Home Page

Configure Syslogd2

Sample Files

Deployment

New Concepts

The Config File

Compile & Install

Misc Topics

Capabilities

Demonstrations

Reference

Glossary of Terms

External Links

Syslogd2 Project Site
DBD2 Home Page
DBD2 Project Site

Other References

RFC 3164 (The BSD Syslog Protocol)
RFC 3339 (Internet Time Format)
RFC 5424 (Syslog Version 1)

Focus on Network

Syslogd2 Input Options

Output Options

Output Concepts
Queueing and Data Loss

Output Concepts

[Top of page]

PTY Device Type

Modern Linux systems mount the /dev filesystem as type 'udev'. The udev filesystem is an in-memory type of pseudo-filesystem that is not backed up by disk-based storage. Therefore opening any output file within the '/dev' filesystem is counter-productive and undesireable (if it is even allowed).

As a result, Syslogd2 re-defines any 'file' location that begins with '/dev' as a character-device (a 'PTY' device) and treats the resulting destination as a character device (the same as a user-terminal or the system '/dev/tty' or '/dev/console' devices).

This redefinition allows for output to arbitrary serial ports, or various pseudo-terminals in non-GUI mode or to pseudo-terminals in GUI mode. (Note the first terminal opened upon boot in GUI mode is '/dev/pts/0' followed by '/dev/pts/1', etc.)

The Selector String is not Monolithic

In classical syslog configuration files, there is no reason to want to 'chop up' the selector-string component of an output-configuration line. This is because the output-parsing algorithms of syslog processors have never needed to treat one selector-element any different from another, allowing an unofficial 'rule' to settle into people's minds: Each output destination should be on one line and one line only...

In Syslogd2, that 'unofficial rule' must be unlearned. The Syslogd2 output option-list contains a mix of options that apply to destinations and options that apply to individual selctor-elements. Whenever multiple selector-elements share the same set of selector-options, they should be listed on the same line in the traditional manner. When selector-elements are to be configured with different selector-options, they should be listed on a separate line. When Syslogd2 parses the file, it compares destinations and combines all selector-elements that share 'equal destinations' into a single list. The output-line with the lowest line-number for that 'composite destination' will be used to define ALL destination-options. Destination options from all other lines will be ignored (outside of those required to confirm 'destination equality').

At run-time, the selector-elements for a given destination are tested in the order they are 'seen' in the file (ascending line-number order). The first selector-element to match a given syslog event will be used (and its options applied). Once a message has been processed by any selector-element associated with a given destination, processing of that message immediately terminates for that destination and moves on to the next destination to be checked.

Destination Equality

Two destinations are considered 'equal' if they (logically) go to the same place.

• For Linux sockets, this means that both are declared as Linux sockets, both have the same filesystem path and they both have the same protocol (stream vs datagram).
• For IP sockets, this means the two destinations are both declared as IP sockets, both resolve to the same canonical hostname and both are using the same port and protocol (UDP or TCP). It does not matter whether an IPv4 address, an IPv6 address, the canonical hostname or a hostname alias is specified for either or both destinations involved. All that matters is that both destinations are IP sockets and that both ultimately resolve to the same canonical hostname using the same port and protocol. Since the port may be specified by either name or number (or left to the default value if UDP), two ports are considered 'equal' if they ultimately resolve to the same numerical value.
• For User Lists, Syslogd2 checks each name in the list against the password file (or NIS database if configured) and removes any username from the specified list that can no longer be found. The remaining names are then sorted and compared and if the two lists are equal, the two 'destination lists' are considered to be 'equal'.
• For character devices (/dev/tty, /dev/console, /dev/pts/*, etc), both must contain the same path and both must resolve to a path within the '/dev' filesystem. Character devices do not recognize protocol or port parameters.
• For output files, both must have been declared as files, both must have the same filesystem path and that path must be outside the '/dev' filesystem.
• For named-pipes, both must have been declared as named-pipes, and both must have the same filesystem path.

Revisiting the Syslog Config File.

The traditional syslog configuration file consists of only 'output-lines' and comments.

As covered elsewhere, Syslogd2 has a need to add input and general-purpose configuration data to the configuration file and has chosen to implement those elements as command-line parameters that are identified by a tilde ('~') as the first non-comment-character in a line when placed into the configuration file.

The output-line format also needs an option-list to specify the afore-mentioned options in Syslogd2. This option-list is un-needed for the limited requirements of traditional syslog processors, and is equivalent to an 'empty' option-list in Syslogd2.

When present in Syslogd2 the comma-separated list of options follows the 'location' field and is set off from this field by a comma.
kern.*        -  /var/log/kern.log, uid=ed, gid=ed, mode=666

This table contains the full list of output options grouped by 'type'. A summary of the revisions to the output-line format can be found here.