From f06d03122726b4a0b4485551128971c76bd6f972 Mon Sep 17 00:00:00 2001 From: Languages add-on Date: May 02 2024 07:19:18 +0000 Subject: Added translation using Weblate (Norwegian Nynorsk) Co-authored-by: Languages add-on --- diff --git a/po/nn/f34/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.po b/po/nn/f34/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.po new file mode 100644 index 0000000..70ff8f9 --- /dev/null +++ b/po/nn/f34/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.po @@ -0,0 +1,5321 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# Languages add-on , 2024. +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2023-01-27 13:19+0000\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"Language: nn\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: Title = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:5 +#, no-wrap +msgid "Viewing and Managing Log Files" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:8 +msgid "" +"indexterm:[log files,System Log]indexterm:[log files,description] _Log " +"files_ are files that contain messages about the system, including the " +"kernel, services, and applications running on it. There are different log " +"files for different information. For example, there is a default system log " +"file, a log file just for security messages, and a log file for cron tasks." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:12 +msgid "" +"Log files can be very useful when trying to troubleshoot a problem with the " +"system such as trying to load a kernel driver or when looking for " +"unauthorized login attempts to the system. This chapter discusses where to " +"find log files, how to view log files, and what to look for in log files. " +"indexterm:[log files,rsyslogd daemon]indexterm:[rsyslog] Some log files are " +"controlled by a daemon called `rsyslogd`. The `rsyslogd` daemon is an " +"enhanced replacement for [application]*sysklogd*, and provides extended " +"filtering, encryption protected relaying of messages, various configuration " +"options, input and output modules, support for transportation via the `TCP` " +"or `UDP` protocols. Note that [application]*rsyslog* is compatible with " +"[application]*sysklogd*." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:14 +msgid "" +"Log files can also be managed by the `journald` daemon – a component " +"of `systemd`. The `journald` daemon captures Syslog messages, kernel log " +"messages, initial RAM disk and early boot messages as well as messages " +"written to standard output and standard error output of all services, " +"indexes them and makes this available to the user. The native journal file " +"format, which is a structured and indexed binary file, improves searching " +"and provides faster operation, and it also stores meta data information like " +"time stamps or user IDs. Log files produced by `journald` are by default not " +"persistent, log files are stored only in memory or a small ring-buffer in " +"the `/run/log/journal/` directory. The amount of logged data depends on free " +"memory, when you reach the capacity limit, the oldest entries are " +"deleted. However, this setting can be altered – see " +"xref:Viewing_and_Managing_Log_Files.adoc#s2-Enabling_Persistent_Storage[Enabling " +"Persistent Storage]. For more information on Journal see " +"xref:Viewing_and_Managing_Log_Files.adoc#s1-Using_the_Journal[Using the " +"Journal]." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:16 +msgid "" +"By default, only `journald` is installed on your system. You have to install " +"rsyslog youself. Also do not forget to enable and start it after install " +"before continuing with rest of this guide. The `journald` daemon is the " +"primary tool for troubleshooting. It also provides additional data necessary " +"for creating structured log messages. Data acquired by `journald` is " +"forwarded into the `/run/systemd/journal/syslog` socket that may be used by " +"`rsyslogd` to process the data further. However, [application]*rsyslog* does " +"the actual integration by default via the `imjournal` input module, thus " +"avoiding the aforementioned socket. You can also transfer data in the " +"opposite direction, from `rsyslogd` to `journald` with use of `omjournal` " +"module. See " +"xref:Viewing_and_Managing_Log_Files.adoc#s1-interaction_of_rsyslog_and_journal[Interaction " +"of Rsyslog and Journal] for further information. The integration enables " +"maintaining text-based logs in a consistent format to ensure compatibility " +"with possible applications or configurations dependent on `rsyslogd`. Also, " +"you can maintain rsyslog messages in a structured format (see " +"xref:Viewing_and_Managing_Log_Files.adoc#s1-structured_logging_with_rsyslog[Structured " +"Logging with Rsyslog])." +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:18 +#, no-wrap +msgid "Locating Log Files" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:23 +msgid "" +"indexterm:[log files,locating] A list of log files maintained by `rsyslogd` " +"can be found in the `/etc/rsyslog.conf` configuration file. Most log files " +"are located in the `/var/log/` directory. Some applications such as " +"[command]#httpd# and [command]#samba# have a directory within `/var/log/` " +"for their log files. indexterm:[log files,rotating]indexterm:[logrotate] " +"You may notice multiple files in the `/var/log/` directory with numbers " +"after them (for example, `cron-20100906`). These numbers represent a time " +"stamp that has been added to a rotated log file. Log files are rotated so " +"their file sizes do not become too large. The `logrotate` package contains a " +"cron task that automatically rotates log files according to the " +"`/etc/logrotate.conf` configuration file and the configuration files in the " +"`/etc/logrotate.d/` directory." +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:25 +#, no-wrap +msgid "Basic Configuration of Rsyslog" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:28 +msgid "" +"indexterm:[rsyslog,configuration] The main configuration file for " +"[application]*rsyslog* is `/etc/rsyslog.conf`. Here, you can specify _global " +"directives_, _modules_, and _rules_ that consist of _filter_ and _action_ " +"parts. Also, you can add comments in the form of text following a hash sign " +"(`#`)." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:30 +#, no-wrap +msgid "Filters" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:33 +msgid "" +"indexterm:[rsyslog,filters] A rule is specified by a *filter* part, which " +"selects a subset of syslog messages, and an *action* part, which specifies " +"what to do with the selected messages. To define a rule in your " +"`/etc/rsyslog.conf` configuration file, define both, a filter and an action, " +"on one line and separate them with one or more spaces or tabs." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:35 +msgid "" +"[application]*rsyslog* offers various ways to filter syslog messages " +"according to selected properties. The available filtering methods can be " +"divided into *Facility/Priority-based*, *Property-based*, and " +"*Expression-based* filters." +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:36 +#, no-wrap +msgid "Facility/Priority-based filters" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:37 +msgid "" +"The most used and well-known way to filter syslog messages is to use the " +"facility/priority-based filters which filter syslog messages based on two " +"conditions: _facility_ and _priority_ separated by a dot. To create a " +"selector, use the following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:42 +#, no-wrap +msgid "_FACILITY_._PRIORITY_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:46 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:99 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:160 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:241 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:290 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:369 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:468 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:516 +msgid "where:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:48 +msgid "" +"_FACILITY_ specifies the subsystem that produces a specific syslog " +"message. For example, the [command]#mail# subsystem handles all mail-related " +"syslog messages. _FACILITY_ can be represented by one of the following " +"keywords (or by a numerical code): [command]#kern# (0), [command]#user# (1), " +"[command]#mail# (2), [command]#daemon# (3), [command]#auth# (4), " +"[command]#syslog# (5), [command]#lpr# (6), [command]#news# (7), " +"[command]#uucp# (8), [command]#cron# (9), [command]#authpriv# (10), " +"[command]#ftp# (11), [command]#ntp# (12), [command]#logaudit# (13), " +"[command]#logalert# (14), [command]#clock# (15), and [command]#local0# " +"through [command]#local7# (16 - 23)." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:50 +msgid "" +"_PRIORITY_ specifies a priority of a syslog message. _PRIORITY_ can be " +"represented by one of the following keywords (or by a number): " +"[command]#debug# (7), [command]#info# (6), [command]#notice# (5), " +"[command]#warning# (4), [command]#err# (3), [command]#crit# (2), " +"[command]#alert# (1), and [command]#emerg# (0)." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:52 +msgid "" +"The aforementioned syntax selects syslog messages with the defined or " +"*higher* priority. By preceding any priority keyword with an equal sign " +"(`=`), you specify that only syslog messages with the specified priority " +"will be selected. All other priorities will be ignored. Conversely, " +"preceding a priority keyword with an exclamation mark (`!`) selects all " +"syslog messages except those with the defined priority." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:54 +msgid "" +"In addition to the keywords specified above, you may also use an asterisk " +"(`*`) to define all facilities or priorities (depending on where you place " +"the asterisk, before or after the comma). Specifying the priority keyword " +"`none` serves for facilities with no given priorities. Both facility and " +"priority conditions are case-insensitive." