summaryrefslogtreecommitdiffstats
path: root/source/compatibility/v3compatibility.rst
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--source/compatibility/v3compatibility.rst260
1 files changed, 260 insertions, 0 deletions
diff --git a/source/compatibility/v3compatibility.rst b/source/compatibility/v3compatibility.rst
new file mode 100644
index 0000000..502ca64
--- /dev/null
+++ b/source/compatibility/v3compatibility.rst
@@ -0,0 +1,260 @@
+Compatibility Notes for rsyslog v3
+==================================
+
+*Written by* `Rainer Gerhards <http://www.gerhards.net/rainer>`_
+*(2008-03-28)*
+
+Rsyslog aims to be a drop-in replacement for sysklogd. However, version
+3 has some considerable enhancements, which lead to some backward
+compatibility issues both in regard to sysklogd and rsyslog v1 and v2.
+Most of these issues are avoided by default by not specifying the -c
+option on the rsyslog command line. That will enable
+backwards-compatibility mode. However, please note that things may be
+suboptimal in backward compatibility mode, so the advise is to work
+through this document, update your rsyslog.conf, remove the no longer
+supported startup options and then add -c3 as the first option to the
+rsyslog command line. That will enable native mode.
+
+Please note that rsyslogd helps you during that process by logging
+appropriate messages about compatibility mode and
+backwards-compatibility statements automatically generated. You may
+want your syslogd log for those. They immediately follow rsyslogd's
+startup message.
+
+Inputs
+------
+
+With v2 and below, inputs were automatically started together with
+rsyslog. In v3, inputs are optional! They come in the form of plug-in
+modules. **At least one input module must be loaded to make rsyslog do
+any useful work.** The config file directives doc briefly lists which
+config statements are available by which modules.
+
+It is suggested that input modules be loaded in the top part of the
+config file. Here is an example, also highlighting the most important
+modules:
+
+::
+
+ $ModLoad immark # provides --MARK-- message capability
+ $ModLoad imudp # provides UDP syslog reception
+ $ModLoad imtcp # provides TCP syslog reception
+ $ModLoad imgssapi # provides GSSAPI syslog reception
+ $ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
+ $ModLoad imklog # provides kernel logging support (previously done by rklogd)
+
+Command Line Options
+--------------------
+
+A number of command line options have been removed. New config file
+directives have been added for them. The -h and -e option have been
+removed even in compatibility mode. They are ignored but an informative
+message is logged. Please note that -h was never supported in v2, but
+was silently ignored. It disappeared some time ago in the final v1
+builds. It can be replaced by applying proper filtering inside
+syslog.conf.
+
+-c option / Compatibility Mode
+------------------------------
+
+The -c option is new and tells rsyslogd about the desired backward
+compatibility mode. It must always be the first option on the command
+line, as it influences processing of the other options. To use the
+rsyslog v3 native interface, specify -c3. To use compatibility mode ,
+either do not use -c at all or use -c<vers> where vers is the rsyslog
+version that it shall be compatible to. Use -c0 to be command-line
+compatible to sysklogd.
+
+Please note that rsyslogd issues warning messages if the -c3 command
+line option is not given. This is to alert you that your are running in
+compatibility mode. Compatibility mode interferes with your rsyslog.conf
+commands and may cause some undesired side-effects. It is meant to be
+used with a plain old rsyslog.conf - if you use new features, things
+become messy. So the best advise is to work through this document,
+convert your options and config file and then use rsyslog in native
+mode. In order to aid you in this process, rsyslog logs every
+compatibility-mode config file directive it has generated. So you can
+simply copy them from your logfile and paste them to the config.
+
+-e Option
+---------
+
+This option is no longer supported, as the "last message repeated n
+times" feature is now turned off by default. We changed this default
+because this feature is causing a lot of trouble and we need to make it
+either go away or change the way it works. For more information, please
+see our dedicated `forum thread on "last message repeated n
+times" <http://www.rsyslog.com/PNphpBB2-viewtopic-p-1130.phtml>`_. This
+thread also contains information on how to configure rsyslogd so that it
+continues to support this feature (as long as it is not totally
+removed).
+
+-m Option
+---------
+
+The -m command line option is emulated in compatibility mode. To replace
+it, use the following config directives (compatibility mode
+auto-generates them):
+
+::
+
+ $ModLoad immark
+ $MarkMessagePeriod 1800 # 30 minutes
+
+-r Option
+---------
+
+Is no longer available in native mode. However, it is understood in
+compatibility mode (if no -c option is given). Use the ``$UDPSeverRun
+<port>`` config file directives. You can now also set the local address
+the server should listen to via ``$UDPServerAddress <ip>`` config
+directive.
+
+The following example configures an UDP syslog server at the local
+address 192.0.2.1 on port 514:
+
+::
+
+ $ModLoad imudp
+ $UDPServerAddress 192.0.2.1 # this MUST be before the $UDPServerRun directive!
+ $UDPServerRun 514
+
+``$UDPServerAddress \*`` means listen on all local interfaces. This is the
+default if no directive is specified.
+
+Please note that now multiple listeners are supported. For example, you
+can do the following:
+
+::
+
+ $ModLoad imudp
+ $UDPServerAddress 192.0.2.1 # this MUST be before the $UDPServerRun directive!
