be reshaped, e.g., after changes.
When typing, one does not always notice when the line wraps after the
period.
There are too many examples of input lines in manual pages,
that end with an abbreviation point.
This marking is robust, and independent of the position on the line.
It corresponds to "\ " in TeX, and to "@:" in Texinfo.
175:specifies the subsystem that produced the message, i.e. all mail programs
log
231:An easier approach is probably to do if ... then based matching in script.
356:must start with a $-sign, e.g. if you would like to bind your output
channel definition "mychannel"
610:or manipulate the value, e.g. by converting all characters to lower case.
649:the PRI part of the message in a textual form (e.g. "syslog.info")
719:(e.g. %msg:10:$%, which will extract from position 10 to the end of the
string).
731:expression is: "%msg:R:.*Sev:. \\(.*\\) \\[.*--end%"
-.-.
Define a string "El" for an ellipsis, to avoid problems with the
full stops (can act as a control character or indicate the end of a
sentence).
Simplifies changes around this string (character)
.ds El \&.\^.\^.\&\"
or
.ds El \&.\|.\|.\&\"
rsyslog.conf.5:231:An easier approach is probably to do if ... then based
matching in script.
-.-.
Use "\e" to print the escape character instead of "\\" (which gets
interpreted in copy mode).
446:contains a template. The backslash is an escape character. For example, \\7
rings the
447:bell (this is an ASCII value), \\n is a new line. The set in rsyslog is a
bit restricted
458: % = \\%
460: \\ = \\\\ --> '\\' is used to escape (as in C)
462:$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg%\\n"
490:("\'" and "\\") inside each field. Please note that in MySQL configuration,
the NO_BACKSLASH_ESCAPES
534:%syslogtag%%msg:::drop-last-lf%\\n"
542:%syslogtag%,%msg%\\n"
554:$template usermsg," XXXX%syslogtag%%msg%\\n\\r"
560:$template wallmsg,"\\r\\n\\7Message from syslogd@%HOSTNAME% at
%timegenerated%"
569:into systemevents\\r\\n", SQL
731:expression is: "%msg:R:.*Sev:. \\(.*\\) \\[.*--end%"
-.-.
Change a HYPHEN-MINUS (code 0x2D) to a minus(-dash) (\-),
if it
is in front of a name for an option,
is a symbol for standard input,
is a single character used to indicate an option,
or is in the NAME section (man-pages(7)).
N.B. - (0x2D), processed as a UTF-8 file, is changed to a hyphen
(0x2010, groff \[u2010] or \[hy]) in the output.
1:.\" rsyslog.conf - rsyslogd(8) configuration file
18:.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
78:Input plugin for UDP syslog. Replaces the deprecated -r option. Can be
86:Input plugin for plain TCP syslog. Replaces the deprecated -t
168:below correspond to the similar LOG_-values in /usr/include/syslog.h.
262:file path with a minus sign ("-").
328:is happening with the system. To specify this wall(1)-feature use an
":omusrmsg:*".
334:use any other schema of your liking - you just need to define a proper
template and assign this
356:must start with a $-sign, e.g. if you would like to bind your output
channel definition "mychannel"
432:Every output in rsyslog uses templates - this holds true for files, user
460: \\ = \\\\ --> '\\' is used to escape (as in C)
479:See details below. Be sure NOT to mistake template options with property
options - the
517:vulnerable to SQL injection. The sql option can also be useful with files -
520:it - among others, it takes some toll on the processing time. Not much, but
on
646:PRI part of the message - undecoded (single value)
652:the monitorware InfoUnitType - used when talking to a MonitorWare backend
(also for phpLogCon)
655:the facility from the message - in numerical form
658:the facility from the message - in text form
661:severity from the message - in numerical form
664:severity from the message - in text form
709:Properties starting with a $-sign are so-called system properties. These do
NOT stem from the
728:by the string "--end". It denotes the end of the regular expression and
will not become part of it.
731:expression is: "%msg:R:.*Sev:. \\(.*\\) \\[.*--end%"
777:drop control characters - the resulting string will neither contain control
characters, escape sequences nor any other replacement character like space.
-.-.
Find a repeated word
! 357 --> all
-.-.
Add a comma (or \&) after "e.g." and "i.e.", or use English words
(man-pages(7)).
Abbreviation points should be protected against being interpreted as
an end of sentence, if they are not, and that independent of the
current place on the line.
175:specifies the subsystem that produced the message, i.e. all mail programs
log
356:must start with a $-sign, e.g. if you would like to bind your output
channel definition "mychannel"
610:or manipulate the value, e.g. by converting all characters to lower case.
649:the PRI part of the message in a textual form (e.g. "syslog.info")
719:(e.g. %msg:10:$%, which will extract from position 10 to the end of the
string).
-.-.
Wrong distance between sentences.
Separate the sentences and subordinate clauses; each begins on a new
line. See man-pages(7) ("Conventions for source file layout") and
"info groff" ("Input Conventions").
The best procedure is to always start a new sentence on a new line,
at least, if you are typing on a computer.
Remember coding: Only one command ("sentence") on each (logical) line.
E-mail: Easier to quote exactly the relevant lines.
Generally: Easier to edit the sentence.
Patches: Less unaffected text.
Search for two adjacent words is easier, when they belong to the same line,
and the same phrase.
The amount of space between sentences in the output can then be
controlled with the ".ss" request.
N.B.
The number of lines affected can be too large to be in the patch.
31:manpage. Rsyslog.conf is backward-compatible with sysklogd's syslog.conf
file. So if you migrate
45:Rsyslog has a modular design. Consequently, there is a growing number
46:of modules. See the HTML documentation for their full description.