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:56 +msgid "" +"To define multiple facilities and priorities, separate them with a comma " +"(`,`). To define multiple selectors on one line, separate them with a " +"semi-colon (`;`). Note that each selector in the selector field is capable " +"of overwriting the preceding ones, which can exclude some priorities from " +"the pattern." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:58 +#, no-wrap +msgid "Facility/Priority-based Filters" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:62 +msgid "" +"The following are a few examples of simple facility/priority-based filters " +"that can be specified in `/etc/rsyslog.conf`. To select all kernel syslog " +"messages with any priority, add the following text into the configuration " +"file:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:66 +#, no-wrap +msgid "kern.*\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:70 +msgid "" +"To select all mail syslog messages with priority [command]#crit# and higher, " +"use this form:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:75 +#, no-wrap +msgid "mail.crit\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:79 +msgid "" +"To select all cron syslog messages except those with the [command]#info# or " +"[command]#debug# priority, set the configuration in the following form:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:84 +#, no-wrap +msgid "cron.!info,!debug\n" +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:89 +#, no-wrap +msgid "Property-based filters" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:90 +msgid "" +"Property-based filters let you filter syslog messages by any property, such " +"as `timegenerated` or `syslogtag`. For more information on properties, see " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-properties[Properties]. You " +"can compare each of the specified properties to a particular value using one " +"of the compare-operations listed in " +"xref:Viewing_and_Managing_Log_Files.adoc#table-compare-operations[Property-based " +"compare-operations]. Both property names and compare operations are " +"case-sensitive." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:92 +msgid "" +"Property-based filter must start with a colon (`:`). To define the filter, " +"use the following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:96 +#, no-wrap +msgid "" +":pass:quotes[_PROPERTY_], [!]pass:quotes[_COMPARE_OPERATION_], " +"\"pass:quotes[_STRING_]\"\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:101 +msgid "The _PROPERTY_ attribute specifies the desired property." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:103 +msgid "" +"The optional exclamation point (`!`) negates the output of the " +"compare-operation. Other Boolean operators are currently not supported in " +"property-based filters." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:105 +msgid "" +"The _COMPARE_OPERATION_ attribute specifies one of the compare-operations " +"listed in " +"xref:Viewing_and_Managing_Log_Files.adoc#table-compare-operations[Property-based " +"compare-operations]." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:107 +msgid "" +"The _STRING_ attribute specifies the value that the text provided by the " +"property is compared to. This value must be enclosed in quotation marks. To " +"escape certain character inside the string (for example a quotation mark " +"(`\"`)), use the backslash character (`\\`)." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:109 +#, no-wrap +msgid "Property-based compare-operations" +msgstr "" + +#. type: Table +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:120 +#, no-wrap +msgid "" +"|Compare-operation|Description\n" +"|`contains`|Checks whether the provided string matches any part of the text " +"provided by the property. To perform case-insensitive comparisons, use " +"`contains_i`.\n" +"|`isequal`|Compares the provided string against all of the text provided by " +"the property. These two values must be exactly equal to match.\n" +"|`startswith`|Checks whether the provided string is found exactly at the " +"beginning of the text provided by the property. To perform case-insensitive " +"comparisons, use `startswith_i`.\n" +"|`regex`|Compares the provided POSIX BRE (Basic Regular Expression) against " +"the text provided by the property.\n" +"|`ereregex`|Compares the provided POSIX ERE (Extended Regular Expression) " +"regular expression against the text provided by the property.\n" +"|`isempty`|Checks if the property is empty. The value is discarded. This is " +"especially useful when working with normalized data, where some fields may " +"be populated based on normalization result.