rsyslog 8.10.0 发布,syslogd 多线程增强版

oschina
 oschina
发布于 2015年05月20日
收藏 10

Rsyslog 是一个 syslogd 的多线程增强版。

rsyslog 8.10.0 发布,此版本更新内容如下:

  • imfile: add capability to process multi-line messages based on regex input parameter "endmsg.regex" was added for that purpose. The new mode provides much more power in processing different multiline-formats.

  • pmrfc3164: add new parameters

    • "detect.yearAfterTimestamp"
      This supports timestamps as generated e.g. by some Aruba Networks equipment.

    • "permit.

      squareBracesInHostname"
      Permits to use "hostnames" in the form of "[127.0.0.1]"; also seen in Aruba Networks equipment, but we strongly assume this can also happen in other cases, especially with IPv6.

  • supplementary groups are now set when dropping privileges
    closes https://github.com/rsyslog/rsyslog/issues/296
    Thanks to Zach Lisinski for the patch.

  • imfile: added brace glob expansion to wildcard
    Thanks to Zach Lisinski for the patch.

  • zmq: add the ability for zeromq input and outputs to advertise their presence on UDP via the zbeacon API.
    Thanks to Brian Knox for the contribution.

  • added omhttpfs: contributed module for writing to HDFS via HTTP
    Thanks to sskaje for the contribution.

  • Configure option "–disable-debug-symbols" added which is disabled per default. If you set the new option, configure won’t set the appropriate compiler flag to generate debug symbols anymore.

  • When building from git source we now require rst2man and yacc (or a replacement like bison).
    That isn’t any new requirement, we only added missing configure checks.

  • Configure option "–enable-generate-man-pages" is now disabled for non git source builds per default but enforced when building from git source.

  • mmpstrucdata: some code cleanup
    removed lots of early development debug outputs

  • bugfix imuxsock: fix a crash when setting a hostname
    Setting a hostname via the legacy directive would lead to a crash during shutdown caused by a double-free.
    Thanks to Tomas Heinrich for the patch.

  • bugfix: memory leak in mmpstrucdata
    Thanks to Grégoire Seux for reporting this issue.
    closes https://github.com/rsyslog/rsyslog/issues/310

  • bugfix (minor): default action name: assigned number was one off
    see also https://github.com/rsyslog/rsyslog/pull/340
    Thanks to Tomas Heinrich for the patch.

  • bugfix: memory leak in imfile

本站文章除注明转载外,均为本站原创或编译。欢迎任何形式的转载,但请务必注明出处,尊重他人劳动共创开源社区。
转载请注明:文章转载自 开源中国社区 [http://www.oschina.net]
本文标题:rsyslog 8.10.0 发布,syslogd 多线程增强版
加载中

最新评论(4

shajiquan
shajiquan
很好。
jklin
jklin
测试
eechen
eechen
用于日志归档的logrotate不是守护进程,是一个crontab定时任务(/etc/cron.daily/logrotate)。
rsyslog要使用logrotate归档日志,就需要写一个任务到/etc/logrotate.d/下,比如:
/etc/logrotate.d/rsyslog

用apt-get安装的MySQL、Nginx等等都会在/etc/logrotate.d/下加入一个日志归档任务。
Nginx的官方Deb包同样包含有这个任务的脚本,可以下载来看看:
http://nginx.org/packages/ubuntu/pool/nginx/n/nginx/

查看logrotate最近进行了哪些日志归档:
less /var/lib/logrotate/status
eechen
eechen
rsyslog是Linux默认的系统日志守护进程,开机时以服务形式自启动,运行用户为syslog.
rsyslog只负责记录系统相关日志,比如/var/log/syslog等,在/etc/rsyslog.d/50-default.conf有定义.
rsyslog是一个多线程应用,执行以下任一命令可见:
cat /proc/`pidof rsyslogd`/status|grep Threads
ps -efL|head -n1 && ps -efL|grep rsyslogd
top -H -p `pidof rsyslogd`
ldd `which rsyslogd`|grep pthread

rsyslog服务管理脚本为(以Ubuntu为例):
/etc/init.d/rsyslog
/etc/init/rsyslog.conf
rsyslog配置:
/etc/rsyslog.conf
/etc/rsyslog.d/50-default.conf
rsyslog配置里定义了rsyslog记录的系统日志,比如:
/var/log/syslog 系统日志
/var/log/kern.log 内核日志
/var/log/auth.log 认证日志
/var/log/mail.log 邮件日志
可以直接用split/cat/grep/head/tail/less/vim查看这些rsyslog日志.

查看rsyslogd打开的文件:
sudo lsof -p `pidof rsyslogd`
/var/log/syslog
/var/log/kern.log
/var/log/auth.log
/var/log/ufw.log

查看打开syslog的程序:
sudo lsof /var/log/syslog
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 634 syslog 1w REG 8,6 111095 4066440 /var/log/syslog
返回顶部
顶部