78:Input plugin for UDP syslog. Replaces the deprecated -r option. Can be
86:Input plugin for plain TCP syslog. Replaces the deprecated -t
87:option. Can be used like this:
95:Input plugin for the RELP protocol. RELP can be used instead
97:syslog messages. Please note that plain TCP syslog does NOT
114:Kernel logging. To include kernel log messages, you need to do
122:Unix sockets, including the system log socket. You need to specify
126:in order to receive log messages from local system processes. This
141:a dollar-sign. The complete list of global directives can be found in HTML
documentation in doc
146:Templates allow you to specify format of the logged message. They are also
used for dynamic
147:file name generation. They have to be defined before they are used in
rules. For more info
153:They have to be defined before they are used in rules. For more info about
output channels
158:Every rule line consists of two fields, a selector field and an action
field. These
159:two fields are separated by one or more spaces or tabs. The selector field
specifies
165:priority, separated by a period ('.'). Both parts are case insensitive and
can
167:Both facilities and priorities are described in syslog(3). The names
mentioned
172:local0 through local7. The keyword security should not be used anymore and
mark
174:Anyway, you may want to specify and redirect these messages here. The
facility
175:specifies the subsystem that produced the message, i.e. all mail programs
log
180:emerg, panic (same as emerg). The keywords error, warn and panic are
deprecated
181:and should not be used anymore. The priority defines the severity of the
message.
184:priority and higher are logged according to the given action. Rsyslogd
behaves
189:priorities, depending on where it is used (before or after the period). The
193:statement using the comma (',') operator. You may specify as much
facilities as
194:you want. Remember that only the facility part from such a statement is
taken, a
198:(';') separator. Remember that each selector in the selector field is
capable
199:to overwrite the preceding ones. Using this behavior you can exclude some
203:more intuitively. You may precede every priority with an equals sign ('=')
to
204:specify only this single priority and not any of the above. You may also
(both
206:all that priorities, either exact this one or this and any higher priority.
If
211:BSD syslog behaviour. These restrictions stem back to sysklogd, exist
226:not want to match. For the above case, this selector is equivalent to the
231:An easier approach is probably to do if ... then based matching in script.
234:The action field of a rule describes what to do with the message. In
general, message content
235:is written to a kind of "logfile". But also other actions might be done,
like writing to a
239:Typically messages are logged to real files. The file has to be specified
with full pathname,
248:just remove the ";RSYSLOG_TraditionalFormat". That will select the default
256:By default, files are not synced after each write. To enable syncing
258:directive or the "sync" parameter to omfile. Enabling this option
265:This version of rsyslogd(8) has support for logging output to named pipes
(fifos). A fifo or
267:to the name of the file. This is handy for debugging. Note that the fifo
must be created with
280:To forward it via plain tcp, prepend two at signs ("@@"). To forward via
RELP, prepend the
289:port defaults to 514. Due to the nature of UDP, you will probably lose some
messages in transit.
302:the device eth0. TCP can be used by setting Protocol to "tcp" in the above
example.
316:forwarding. For full details, please see the HTML documentation.
319:Usually critical messages are also directed to ``root'' on that machine. You
322:by the login name. You may specify more than one
323:user by separating them with commas (','). If they're logged in they
328:is happening with the system. To specify this wall(1)-feature use an
":omusrmsg:*".
332:By default, a MonitorWare-compatible schema is required for this to work.
You can
333:create that schema with the createDB.SQL file that came with the rsyslog
package. You can also
340:If the discard action is carried out, the received message is immediately
discarded. Discard
342:fill your log files. To do that, place the discard actions early in your
log files.
355:Binds an output channel definition (see there for details) to this action.
Output channel actions
356:must start with a $-sign, e.g. if you would like to bind your output
channel definition "mychannel"
357:to the action, use "$mychannel". Output channels support template
definitions like all all other
361:This executes a program in a subshell. The program is passed the
template-generated message as the
362:only command line parameter. Rsyslog waits until the program terminates and
only then continues to run.
369:The program-to-execute can be any valid executable. It receives the
template string as a single parameter
385:effective and also needed for compatibility with stock syslogd
configuration files. If you just
386:need to filter based on priority and facility, you should do this with
selector lines. They are
390:Property-based filters are unique to rsyslogd. They allow one to filter on
any property, like HOSTNAME,
393:A property-based filter must start with a colon in column 0. This tells
rsyslogd that it is the new
394:filter type. The colon must be followed by the property name, a comma, the
name of the compare
395:operation to carry out, another comma and then the value to compare
against. This value must be quoted.
396:There can be spaces and tabs between the commas. Property names and compare
operations are
397:case-sensitive, so "msg" works, while "MSG" is an invalid property name. In
brief, the syntax is as follows:
413:Compares the "value" string provided and the property contents. These two
values must be exactly equal to match.
433:messages and so on. Templates compatible with the stock syslogd
434:formats are hardcoded into rsyslogd. If no template is specified, we use
435:one of these hardcoded templates. Search for "template_" in syslogd.c and
439:and optional options. A sample is:
445:The "$template" is the template directive. It tells rsyslog that this line
446:contains a template. The backslash is an escape character. For example, \\7
rings the
447:bell (this is an ASCII value), \\n is a new line. The set in rsyslog is a
bit restricted
451:signs. These are properties and allow you access to the contents of the
syslog
452:message. Properties are accessed via the property replacer and it can for
example
453:pick a substring or do date-specific formatting. More on this is the
PROPERTY REPLACER
474:This template can then be used when defining an output selector line. It
will
478:The <options> part is optional. It carries options influencing the template
as whole.
479:See details below. Be sure NOT to mistake template options with property
options - the
483:Template options are case-insensitive. Currently defined are:
488:format the string suitable for a SQL statement in MySQL format. This will
replace single
490:("\'" and "\\") inside each field. Please note that in MySQL configuration,
the NO_BACKSLASH_ESCAPES
496:sql server. This will replace single quotes ("'") by two single quotes
("''") inside each field.