\n" +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:123 +#, no-wrap +msgid "Property-based Filters" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:127 +msgid "" +"The following are a few examples of property-based filters that can be " +"specified in `/etc/rsyslog.conf`. To select syslog messages which contain " +"the string `error` in their message text, use:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:131 +#, no-wrap +msgid ":msg, contains, \"error\"\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:134 +msgid "" +"The following filter selects syslog messages received from the host name " +"`host1`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:138 +#, no-wrap +msgid ":hostname, isequal, \"host1\"\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:141 +msgid "" +"To select syslog messages which do not contain any mention of the words " +"`fatal` and `error` with any or no text between them (for example, `fatal " +"lib error`), type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:144 +#, no-wrap +msgid ":msg, !regex, \"fatal .* error\"\n" +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:148 +#, no-wrap +msgid "Expression-based filters" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:149 +msgid "" +"Expression-based filters select syslog messages according to defined " +"arithmetic, Boolean or string operations. Expression-based filters use " +"[application]*rsyslog*pass:attributes[{blank}]'s own scripting language " +"called *RainerScript* to build complex filters." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:151 +msgid "The basic syntax of expression-based filter looks as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:156 +#, no-wrap +msgid "if _EXPRESSION_ then _ACTION_ else _ACTION_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:162 +msgid "" +"The _EXPRESSION_ attribute represents an expression to be evaluated, for " +"example: `$msg startswith 'DEVNAME'` or `$syslogfacility-text == " +"'local0'`. You can specify more than one expression in a single filter by " +"using `and` and `or` operators." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:164 +msgid "" +"The _ACTION_ attribute represents an action to be performed if the " +"expression returns the value `true`. This can be a single action, or an " +"arbitrary complex script enclosed in curly braces." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:166 +msgid "" +"Expression-based filters are indicated by the keyword *if* at the start of a " +"new line. The *then* keyword separates the _EXPRESSION_ from the " +"_ACTION_. Optionally, you can employ the *else* keyword to specify what " +"action is to be performed in case the condition is not met." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:168 +msgid "" +"With expression-based filters, you can nest the conditions by using a script " +"enclosed in curly braces as in " +"xref:Viewing_and_Managing_Log_Files.adoc#ex-expression-based_filters[Expression-based " +"Filters]. The script allows you to use *facility/priority-based* filters " +"inside the expression. On the other hand, *property-based* filters are not " +"recommended here. RainerScript supports regular expressions with specialized " +"functions `re_match()` and `re_extract()`." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:170 +#, no-wrap +msgid "Expression-based Filters" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:174 +msgid "" +"The following expression contains two nested conditions. The log files " +"created by a program called *prog1* are split into two files based on the " +"presence of the \"test\" string in the message." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:185 +#, no-wrap +msgid "" +"if $programname == 'prog1' then {\n" +" action(type=\"omfile\" file=\"/var/log/prog1.log\")\n" +" if $msg contains 'test' then\n" +" action(type=\"omfile\" file=\"/var/log/prog1test.log\")\n" +" else\n" +" action(type=\"omfile\" file=\"/var/log/prog1notest.log\")\n" +"}\n" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:191 +msgid "" +"See " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online " +"Documentation] for more examples of various expression-based " +"filters. RainerScript is the basis for " +"[application]*rsyslog*pass:attributes[{blank}]'s new configuration format, " +"see " +"xref:Viewing_and_Managing_Log_Files.adoc#sec-using_the_new_configuration_format[Using " +"the New Configuration Format]" +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:193 +#, no-wrap +msgid "Actions" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:196 +msgid "" +"indexterm:[rsyslog,actions] Actions specify what is to be done with the " +"messages filtered out by an already-defined selector. The following are some " +"of the actions you can define in your rule:" +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:197 +#, no-wrap +msgid "Saving syslog messages to log files" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:198 +msgid "" +"The majority of actions specify to which log file a syslog message is " +"saved. This is done by specifying a file path after your already-defined " +"selector:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:202 +#, no-wrap +msgid "_FILTER_ _PATH_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:205 +msgid "" +"where _FILTER_ stands for user-specified selector and _PATH_ is a path of a " +"target file." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:207 +msgid "" +"For instance, the following rule is comprised of a selector that selects all " +"[application]*cron* syslog messages and an action that saves them into the " +"`/var/log/cron.log` log file:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:210 +#, no-wrap +msgid "cron.