Mailing List Archive

On Tue, 3 Mar 2009, jack marrow wrote:

> Hello,
>
> Is there a changelog for rsyslog, particularly showing the differences
> between the current version (3.x) and the 2.x version found in RHEL?

the best way to see the differences would be through git, however the
differences between 2.x and 3.x are going to be so massive that it's going
to be hard to see anything useful.

what are you looking for?

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

Well, you can see all change log entries by following the "change log"
menu item in the menu to the left ;) But it may even be more convenient
in that case that you get it directly from git as a single text file:

http://git.adiscon.com/?p=rsyslog.git;a=blob;f=ChangeLog;h=ba2a6c13e22b7
f67401c7edb15ea17d31162bde4;hb=HEAD

Rainer

> -----Original Message-----
> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
> bounces@lists.adiscon.com] On Behalf Of jack marrow
> Sent: Tuesday, March 03, 2009 9:06 AM
> To: rsyslog@lists.adiscon.com
> Subject: [rsyslog] rsyslog changelog
>
> Hello,
>
> Is there a changelog for rsyslog, particularly showing the differences
> between the current version (3.x) and the 2.x version found in RHEL?
>
> Thanks,
>
> Jack
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

2009/3/3 <david@lang.hm>:
> On Tue, 3 Mar 2009, jack marrow wrote:
>
>> Hello,
>>
>> Is there a changelog for rsyslog, particularly showing the differences
>> between the current version (3.x) and the 2.x version found in RHEL?
>
> the best way to see the differences would be through git, however the
> differences between 2.x and 3.x are going to be so massive that it's going
> to be hard to see anything useful.
>
> what are you looking for?

I need to know which features are in the RHEL 5 version (2.x) and
which are in the upstream stable version (3.x). Is there a matrix
somewhere? It would be good if there was.

I am looking for imfile support, regular expressions (are these perl
regular expressions or posix?). Plus the general major differences.

Also are actions are supported?

Thanks

>
> David Lang
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

> One last question: on the receiving server side, can I see which logs
> came from which log file?

Usually, the log line should contain the host that sent the message.
Does your's not?

Rainer
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

2009/3/3 Rainer Gerhards <rgerhards@hq.adiscon.com>:
> Well, you can see all change log entries by following the "change log"
> menu item in the menu to the left ;) But it may even be more convenient
> in that case that you get it directly from git as a single text file:
>
> http://git.adiscon.com/?p=rsyslog.git;a=blob;f=ChangeLog;h=ba2a6c13e22b7
> f67401c7edb15ea17d31162bde4;hb=HEAD
>
> Rainer
>
>> -----Original Message-----
>> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
>> bounces@lists.adiscon.com] On Behalf Of jack marrow
>> Sent: Tuesday, March 03, 2009 9:06 AM
>> To: rsyslog@lists.adiscon.com
>> Subject: [rsyslog] rsyslog changelog
>>
>> Hello,
>>
>> Is there a changelog for rsyslog, particularly showing the differences
>> between the current version (3.x) and the 2.x version found in RHEL?
>>
>> Thanks,
>>
>> Jack
>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
>

Thanks for this.

One last question: on the receiving server side, can I see which logs
came from which log file?
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

Please post configs and elaborate a bit more about what you are trying
to accomplish and what you have set up.

> -----Original Message-----
> From: rsyslog-bounces@lists.adiscon.com [mailto:rsyslog-
> bounces@lists.adiscon.com] On Behalf Of jack marrow
> Sent: Tuesday, March 10, 2009 11:22 AM
> To: rsyslog-users
> Subject: Re: [rsyslog] rsyslog changelog
>
> 2009/3/10 Rainer Gerhards <rgerhards@hq.adiscon.com>:
> >> One last question: on the receiving server side, can I see which
> logs
> >> came from which log file?
> >
> > Usually, the log line should contain the host that sent the message.
> > Does your's not?
> >
>
> If a client sends /var/log/httpd/blah and /var/log/vsftpd/blah, does
> the receiving side simply receive the log contents or the filename as
> well? Is there a way to get both?
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

2009/3/10 Rainer Gerhards <rgerhards@hq.adiscon.com>:
>> One last question: on the receiving server side, can I see which logs
>> came from which log file?
>
> Usually, the log line should contain the host that sent the message.
> Does your's not?
>

If a client sends /var/log/httpd/blah and /var/log/vsftpd/blah, does
the receiving side simply receive the log contents or the filename as
well? Is there a way to get both?
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

2009/3/10 Rainer Gerhards <rgerhards@hq.adiscon.com>:
> Please post configs and elaborate a bit more about what you are trying
> to accomplish and what you have set up.

I am evaluating rsyslog at the moment.

I would like to know if I can use it for log collection on the client
for writing on the server. The server must know which log file is
which.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com

On Tue, Mar 10, 2009 at 04:28, jack marrow <jackmarrow2@gmail.com> wrote:
> 2009/3/10 Rainer Gerhards <rgerhards@hq.adiscon.com>:
>> Please post configs and elaborate a bit more about what you are trying
>> to accomplish and what you have set up.
>
> I am evaluating rsyslog at the moment.
>
> I would like to know if I can use it for log collection on the client
> for writing on the server. The server must know which log file is
> which.

This is more a "basic understanding of logging" question than one
specific to rsyslog. Generally speaking, log daemons just log what
client apps tell them to - httpd says, "I'm facility 6 and <foo> is my
critical message". If the local log daemon is sending logs upstream,
it will basically tell the upstream server "I'm myhostname and httpd
(facility 6) just said <foo> with a critical priority". If all your
daemons (httpd, vsftpd, etc.) log directly to the local syslog as
opposed to a flat file, things should "just work".

However, if you're configuring your "client" syslog instance to follow
/var/log/httpd/access and retransmit that data to an upstream server,
all that metadata (application name, facility, priority, etc) is lost.
Hence, you must configure your client syslog to inject that data -
with rsyslog, that would be done something like this:

$ModLoad imfile.so
$InputFileName /var/log/httpd/access
$InputFileTag http_access
$InputFilePollIntervalSeconds 5
$InputFileMonitor
*.* @192.168.1.1

That sets up a monitor that polls /var/log/httpd/access every 5
seconds, prepends "http_access" to every line, and sends it via UDP to
192.168.1.1.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com