508:otherwise injection might occur. Please note that due to the unfortunate
fact
515:in the template. If it is not present, the write database action is
disabled.
517:vulnerable to SQL injection. The sql option can also be useful with files -
519:performance reasons. However, do NOT use it if you do not have a real need
for
520:it - among others, it takes some toll on the processing time. Not much, but
on
526:Please note that the samples are split across multiple lines. A template
MUST
581:Output Channels are a new concept first introduced in rsyslog 0.9.0. As of
this writing,
586:Output channels are defined via an $outchannel directive. It's syntax is as
follows:
594:when the max size is reached. This command always has exactly one
parameter. The binary is
598:Keep in mind that $outchannel just defines a channel with "name". It does
not activate it.
599:To do so, you must use a selector line (see below). That selector line
includes the channel
600:name plus ":omfile:$" in front of it. A sample might be:
607:The property replacer is a core component in rsyslogd's output system. A
syslog message has
608:a number of well-defined properties (see below). Each of this properties
can be accessed and
609:manipulated by the property replacer. With it, it is easy to use only part
of a property value
610:or manipulate the value, e.g. by converting all characters to lower case.
613:Syslog message properties are used inside templates. They are accessed by
putting them between
614:percent signs. Properties can be modified by the property replacer. The
full syntax is as follows:
629:the message exactly as it was received from the socket. Should be useful
for debugging.
642:the "static" part of the tag, as defined by BSD syslogd. For example, when
TAG is "named[12345]",
649:the PRI part of the message in a textual form (e.g. "syslog.info")
667:timestamp when the message was RECEIVED. Always in high resolution
670:timestamp from the message. Resolution depends on what was provided in the
message (in most cases, only seconds)
709:Properties starting with a $-sign are so-called system properties. These do
NOT stem from the
713:FromChar and toChar are used to build substrings. They specify the offset
within the string that
714:should be copied. Offset counting starts at 1, so if you need to obtain the
first 2 characters of
715:the message text, you can use this syntax: "%msg:1:2%". If you do not wish
to specify from and to,
716:but you want to specify options, you still need to include the colons. For
example, if you would
717:like to convert the full message text to lower case, use
"%msg:::lowercase%". If you would like to
719:(e.g. %msg:10:$%, which will extract from position 10 to the end of the
string).
724:This tells rsyslog that a regular expression instead of position-based
extraction is desired. The
727:then be provided in toChar. The regular expression must be followed
728:by the string "--end". It denotes the end of the regular expression and
will not become part of it.
730:that matches the regular expression. An example for a property replacer
sequence with a regular
731:expression is: "%msg:R:.*Sev:. \\(.*\\) \\[.*--end%"
733:Also, extraction can be done based on so-called "fields". To do so, place a
"F" into FromChar. A field
734:in its current definition is anything that is delimited by a delimiter
character. The delimiter by
735:default is TAB (US-ASCII value 9). However, if can be changed to any other
US-ASCII character by
736:specifying a comma and the decimal US-ASCII value of the delimiter
immediately after the "F". For example,
738:this is a quicker way to extract than via regular expressions (actually, a
*much* quicker way). Field
739:counting starts at 1. Field zero is accepted, but will always lead to a
"field not found" error. The same
740:happens if a field number higher than the number of fields in the property
is requested. The field number
741:must be placed in the "ToChar" parameter. An example where the 3rd field
(delimited by TAB) from the msg
742:property is extracted is as follows: "%msg:F:3%". The same example with
semicolon as delimiter is
745:Please note that the special characters "F" and "R" are case-sensitive.
Only upper case works, lower case
746:will return an error. There are no white spaces permitted inside the
sequence (that will lead to error
750:Property options are case-insensitive. Currently, the following options are
defined:
759:The last LF in the message (if any), is dropped. Especially useful for PIX.
771:replace control characters (ASCII value 127 and values less then 32) with
an escape sequence. The sequence is "#<charval>" where charval is the 3-digit
decimal value of the control character. For example, a tabulator would be
replaced by "#009".
781:(like remote syslogd's or database servers being down). When running in
783:(on an as-needed basis). Queues survive rsyslogd restarts.
808:Please note that the man page reflects only a subset of the configuration
options. Be sure to read
809:the HTML documentation for all features and details. This is especially
vital if you plan to set
-.-.
Split lines longer than 80 characters into two or more lines.
Appropriate break points are the end of a sentence and a subordinate
clause; after punctuation marks.
N.B.
The number of lines affected can be too large to be in the patch.
Line 20, length 82
.TH RSYSLOG.CONF 5 "22 October 2012" "Version 7.2.0" "Linux System
Administration"
Line 31, length 96
manpage. Rsyslog.conf is backward-compatible with sysklogd's syslog.conf file.
So if you migrate
Line 34, length 87
.B Note that this version of rsyslog ships with extensive documentation in HTML
format.
Line 134, length 85
Rsyslog.conf should contain following sections (sorted by recommended order in
file):
Line 138, length 94
Global directives set some global properties of whole rsyslog daemon, for
example size of main
Line 139, length 85
message queue ($MainMessageQueueSize), loading external modules ($ModLoad) and
so on.
Line 140, length 85
All global directives need to be specified on a line by their own and must
start with
Line 141, length 95
a dollar-sign. The complete list of global directives can be found in HTML
documentation in doc
Line 146, length 91
Templates allow you to specify format of the logged message. They are also used
for dynamic
Line 147, length 90
file name generation. They have to be defined before they are used in rules.
For more info
Line 152, length 84
Output channels provide an umbrella for any type of output that the user might
want.