* /var/log/cron.log\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:213 +msgid "" +"By default, the log file is synchronized every time a syslog message is " +"generated. Use a dash mark (`-`) as a prefix of the file path you specified " +"to omit syncing:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:217 +#, no-wrap +msgid "_FILTER_ -_PATH_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:220 +msgid "" +"Note that you might lose information if the system terminates right after a " +"write attempt. However, this setting can improve performance, especially if " +"you run programs that produce very verbose log messages." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:222 +msgid "" +"Your specified file path can be either *static* or *dynamic*. Static files " +"are represented by a fixed file path as shown in the example above. Dynamic " +"file paths can differ according to the received message. Dynamic file paths " +"are represented by a template and a question mark (`?`) prefix:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:226 +#, no-wrap +msgid "_FILTER_ ?_DynamicFile_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:229 +msgid "" +"where _DynamicFile_ is a name of a predefined template that modifies output " +"paths. You can use the dash prefix (`-`) to disable syncing, also you can " +"use multiple templates separated by a colon (`;`). For more information on " +"templates, see " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-generating-dynamic-fnames[Generating " +"Dynamic File Names]." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:231 +msgid "" +"If the file you specified is an existing [application]*terminal* or " +"`/dev/console` device, syslog messages are sent to standard output (using " +"special [application]*terminal*-handling) or your console (using special " +"`/dev/console`-handling) when using the X Window System, respectively." +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:232 +#, no-wrap +msgid "Sending syslog messages over the network" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:233 +msgid "" +"[application]*rsyslog* allows you to send and receive syslog messages over " +"the network. This feature allows you to administer syslog messages of " +"multiple hosts on one machine. To forward syslog messages to a remote " +"machine, use the following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:237 +#, no-wrap +msgid "@([command]#zpass:attributes[{blank}]_NUMBER_pass:attributes[{blank}]#)_HOST_:pass:attributes[{blank}]_PORT_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:243 +msgid "" +"The at sign (`@`) indicates that the syslog messages are forwarded to a host " +"using the `UDP` protocol. To use the `TCP` protocol, use two at signs with " +"no space between them (`@@`)." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:245 +msgid "" +"The optional " +"[command]#zpass:attributes[{blank}]_NUMBER_pass:attributes[{blank}]# setting " +"enables [application]*zlib* compression for syslog messages. The _NUMBER_ " +"attribute specifies the level of compression (from 1 – lowest to 9 " +"– maximum). Compression gain is automatically checked by `rsyslogd`, " +"messages are compressed only if there is any compression gain and messages " +"below 60 bytes are never compressed." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:247 +msgid "" +"The _HOST_ attribute specifies the host which receives the selected syslog " +"messages." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:249 +msgid "The _PORT_ attribute specifies the host machine's port." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:251 +msgid "" +"When specifying an `IPv6` address as the host, enclose the address in square " +"brackets (`[`, `]`)." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:253 +#, no-wrap +msgid "Sending syslog Messages over the Network" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:257 +msgid "" +"The following are some examples of actions that forward syslog messages over " +"the network (note that all actions are preceded with a selector that selects " +"all messages with any priority). To forward messages to `192.168.0.1` via " +"the `UDP` protocol, type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:261 +#, no-wrap +msgid "*.* @192.168.0.1\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:265 +msgid "" +"To forward messages to \"example.com\" using port 18 and the `TCP` protocol, " +"use:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:269 +#, no-wrap +msgid "*.* @@example.com:18\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:273 +msgid "" +"The following compresses messages with [application]*zlib* (level 9 " +"compression) and forwards them to `2001:db8::1` using the `UDP` protocol" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:277 +#, no-wrap +msgid "*.