+ $UDPServerRun 514
+ $UDPServerAddress \* # all local interfaces
+ $UDPServerRun 1514
+
+These config file settings run two listeners: one at 192.0.2.1:514 and
+one on port 1514, which listens on all local interfaces.
+
+Default port for UDP (and TCP) Servers
+--------------------------------------
+
+Please note that with pre-v3 rsyslogd, a service database lookup was
+made when a UDP server was started and no port was configured. Only if
+that failed, the IANA default of 514 was used. For TCP servers, this
+lookup was never done and 514 always used if no specific port was
+configured. For consistency, both TCP and UDP now use port 514 as
+default. If a lookup is desired, you need to specify it in the "Run"
+directive, e.g. "*$UDPServerRun syslog*\ ".
+
+klogd
+-----
+
+klogd has (finally) been replaced by a loadable input module. To enable
+klogd functionality, do
+
+::
+
+ $ModLoad imklog
+
+Note that this can not be handled by the compatibility layer, as klogd
+was a separate binary. A limited set of klogd command line settings is
+now supported via rsyslog.conf. That set of configuration directives is
+to be expanded. 
+
+Output File Syncing
+-------------------
+
+Rsyslogd tries to keep as compatible to stock syslogd as possible. As
+such, it retained stock syslogd's default of syncing every file write if
+not specified otherwise (by placing a dash in front of the output file
+name). While this was a useful feature in past days where hardware was
+much less reliable and UPS seldom, this no longer is useful in today's
+world. Instead, the syncing is a high performance hit. With it, rsyslogd
+writes files around 50 **times** slower than without it. It also affects
+overall system performance due to the high IO activity. In rsyslog v3,
+syncing has been turned off by default. This is done via a specific
+configuration directive
+
+::
+ $ActionFileEnableSync on/off
+
+which is off by
+default. So even if rsyslogd finds sync selector lines, it ignores them
+by default. In order to enable file syncing, the administrator must
+specify ``$ActionFileEnableSync on`` at the top of rsyslog.conf. This
+ensures that syncing only happens in some installations where the
+administrator actually wanted that (performance-intense) feature. In the
+fast majority of cases (if not all), this dramatically increases
+rsyslogd performance without any negative effects.
+
+Output File Format
+------------------
+
+Rsyslog supports high precision RFC 3339 timestamps and puts these into
+local log files by default. This is a departure from previous syslogd
+behaviour. We decided to sacrifice some backward-compatibility in an
+effort to provide a better logging solution. Rsyslog has been supporting
+the high-precision timestamps for over three years as of this writing,
+but nobody used them because they were not default (one may also assume
+that most people didn't even know about them). Now, we are writing the
+great high-precision time stamps, which greatly aid in getting the right
+sequence of logging events. If you do not like that, you can easily turn
+them off by placing
+
+::
+
+ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+right at the start of your rsyslog.conf. This will use the previous
+format. Please note that the name is case-sensitive and must be
+specified exactly as shown above. Please also note that you can of
+course use any other format of your liking. To do so, simply specify the
+template to use or set a new default template via the
+$ActionFileDefaultTemplate directive. Keep in mind, though, that
+templates must be defined before they are used.
+
+Keep in mind that when receiving messages from remote hosts, the
+timestamp is just as precise as the remote host provided it. In most
+cases, this means you will only a receive a standard timestamp with
+second precision. If rsyslog is running at the remote end, you can
+configure it to provide high-precision timestamps (see below).
+
+Forwarding Format
+-----------------
+
+When forwarding messages to remote syslog servers, rsyslogd by default
+uses the plain old syslog format with second-level resolution inside the
+timestamps. We could have made it emit high precision timestamps.
+However, that would have broken almost all receivers, including earlier
+versions of rsyslog. To avoid this hassle, high-precision timestamps
+need to be explicitly enabled. To make this as painless as possible,
+rsyslog comes with a canned template that contains everything necessary.
+ To enable high-precision timestamps, just use:
+
+::
+
+ $ActionForwardDefaultTemplate RSYSLOG_ForwardFormat # for plain TCP and UDP
+ $ActionGSSForwardDefaultTemplate RSYSLOG_ForwardFormat # for GSS-API
+
+And, of course, you can always set different forwarding formats by just
+specifying the right template.
+
+If you are running in a system with only rsyslog 3.12.5 and above in the
+receiver roles, it is suggested to add one (or both) of the above
+statements to the top of your rsyslog.conf (but after the $ModLoad's!) -
+that will enable you to use the best in timestamp support available.
+Please note that when you use this format with other receivers, they
+will probably become pretty confused and not detect the timestamp at
+all. In earlier rsyslog versions, for example, that leads to duplication
+of timestamp and hostname fields and disables the detection of the
+original hostname in a relayed/NATed environment. So use the new format
+with care.
+
+Queue Modes for the Main Message Queue
+--------------------------------------
+
+Either "FixedArray" or "LinkedList" is recommended. "Direct" is
+available, but should not be used except for a very good reason
+("Direct" disables queueing and will potentially lead to message loss on
+the input side).