Line 153, length 90
They have to be defined before they are used in rules. For more info about
output channels
Line 158, length 83
Every rule line consists of two fields, a selector field and an action field.
These
Line 159, length 84
two fields are separated by one or more spaces or tabs. The selector field
specifies
Line 181, length 81
and should not be used anymore. The priority defines the severity of the
message.
Line 234, length 93
The action field of a rule describes what to do with the message. In general,
message content
Line 235, length 90
is written to a kind of "logfile". But also other actions might be done, like
writing to a
Line 239, length 93
Typically messages are logged to real files. The file has to be specified with
full pathname,
Line 244, length 113
*.* /var/log/traditionalfile.log;RSYSLOG_TraditionalFileFormat # log
to a file in the traditional format
Line 265, length 92
This version of rsyslogd(8) has support for logging output to named pipes
(fifos). A fifo or
Line 266, length 90
named pipe can be used as a destination for log messages by prepending a pipe
symbol ('|')
Line 267, length 93
to the name of the file. This is handy for debugging. Note that the fifo must
be created with
Line 271, length 89
If the file you specified is a tty, special tty-handling is done, same with
/dev/console.
Line 274, length 90
There are three ways to forward message: the traditional UDP transport, which
is extremely
Line 275, length 90
lossy but standard, the plain TCP based transport which loses messages only
during certain
Line 276, length 86
situations but is widely available and the RELP transport which does not lose
messages
Line 279, length 89
To forward messages to another host via UDP, prepend the hostname with the at
sign ("@").
Line 280, length 90
To forward it via plain tcp, prepend two at signs ("@@"). To forward via RELP,
prepend the
Line 288, length 96
In the example above, messages are forwarded via UDP to the machine
192.168.0.1, the destination
Line 289, length 96
port defaults to 514. Due to the nature of UDP, you will probably lose some
messages in transit.
Line 290, length 95
If you expect high traffic volume, you can expect to lose a quite noticeable
number of messages
Line 293, length 94
Sockets for forwarded messages can be bound to a specific device using the
"device" option for
Line 301, length 96
In the example above, messages are forwarded via UDP to the machine 192.168.0.1
at port 514 over
Line 302, length 83
the device eth0. TCP can be used by setting Protocol to "tcp" in the above
example.
Line 304, length 90
For Linux with VRF support, the device option is used to specify the VRF to
send messages.
Line 313, length 94
Keep in mind that you need to load the correct input and output plugins (see
"Modules" above).
Line 327, length 95
Emergency messages often go to all users currently online to notify them that
something strange
Line 328, length 83
is happening with the system. To specify this wall(1)-feature use an
":omusrmsg:*".
Line 332, length 81
By default, a MonitorWare-compatible schema is required for this to work. You
can
Line 333, length 94
create that schema with the createDB.SQL file that came with the rsyslog
package. You can also
Line 334, length 95
use any other schema of your liking - you just need to define a proper template
and assign this
Line 340, length 92
If the discard action is carried out, the received message is immediately
discarded. Discard
Line 341, length 93
can be highly effective if you want to filter out some annoying messages that
otherwise would
Line 342, length 83
fill your log files. To do that, place the discard actions early in your log
files.
Line 343, length 89
This often plays well with property-based filters, giving you great freedom in
specifying
Line 355, length 97
Binds an output channel definition (see there for details) to this action.
Output channel actions
Line 356, length 99
must start with a $-sign, e.g. if you would like to bind your output channel
definition "mychannel"
Line 357, length 96
to the action, use "$mychannel". Output channels support template definitions
like all all other
Line 361, length 98
This executes a program in a subshell. The program is passed the
template-generated message as the
Line 362, length 103
only command line parameter. Rsyslog waits until the program terminates and
only then continues to run.
Line 369, length 105
The program-to-execute can be any valid executable. It receives the template
string as a single parameter
Line 384, length 91
They have been kept in rsyslog with their original syntax, because it is
well-known, highly
Line 385, length 95
effective and also needed for compatibility with stock syslogd configuration
files. If you just
Line 386, length 95
need to filter based on priority and facility, you should do this with selector
lines. They are
Line 387, length 81
not second-class citizens in rsyslog and offer the best performance for this
job.
Line 390, length 103
Property-based filters are unique to rsyslogd. They allow one to filter on any
property, like HOSTNAME,
Line 393, length 99
A property-based filter must start with a colon in column 0. This tells
rsyslogd that it is the new
Line 394, length 94
filter type. The colon must be followed by the property name, a comma, the name
of the compare
Line 395, length 103
operation to carry out, another comma and then the value to compare against.
This value must be quoted.
Line 396, length 90
There can be spaces and tabs between the commas. Property names and compare
operations are
Line 397, length 108
case-sensitive, so "msg" works, while "MSG" is an invalid property name. In
brief, the syntax is as follows:
Line 413, length 112
Compares the "value" string provided and the property contents. These two
values must be exactly equal to match.
Line 446, length 85
contains a template. The backslash is an escape character. For example, \\7
rings the
Line 447, length 88
bell (this is an ASCII value), \\n is a new line. The set in rsyslog is a bit
restricted
Line 452, length 81
message. Properties are accessed via the property replacer and it can for
example
Line 453, length 86
pick a substring or do date-specific formatting. More on this is the PROPERTY
REPLACER
Line 466, length 98
.B Please note that templates can also by used to generate selector lines with
dynamic file names.
Line 478, length 85
The <options> part is optional. It carries options influencing the template as
whole.
Line 479, length 86
See details below. Be sure NOT to mistake template options with property
options - the
Line 480, length 86
later ones are processed by the property replacer and apply to a SINGLE
property, only
Line 488, length 88
format the string suitable for a SQL statement in MySQL format. This will
replace single
Line 490, length 100
("\'" and "\\") inside each field. Please note that in MySQL configuration, the
NO_BACKSLASH_ESCAPES
Line 495, length 90
format the string suitable for a SQL statement that is to be sent to a
standards-compliant
Line 496, length 96
sql server. This will replace single quotes ("'") by two single quotes ("''")
inside each field.
