rsyslog/rsyslog
1
0
Fork 0
mirror of https://github.com/rsyslog/rsyslog.git synced 2025-12-20 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
rsyslog/doc/imtcp.html
Rainer Gerhards 56b781e5bb added $InputTCPMaxListeners directive 
permits to specify how many TCP servers shall be possible (default is 20).
2009-08-17 17:18:19 +02:00

86 lines
4.6 KiB
HTML
Raw Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head>
<meta http-equiv="Content-Language" content="en"><title>TCP Syslog Input Module</title></head>
<body>
<a href="rsyslog_conf_modules.html">back</a>
<h1>TCP Syslog Input Module</h1>
<p><b>Module Name:&nbsp;&nbsp;&nbsp; imtcp</b></p>
<p><b>Author: </b>Rainer Gerhards
&lt;rgerhards@adiscon.com&gt;</p>
<p><b>Description</b>:</p>
<p>Provides the ability to receive syslog messages via TCP.
Encryption can be provided by using <a href="rsyslog_stunnel.html">stunnel</a>
(an alternative is the use
the&nbsp;<a href="imgssapi.html">imgssapi</a>
modul).</p>
<p>Multiple receivers may be configured by
specifying
$InputTCPServerRun multiple times. This is available since version 4.3.1, earlier
versions do NOT support it.
</p>
<p><b>Configuration Directives</b>:</p>
<ul>
<li>$InputTCPServerAddtlFrameDelimiter &lt;Delimiter&gt;<br>
This directive permits to specify an additional frame delimiter for plain tcp syslog.
The industry-standard specifies using the LF character as frame delimiter. Some vendors,
notable Juniper in their NetScreen products, use an invalid frame delimiter, in Juniper's
case the NUL character. This directive permits to specify the ASCII value of the delimiter
in question. Please note that this does not guarantee that all wrong implementations can
be cured with this directive. It is not even a sure fix with all versions of NetScreen,
as I suggest the NUL character is the effect of a (common) coding error and thus will
probably go away at some time in the future. But for the time being, the value 0 can
probably be used to make rsyslog handle NetScreen's invalid syslog/tcp framing.
For additional information, see this
<a href="http://kb.monitorware.com/problem-with-netscreen-log-t1652.html">forum thread</a>.
<br><b>If this doesn't work for you, please do not blame the rsyslog team. Instead file
a bug report with Juniper!</b>
<br>Note that a similar, but worse, issue exists with Cisco's IOS implementation. They do
not use any framing at all. This is confirmed from Cisco's side, but there seems to be
very limited interest in fixing this issue. This directive <b>can not</b> fix the Cisco bug.
That would require much more code changes, which I was unable to do so far. Full details
can be found at the <a href="http://www.rsyslog.com/Article321.phtml">Cisco tcp syslog anomaly</a>
page.
<li>$InputTCPServerRun &lt;port&gt;<br>
Starts a TCP server on selected port</li>
<li>$InputTCPMaxListeners &lt;number&gt;<br>
Sets the maximum number of listeners (server ports) supported. Default is 20. This must be set before the first $InputTCPServerRun directive.</li>
<li>$InputTCPMaxSessions &lt;number&gt;<br>
Sets the maximum number of sessions supported. Default is 200. This must be set before the first $InputTCPServerRun directive</li>
<li>$InputTCPServerStreamDriverMode &lt;number&gt;<br>
Sets the driver mode for the currently selected <a href="netstream.html">network stream driver</a>. &lt;number&gt; is driver specifc.</li>
<li>$InputTCPServerInputName &lt;name&gt;<br>
Sets a name for the inputname property. If no name is set "imtcp" is used by default. Setting a
name is not strictly necessary, but can be useful to apply filtering based on which input
the message was received from.
<li>$InputTCPServerStreamDriverAuthMode &lt;mode-string&gt;<br>
Sets the authentication mode for the currently selected <a href="netstream.html">network stream driver</a>. &lt;mode-string&gt; is driver specifc.</li>
<li>$InputTCPServerStreamDriverPermittedPeer &lt;id-string&gt;<br>
Sets permitted peer IDs. Only these peers are able to connect to the
listener. &lt;id-string&gt; semantics depend on the currently selected
AuthMode and&nbsp; <a href="netstream.html">network stream driver</a>. PermittedPeers may not be set in anonymous modes.</li>
</ul>
<b>Caveats/Known Bugs:</b>
<ul>
<li>module always binds to all interfaces</li>
<li>can not be loaded together with <a href="imgssapi.html">imgssapi</a>
(which includes the functionality of imtcp)</li>
</ul>
<p><b>Sample:</b></p>
<p>This sets up a TCP server on port 514:<br>
</p>
<textarea rows="15" cols="60">$ModLoad imtcp #
needs to be done just once
$InputTCPServerRun 514
</textarea>
<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
<p><font size="2">This documentation is part of the
<a href="http://www.rsyslog.com/">rsyslog</a>
project.<br>
Copyright <20> 2008 by <a href="http://www.gerhards.net/rainer">Rainer
Gerhards</a> and
<a href="http://www.adiscon.com/">Adiscon</a>.
Released under the GNU GPL version 3 or higher.</font></p>
</body></html>
Reference in New Issue View Git Blame Copy Permalink