[rsyslog] rsyslog 1.10.2 released
Rainer Gerhards
rgerhards at hq.adiscon.com
Tue Sep 27 17:27:29 CEST 2005
Hi all,
I am glad to announce rsyslog 1.10.2, the regularly scheduled release.
The main improvements are:
- ability to limit the systems rsyslogd accepts messages from
- new comparison operations for the property-based filters
Of course, there are also some other new features as well as some bug
fixes.
With the two new major feature additions rsyslog now has great
flexibility in filter processing as well as good security hardening
abilities. I will now most probably turn back to the protocol support
modules and look at RFC 3195 and syslog-protocol (if no urgent other
need arises).
I recommend upgrading to 1.10.2 if you are running any release of the
development branch. Full details can be found in the change log at
http://www.rsyslog.com/Article38.phtml
Because I was often asked what can be done with new features, I have
included some lines from the sample configuration file after my
signature. I hope they are useful.
As always, feedback is deeply appreciated.
Rainer
-- excerpt from sample.conf --
# We limit who can send us messages:
$AllowedSender UDP, 192.0.2.0/24, 10.0.0.1
# all machines in 192.0.2 as well as 10.0.0.1
$AllowedSender TCP, 10.0.0.1 # for TCP, we allow only 10.0.0.1
# remove the AllowedSender directives if you do not want to limit
# who can send rsyslogd messages (not recommended)
# We also support property-based filters, which allow for nice
# things. Let's for example assume that you receive a lot of
# nonsense messages with "ID-4711" in the message text. You know
# that you will never need these messages. So you simply discard them
:msg, contains, "ID-4711" ~
# or you would like to store messages from a specific host to
# a different file:
:FROMHOST, isequal,"myhost.example.com" /var/log/myhost.log
# everyting that does not contain "error" should also be
# discarded
:msg, !contains, "error" ~
# and the rest go to a seperate file
*.* /var/log/error
# (keep in mind that the two directives shown immediately
# above must be kept in that order to actually work)
# you can also execute a script. Let's assume, for example, you need
# to execute "turn-diesel-generator-on" when "power failed" is contained
# in a message... ;)
:msg, contains, "power failed" ^turn-diesel-generator-on
# (The script is passed the syslog message as first and only paramter.
# Other parameters can currently not be specified.)
More information about the rsyslog
mailing list