Line 497, length 90
You must use stdsql together with MySQL if in MySQL configuration the
NO_BACKSLASH_ESCAPES
Line 563, length 94
.B A template that can be used for writing to a database (please note the SQL
template option)
Line 581, length 88
Output Channels are a new concept first introduced in rsyslog 0.9.0. As of this
writing,
Line 582, length 82
it is most likely that they will be replaced by something different in the
future.
Line 583, length 88
So if you use them, be prepared to change you configuration file syntax when
you upgrade
Line 586, length 84
Output channels are defined via an $outchannel directive. It's syntax is as
follows:
Line 592, length 87
name is the name of the output channel (not the file), file-name is the file
name to be
Line 593, length 91
written to, max-size the maximum allowed size and action-on-max-size a command
to be issued
Line 594, length 90
when the max size is reached. This command always has exactly one parameter.
The binary is
Line 595, length 90
that part of action-on-max-size before the first space, its parameter is
everything behind
Line 598, length 90
Keep in mind that $outchannel just defines a channel with "name". It does not
activate it.
Line 599, length 91
To do so, you must use a selector line (see below). That selector line includes
the channel
Line 607, length 91
The property replacer is a core component in rsyslogd's output system. A syslog
message has
Line 608, length 92
a number of well-defined properties (see below). Each of this properties can be
accessed and
Line 609, length 94
manipulated by the property replacer. With it, it is easy to use only part of a
property value
Line 613, length 94
Syslog message properties are used inside templates. They are accessed by
putting them between
Line 614, length 98
percent signs. Properties can be modified by the property replacer. The full
syntax is as follows:
Line 629, length 87
the message exactly as it was received from the socket. Should be useful for
debugging.
Line 635, length 102
hostname of the system the message was received from (in a relay chain, this is
the system immediately
Line 642, length 97
the "static" part of the tag, as defined by BSD syslogd. For example, when TAG
is "named[12345]",
Line 652, length 94
the monitorware InfoUnitType - used when talking to a MonitorWare backend (also
for phpLogCon)
Line 670, length 112
timestamp from the message. Resolution depends on what was provided in the
message (in most cases, only seconds)
Line 676, length 85
The contents of the PROTOCOL-VERSION field from IETF draft
draft-ietf-syslog-protocol
Line 679, length 84
The contents of the STRUCTURED-DATA field from IETF draft
draft-ietf-syslog-protocol
Line 709, length 93
Properties starting with a $-sign are so-called system properties. These do NOT
stem from the
Line 713, length 96
FromChar and toChar are used to build substrings. They specify the offset
within the string that
Line 714, length 97
should be copied. Offset counting starts at 1, so if you need to obtain the
first 2 characters of
Line 715, length 98
the message text, you can use this syntax: "%msg:1:2%". If you do not wish to
specify from and to,
Line 716, length 96
but you want to specify options, you still need to include the colons. For
example, if you would
Line 717, length 98
like to convert the full message text to lower case, use "%msg:::lowercase%".
If you would like to
Line 718, length 96
extract from a position until the end of the string, you can place a
dollar-sign ("$") in toChar
Line 724, length 97
This tells rsyslog that a regular expression instead of position-based
extraction is desired. The
Line 728, length 99
by the string "--end". It denotes the end of the regular expression and will
not become part of it.
Line 729, length 101
If you are using regular expressions, the property replacer will return the
part of the property text
Line 730, length 95
that matches the regular expression. An example for a property replacer
sequence with a regular
Line 733, length 102
Also, extraction can be done based on so-called "fields". To do so, place a "F"
into FromChar. A field
Line 734, length 98
in its current definition is anything that is delimited by a delimiter
character. The delimiter by
Line 735, length 96
default is TAB (US-ASCII value 9). However, if can be changed to any other
US-ASCII character by
Line 736, length 106
specifying a comma and the decimal US-ASCII value of the delimiter immediately
after the "F". For example,
Line 737, length 103
to use comma (",") as a delimiter, use this field specifier: "F,44". If your
syslog data is delimited,
Line 738, length 101
this is a quicker way to extract than via regular expressions (actually, a
*much* quicker way). Field
Line 739, length 105
counting starts at 1. Field zero is accepted, but will always lead to a "field
not found" error. The same
Line 740, length 105
happens if a field number higher than the number of fields in the property is
requested. The field number
Line 741, length 104
must be placed in the "ToChar" parameter. An example where the 3rd field
(delimited by TAB) from the msg
Line 742, length 97
property is extracted is as follows: "%msg:F:3%". The same example with
semicolon as delimiter is
Line 745, length 105
Please note that the special characters "F" and "R" are case-sensitive. Only
upper case works, lower case
Line 746, length 102
will return an error. There are no white spaces permitted inside the sequence
(that will lead to error
Line 750, length 84
Property options are case-insensitive. Currently, the following options are
defined:
Line 771, length 245
replace control characters (ASCII value 127 and values less then 32) with an
escape sequence. The sequence is "#<charval>" where charval is the 3-digit
decimal value of the control character. For example, a tabulator would be
replaced by "#009".
Line 777, length 152
drop control characters - the resulting string will neither contain control
characters, escape sequences nor any other replacement character like space.
Line 802, length 98
The complete documentation can be found in the doc folder of the rsyslog
distribution or online at
Line 808, length 98
Please note that the man page reflects only a subset of the configuration
options. Be sure to read
Line 809, length 96
the HTML documentation for all features and details. This is especially vital
if you plan to set
-.-.