* @(z9)[2001:db8::1]\n" +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:282 +#, no-wrap +msgid "Output channels" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:283 +msgid "" +"Output channels are primarily used to specify the maximum size a log file " +"can grow to. This is very useful for log file rotation (for more information " +"see xref:Viewing_and_Managing_Log_Files.adoc#s2-log_rotation[Log " +"Rotation]). An output channel is basically a collection of information about " +"the output action. Output channels are defined by the `$outchannel` " +"directive. To define an output channel in `/etc/rsyslog.conf`, use the " +"following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:287 +#, no-wrap +msgid "" +"$outchannel pass:quotes[_NAME_], pass:quotes[_FILE_NAME_], " +"pass:quotes[_MAX_SIZE_], pass:quotes[_ACTION_]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:292 +msgid "The _NAME_ attribute specifies the name of the output channel." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:294 +msgid "" +"The _FILE_NAME_ attribute specifies the name of the output file. Output " +"channels can write only into files, not pipes, terminal, or other kind of " +"output." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:296 +msgid "" +"The _MAX_SIZE_ attribute represents the maximum size the specified file (in " +"_FILE_NAME_) can grow to. This value is specified in *bytes*." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:298 +msgid "" +"The _ACTION_ attribute specifies the action that is taken when the maximum " +"size, defined in _MAX_SIZE_, is hit." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:300 +msgid "To use the defined output channel as an action inside a rule, type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:304 +#, no-wrap +msgid "_FILTER_ :omfile:$pass:attributes[{blank}]_NAME_\n" +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:307 +#, no-wrap +msgid "Output channel log rotation" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:311 +msgid "" +"The following output shows a simple log rotation through the use of an " +"output channel. First, the output channel is defined via the `$outchannel` " +"directive:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:315 +#, no-wrap +msgid "" +" $outchannel log_rotation, /var/log/test_log.log, 104857600, " +"/home/joe/log_rotation_script\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:319 +msgid "" +"and then it is used in a rule that selects every syslog message with any " +"priority and executes the previously-defined output channel on the acquired " +"syslog messages:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:323 +#, no-wrap +msgid "*.* :omfile:$log_rotation\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:327 +msgid "" +"Once the limit (in the example 100{nbsp}MB) is hit, the " +"`/home/joe/log_rotation_script` is executed. This script can contain " +"anything from moving the file into a different folder, editing specific " +"content out of it, or simply removing it." +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:330 +#, no-wrap +msgid "Sending syslog messages to specific users" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:331 +msgid "" +"[application]*rsyslog* can send syslog messages to specific users by " +"specifying a user name of the user you want to send the messages to (as in " +"xref:Viewing_and_Managing_Log_Files.adoc#ex-multiple_actions[Specifying " +"Multiple Actions]). To specify more than one user, separate each user name " +"with a comma (`,`). To send messages to every user that is currently logged " +"on, use an asterisk (`*`)." +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:332 +#, no-wrap +msgid "Executing a program" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:333 +msgid "" +"[application]*rsyslog* lets you execute a program for selected syslog " +"messages and uses the `system()` call to execute the program in shell. To " +"specify a program to be executed, prefix it with a caret character " +"(`^`). Consequently, specify a template that formats the received message " +"and passes it to the specified executable as a one line parameter (for more " +"information on templates, see " +"xref:Viewing_and_Managing_Log_Files.adoc#s2-Templates[Templates])." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:337 +#, no-wrap +msgid "pass:quotes[_FILTER_] ^pass:quotes[_EXECUTABLE_]; pass:quotes[_TEMPLATE_]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:340 +msgid "" +"Here an output of the _FILTER_ condition is processed by a program " +"represented by _EXECUTABLE_. This program can be any valid " +"executable. Replace _TEMPLATE_ with the name of the formatting template." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:342 +#, no-wrap +msgid "Executing a Program" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:346 +msgid "" +"In the following example, any syslog message with any priority is selected, " +"formatted with the `template` template and passed as a parameter to the " +"[application]*test-program* program, which is then executed with the " +"provided parameter:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:349 +#, no-wrap +msgid "*.