Use \(en (en-dash) for a dash between space characters,
not a minus (\-) or a hyphen (-), except in the NAME section.
rsyslog.conf.5:1:.\" rsyslog.conf - rsyslogd(8) configuration file
rsyslog.conf.5:18:.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
02111, USA.
rsyslog.conf.5:334:use any other schema of your liking - you just need to
define a proper template and assign this
rsyslog.conf.5:432:Every output in rsyslog uses templates - this holds true for
files, user
rsyslog.conf.5:479:See details below. Be sure NOT to mistake template options
with property options - the
rsyslog.conf.5:520:it - among others, it takes some toll on the processing
time. Not much, but on
rsyslog.conf.5:646:PRI part of the message - undecoded (single value)
rsyslog.conf.5:652:the monitorware InfoUnitType - used when talking to a
MonitorWare backend (also for phpLogCon)
rsyslog.conf.5:655:the facility from the message - in numerical form
rsyslog.conf.5:658:the facility from the message - in text form
rsyslog.conf.5:661:severity from the message - in numerical form
rsyslog.conf.5:664:severity from the message - in text form
rsyslog.conf.5:777:drop control characters - the resulting string will neither
contain control characters, escape sequences nor any other replacement
character like space.
-.-.
Protect a period (.) or an apostrophe (') with '\&' from becoming a
control character, if it could end up at the start of a line
(by splitting the line into more lines).
35:This is provided in the ./doc subdirectory and probably
231:An easier approach is probably to do if ... then based matching in script.
346:Discard is just the single 'stop' command with no further parameters.
460: \\ = \\\\ --> '\\' is used to escape (as in C)
568:('%iut%', '%msg:::UPPERCASE%', '%timegenerated:::date-mysql%')
-.-.
Name of a manual is set in bold, the section in roman.
See man-pages(7).
328:is happening with the system. To specify this wall(1)-feature use an
":omusrmsg:*".
-.-.
Change a HYPHEN-MINUS (code 0x55, 2D) to a dash
(\-, minus) if it matches "[[:alph:]]-[[:alpha:]]" in the name of an
option).
Facilitates the copy and paste of an option in UTF-8 text.
Is not needed in ordinary words like "mother-in-law", that are not
copied and pasted to a command line (which needs ASCII code)
534:%syslogtag%%msg:::drop-last-lf%\\n"
xOutput from "test-groff -b -mandoc -rF0 -rHY=0 -K utf8 -t -ww -z ":
-.-
an.tmac:<stdin>:93: warning: cannot nest .TP or .TQ inside .TP; supply a tag
--- rsyslog.conf.5 2024-06-10 22:53:02.094904943 +0000
+++ rsyslog.conf.5.new 2024-06-11 00:16:03.684405778 +0000
@@ -32,7 +32,7 @@ manpage. Rsyslog.conf is backward-compat
from sysklogd you can rename it and it should work.
.B Note that this version of rsyslog ships with extensive documentation in
HTML format.
-This is provided in the ./doc subdirectory and probably
+This is provided in the \&./doc subdirectory and probably
in a separate package if you installed rsyslog via a packaging system.
To use rsyslog's advanced features, you
.B need
@@ -75,7 +75,7 @@ SQLite, Ingres, Oracle, mSQL)
Input module for text files
.TP
.I imudp
-Input plugin for UDP syslog. Replaces the deprecated -r option. Can be
+Input plugin for UDP syslog. Replaces the deprecated \-r option. Can be
used like this:
.IP
$ModLoad imudp
@@ -83,14 +83,13 @@ $ModLoad imudp
$UDPServerRun 514
.TP
.I imtcp
-Input plugin for plain TCP syslog. Replaces the deprecated -t
+Input plugin for plain TCP syslog. Replaces the deprecated \-t
option. Can be used like this:
.IP
$ModLoad imtcp
.IP
$InputTCPServerRun 514
.TP
-.TP
.I imrelp
Input plugin for the RELP protocol. RELP can be used instead
of UDP or plain TCP syslog to provide reliable delivery of
@@ -164,7 +163,9 @@ a pattern of facilities and priorities b
The selector field itself again consists of two parts, a facility and a
priority, separated by a period ('.'). Both parts are case insensitive and can
also be specified as decimal numbers, but don't do that, you have been warned.
-Both facilities and priorities are described in syslog(3). The names mentioned
+Both facilities and priorities are described in
+.BR syslog (3).
+The names mentioned
below correspond to the similar LOG_-values in /usr/include/syslog.h.
The facility is one of the following keywords: auth, authpriv, cron, daemon,
@@ -172,7 +173,7 @@ kern, lpr, mail, mark, news, security (s
local0 through local7. The keyword security should not be used anymore and mark
is only for internal use and therefore should not be used in applications.
Anyway, you may want to specify and redirect these messages here. The facility
-specifies the subsystem that produced the message, i.e. all mail programs log
+specifies the subsystem that produced the message, i.e., all mail programs log
with the mail facility (LOG_MAIL) if they log using syslog.
The priority is one of the following keywords, in ascending order: debug, info,
@@ -184,7 +185,9 @@ The behavior of the original BSD syslogd
priority and higher are logged according to the given action. Rsyslogd behaves
the same, but has some extensions.
-In addition to the above mentioned names the rsyslogd(8) understands the
+In addition to the above mentioned names the
+.BR rsyslogd (8)
+understands the
following extensions: An asterisk ('*') stands for all facilities or all
priorities, depending on where it is used (before or after the period). The
keyword none stands for no priority of the given facility.
@@ -228,7 +231,7 @@ BSD syslog selector:
*.debug;local6.!=info;local6.!=notice;local6.!=warn
-An easier approach is probably to do if ... then based matching in script.
+An easier approach is probably to do if \&...\& then based matching in script.
.SH ACTIONS
The action field of a rule describes what to do with the message. In general,
message content
@@ -259,13 +262,19 @@ directive or the "sync" parameter to omf
degrades performance and it is advised not to enable syncing unless
you know what you are doing.
To selectively disable syncing for certain files, you may prefix the
-file path with a minus sign ("-").
+file path with a minus sign ("\-").
.SS Named pipes
-This version of rsyslogd(8) has support for logging output to named pipes
(fifos). A fifo or
+This version of
+.BR rsyslogd (8)
+has support for logging output to named pipes (fifos). A fifo or
named pipe can be used as a destination for log messages by prepending a pipe
symbol ('|')
to the name of the file. This is handy for debugging. Note that the fifo must
be created with
-the mkfifo(1) command before rsyslogd(8) is started.
+the
+.BR mkfifo (1)
+command before
+.BR rsyslogd (8)
+is started.
.SS Terminal and console
If the file you specified is a tty, special tty-handling is done, same with
/dev/console.
@@ -325,13 +334,15 @@ get the message (for example: ":omusrmsg
.SS Everyone logged on
Emergency messages often go to all users currently online to notify them that
something strange
-is happening with the system. To specify this wall(1)-feature use an
":omusrmsg:*".
+is happening with the system. To specify this
+.BR wall (1)-feature
+use an ":omusrmsg:*".
.SS Database table
This allows logging of the message to a database table.
By default, a MonitorWare-compatible schema is required for this to work. You
can
create that schema with the createDB.SQL file that came with the rsyslog
package. You can also
-use any other schema of your liking - you just need to define a proper
template and assign this
+use any other schema of your liking \(en you just need to define a proper
template and assign this
template to the action.
See the HTML documentation for further details on database logging.
@@ -343,7 +354,7 @@ fill your log files. To do that, place t
This often plays well with property-based filters, giving you great freedom in
specifying
what you do not want.
-Discard is just the single 'stop' command with no further parameters.
+Discard is just the single \&'stop' command with no further parameters.
.sp
.B Example:
.RS
@@ -353,8 +364,8 @@ Discard is just the single 'stop' comman
.SS Output channel
Binds an output channel definition (see there for details) to this action.
Output channel actions
-must start with a $-sign, e.g. if you would like to bind your output channel
definition "mychannel"
-to the action, use "$mychannel". Output channels support template definitions
like all all other
+must start with a $-sign, e.g., if you would like to bind your output channel
definition "mychannel"
+to the action, use "$mychannel". Output channels support template definitions
like all other
actions.
.SS Shell execute
@@ -422,6 +433,7 @@ Checks if the value is found exactly at
.RS
Compares the property against the provided regular expression.
.RE
+.RE
.SS Expression-Based Filters
See the HTML documentation for this feature.
@@ -429,7 +441,7 @@ See the HTML documentation for this feat
.SH TEMPLATES
-Every output in rsyslog uses templates - this holds true for files, user
+Every output in rsyslog uses templates \(en this holds true for files, user
messages and so on. Templates compatible with the stock syslogd
formats are hardcoded into rsyslogd. If no template is specified, we use
one of these hardcoded templates. Search for "template_" in syslogd.c and
@@ -439,12 +451,12 @@ A template consists of a template direct
and optional options. A sample is:
.RS
-.B $template MyTemplateName,"\\\\7Text %property% some more
text\\\\n",<options>
+.B $template MyTemplateName,"\e7Text %property% some more text\en",<options>
.RE
The "$template" is the template directive. It tells rsyslog that this line
-contains a template. The backslash is an escape character. For example, \\7
rings the
-bell (this is an ASCII value), \\n is a new line. The set in rsyslog is a bit
restricted
+contains a template. The backslash is an escape character. For example, \e7
rings the
+bell (this is an ASCII value), \en is a new line. The set in rsyslog is a bit
restricted
currently.
All text in the template is used literally, except for things within percent
@@ -455,11 +467,11 @@ section of this manpage.
To escape:
.sp 0
- % = \\%
+ % = \e%
.sp 0
- \\ = \\\\ --> '\\' is used to escape (as in C)
+ \e = \e\e \-\-> \&'\e' is used to escape (as in C)
.sp 0
-$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg%\\n"
+$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg%\en"
Properties can be accessed by the property replacer (see there for details).
@@ -468,15 +480,15 @@ For example, if you would like to split
to different files (one per host), you can define the following template:
.RS
-.B $template DynFile,"/var/log/system-%HOSTNAME%.log"
+.B $template DynFile,"/var/log/system\-%HOSTNAME%.log"
.RE
This template can then be used when defining an output selector line. It will
-result in something like "/var/log/system-localhost.log"
+result in something like "/var/log/system\-localhost.log"
.SS Template options
The <options> part is optional. It carries options influencing the template as
whole.
-See details below. Be sure NOT to mistake template options with property
options - the
+See details below. Be sure NOT to mistake template options with property
options \(en the
later ones are processed by the property replacer and apply to a SINGLE
property, only
(and not the whole template).
@@ -487,7 +499,7 @@ Template options are case-insensitive. C
sql
format the string suitable for a SQL statement in MySQL format. This will
replace single
quotes ("'") and the backslash character by their backslash-escaped counterpart
-("\'" and "\\") inside each field. Please note that in MySQL configuration,
the NO_BACKSLASH_ESCAPES
+("\'" and "\e") inside each field. Please note that in MySQL configuration,
the NO_BACKSLASH_ESCAPES
mode must be turned off for this format to work (this is the default).
.TP
@@ -517,7 +529,7 @@ This is to guard you against accidental
vulnerable to SQL injection. The sql option can also be useful with files -
especially if you want to import them into a database on another machine for
performance reasons. However, do NOT use it if you do not have a real need for
-it - among others, it takes some toll on the processing time. Not much, but on
+it \(en among others, it takes some toll on the processing time. Not much, but
on
a really busy system you might notice it ;)
The default template for the write to database action has the sql option set.
@@ -531,7 +543,7 @@ A template that resembles traditional sy
.RS
$template TraditionalFormat,"%timegenerated% %HOSTNAME%
.sp 0
-%syslogtag%%msg:::drop-last-lf%\\n"
+%syslogtag%%msg:::drop\-last\-lf%\en"
.RE
A template that tells you a little more about the message:
@@ -539,7 +551,7 @@ A template that tells you a little more
.RS
$template
precise,"%syslogpriority%,%syslogfacility%,%timegenerated%,%HOSTNAME%,
.sp 0
-%syslogtag%,%msg%\\n"
+%syslogtag%,%msg%\en"
.RE
A template for RFC 3164 format:
@@ -551,13 +563,13 @@ $template RFC3164fmt,"<%PRI%>%TIMESTAMP%
A template for the format traditionally used for user messages:
.sp
.RS
-$template usermsg," XXXX%syslogtag%%msg%\\n\\r"
+$template usermsg," XXXX%syslogtag%%msg%\en\er"
.RE
And a template with the traditional wall-message format:
.sp
.RS
-$template wallmsg,"\\r\\n\\7Message from syslogd@%HOSTNAME% at %timegenerated%"
+$template wallmsg,"\er\en\e7Message from syslogd@%HOSTNAME% at %timegenerated%"
.RE
.B A template that can be used for writing to a database (please note the SQL
template option)
@@ -565,8 +577,8 @@ $template wallmsg,"\\r\\n\\7Message from
.RS
.ad l
$template MySQLInsert,"insert iut, message, receivedat values
-('%iut%', '%msg:::UPPERCASE%', '%timegenerated:::date-mysql%')
-into systemevents\\r\\n", SQL
+('%iut%', \&'%msg:::UPPERCASE%', \&'%timegenerated:::date-mysql%')
+into systemevents\er\en", SQL
NOTE 1: This template is embedded into core application under name
.B StdDBFmt
@@ -607,7 +619,7 @@ name plus ":omfile:$" in front of it. A
The property replacer is a core component in rsyslogd's output system. A
syslog message has
a number of well-defined properties (see below). Each of this properties can
be accessed and
manipulated by the property replacer. With it, it is easy to use only part of
a property value
-or manipulate the value, e.g. by converting all characters to lower case.
+or manipulate the value, e.g., by converting all characters to lower case.
.SS Accessing Properties
Syslog message properties are used inside templates. They are accessed by
putting them between
@@ -643,25 +655,25 @@ the "static" part of the tag, as defined
programname is "named".
.TP
.B PRI
-PRI part of the message - undecoded (single value)
+PRI part of the message \(en undecoded (single value)
.TP
.B PRI-text
-the PRI part of the message in a textual form (e.g. "syslog.info")
+the PRI part of the message in a textual form (e.g., "syslog.info")
.TP
.B IUT
-the monitorware InfoUnitType - used when talking to a MonitorWare backend
(also for phpLogCon)
+the monitorware InfoUnitType \(en used when talking to a MonitorWare backend
(also for phpLogCon)
.TP
.B syslogfacility
-the facility from the message - in numerical form
+the facility from the message \(en in numerical form
.TP
.B syslogfacility-text
-the facility from the message - in text form
+the facility from the message \(en in text form
.TP
.B syslogseverity
-severity from the message - in numerical form
+severity from the message \(en in numerical form
.TP
.B syslogseverity-text
-severity from the message - in text form
+severity from the message \(en in text form
.TP
.B timegenerated
timestamp when the message was RECEIVED. Always in high resolution
@@ -716,7 +728,7 @@ the message text, you can use this synta
but you want to specify options, you still need to include the colons. For
example, if you would
like to convert the full message text to lower case, use "%msg:::lowercase%".
If you would like to
extract from a position until the end of the string, you can place a
dollar-sign ("$") in toChar
-(e.g. %msg:10:$%, which will extract from position 10 to the end of the
string).
+(e.g., %msg:10:$%, which will extract from position 10 to the end of the
string).
There is also support for
.B regular expressions.
@@ -725,10 +737,10 @@ This tells rsyslog that a regular expres
actual regular expression
.B must
then be provided in toChar. The regular expression must be followed
-by the string "--end". It denotes the end of the regular expression and will
not become part of it.
+by the string "\-\-end". It denotes the end of the regular expression and will
not become part of it.
If you are using regular expressions, the property replacer will return the
part of the property text
that matches the regular expression. An example for a property replacer
sequence with a regular
-expression is: "%msg:R:.*Sev:. \\(.*\\) \\[.*--end%"
+expression is: "%msg:R:.*Sev:.\& \e(.*\e) \e[.*\-\-end%"
Also, extraction can be done based on so-called "fields". To do so, place a
"F" into FromChar. A field
in its current definition is anything that is delimited by a delimiter
character. The delimiter by
@@ -755,7 +767,7 @@ convert property to lowercase only
lowercase
convert property text to uppercase only
.TP
-drop-last-lf
+drop\-last\-lf
The last LF in the message (if any), is dropped. Especially useful for PIX.
.TP
date-mysql
@@ -774,7 +786,7 @@ space-cc
replace control characters by spaces
.TP
drop-cc
-drop control characters - the resulting string will neither contain control
characters, escape sequences nor any other replacement character like space.
+drop control characters \(en the resulting string will neither contain control
characters, escape sequences nor any other replacement character like space.
.SH QUEUED OPERATIONS
Rsyslogd supports queued operations to handle offline outputs