* ^test-program;template\n" +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:353 +#, no-wrap +msgid "Be careful when using the shell execute action" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:358 +msgid "" +"When accepting messages from any host, and using the shell execute action, " +"you may be vulnerable to command injection. An attacker may try to inject " +"and execute commands in the program you specified to be executed in your " +"action. To avoid any possible security threats, thoroughly consider the use " +"of the shell execute action." +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:361 +#, no-wrap +msgid "Storing syslog messages in a database" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:362 +msgid "" +"Selected syslog messages can be directly written into a database table using " +"the *database writer* action. The database writer uses the following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:366 +#, no-wrap +msgid ":pass:quotes[_PLUGIN_]:pass:quotes[_DB_HOST_],pass:quotes[_DB_NAME_],pass:quotes[_DB_USER_],pass:quotes[_DB_PASSWORD_];pass:quotes[_TEMPLATE_]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:371 +msgid "" +"The _PLUGIN_ calls the specified plug-in that handles the database writing " +"(for example, the `ommysql` plug-in)." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:373 +msgid "The _DB_HOST_ attribute specifies the database host name." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:375 +msgid "The _DB_NAME_ attribute specifies the name of the database." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:377 +msgid "The _DB_USER_ attribute specifies the database user." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:379 +msgid "" +"The _DB_PASSWORD_ attribute specifies the password used with the " +"aforementioned database user." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:381 +msgid "" +"The _TEMPLATE_ attribute specifies an optional use of a template that " +"modifies the syslog message. For more information on templates, see " +"xref:Viewing_and_Managing_Log_Files.adoc#s2-Templates[Templates]." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:382 +#, no-wrap +msgid "Using MySQL and PostgreSQL" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:388 +msgid "" +"Currently, [application]*rsyslog* provides support for `MySQL` and " +"`PostgreSQL` databases only. In order to use the `MySQL` and `PostgreSQL` " +"database writer functionality, install the [package]*rsyslog-mysql* and " +"[package]*rsyslog-pgsql* packages, respectively. Also, make sure you load " +"the appropriate modules in your `/etc/rsyslog.conf` configuration file:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:393 +#, no-wrap +msgid "" +"$ModLoad ommysql # Output module for MySQL support\n" +"$ModLoad ompgsql # Output module for PostgreSQL support\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:397 +msgid "" +"For more information on [application]*rsyslog* modules, see " +"xref:Viewing_and_Managing_Log_Files.adoc#s1-using_rsyslog_modules[Using " +"Rsyslog Modules]." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:399 +msgid "" +"Alternatively, you may use a generic database interface provided by the " +"`omlibdb` module (supports: Firebird/Interbase, MS SQL, Sybase, SQLLite, " +"Ingres, Oracle, mSQL)." +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:402 +#, no-wrap +msgid "Discarding syslog messages" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:403 +msgid "To discard your selected messages, use the tilde character (`~`)." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:407 +#, no-wrap +msgid "_FILTER_ ~\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:410 +msgid "" +"The discard action is mostly used to filter out messages before carrying on " +"any further processing. It can be effective if you want to omit some " +"repeating messages that would otherwise fill the log files. The results of " +"discard action depend on where in the configuration file it is specified, " +"for the best results place these actions on top of the actions list. Please " +"note that once a message has been discarded there is no way to retrieve it " +"in later configuration file lines." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:412 +msgid "For instance, the following rule discards any cron syslog messages:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:415 +#, no-wrap +msgid "cron.* ~\n" +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:417 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:432 +#, no-wrap +msgid "Specifying Multiple Actions" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:419 +msgid "" +"For each selector, you are allowed to specify multiple actions. To specify " +"multiple actions for one selector, write each action on a separate line and " +"precede it with an ampersand (&) character:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:426 +#, no-wrap +msgid "" +"_FILTER_ _ACTION_\n" +"& _ACTION_\n" +"& _ACTION_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:430 +msgid "" +"Specifying multiple actions improves the overall performance of the desired " +"outcome since the specified selector has to be evaluated only once." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:436 +msgid "" +"In the following example, all kernel syslog messages with the critical " +"priority (`crit`) are sent to user `user1`, processed by the template `temp` " +"and passed on to the `test-program` executable, and forwarded to " +"`192.168.0.1` via the `UDP` protocol." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:442 +#, no-wrap +msgid "" +"kern.=crit user1\n" +"& ^test-program;temp\n" +"& @192.168.0.1\n" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:448 +msgid "" +"Any action can be followed by a template that formats the message. To " +"specify a template, suffix an action with a semicolon (`;`) and specify the " +"name of the template. For more information on templates, see " +"xref:Viewing_and_Managing_Log_Files.adoc#s2-Templates[Templates]." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:449 +#, no-wrap +msgid "Using templates" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:454 +msgid "" +"A template must be defined before it is used in an action, otherwise it is " +"ignored. In other words, template definitions should always precede rule " +"definitions in `/etc/rsyslog.conf`." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:458 +#, no-wrap +msgid "Templates" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:461 +msgid "" +"indexterm:[rsyslog,templates] Any output that is generated by " +"[application]*rsyslog* can be modified and formatted according to your needs " +"with the use of *templates*. To create a template use the following syntax " +"in `/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:465 +#, no-wrap +msgid "" +"$template pass:quotes[_TEMPLATE_NAME_],\"pass:quotes[_text %PROPERTY% more " +"text_]\", pass:quotes[_OPTION_]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:470 +msgid "" +"`$template` is the template directive that indicates that the text following " +"it, defines a template." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:472 +msgid "" +"`TEMPLATE_NAME` is the name of the template. Use this name to refer to the " +"template." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:474 +msgid "" +"Anything between the two quotation marks " +"(`\"`pass:attributes[{blank}]…pass:attributes[{blank}]`\"`) is the " +"actual template text. Within this text, special characters, such as `\\n` " +"for new line or `\\r` for carriage return, can be used. Other characters, " +"such as `%` or `\"`, have to be escaped if you want to use those characters " +"literally." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:476 +msgid "" +"The text specified between two percent signs (`%`) specifies a _property_ " +"that allows you to access specific contents of a syslog message. For more " +"information on properties, see " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-properties[Properties]." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:478 +msgid "" +"The `OPTION` attribute specifies any options that modify the template " +"functionality. The currently supported template options are `sql` and " +"`stdsql`, which are used for formatting the text as an SQL query." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:479 +#, no-wrap +msgid "The sql and stdsql options" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:484 +msgid "" +"Note that the database writer checks whether the `sql` or `stdsql` options " +"are specified in the template. If they are not, the database writer does not " +"perform any action. This is to prevent any possible security threats, such " +"as SQL injection." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:486 +msgid "" +"See section [citetitle]_Storing syslog messages in a database_ in " +"xref:Viewing_and_Managing_Log_Files.adoc#s2-Actions[Actions] for more " +"information." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:490 +#, no-wrap +msgid "Generating Dynamic File Names" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:493 +msgid "" +"Templates can be used to generate dynamic file names. By specifying a " +"property as a part of the file path, a new file will be created for each " +"unique property, which is a convenient way to classify syslog messages." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:495 +msgid "" +"For example, use the `timegenerated` property, which extracts a time stamp " +"from the message, to generate a unique file name for each syslog message:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:498 +#, no-wrap +msgid "$template DynamicFile,\"/var/log/test_logs/%timegenerated%-test.log\"\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:501 +msgid "" +"Keep in mind that the `$template` directive only specifies the template. You " +"must use it inside a rule for it to take effect. In `/etc/rsyslog.conf`, use " +"the question mark (`?`) in an action definition to mark the dynamic file " +"name template:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:504 +#, no-wrap +msgid "*.* ?DynamicFile\n" +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:507 +#, no-wrap +msgid "Properties" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:509 +msgid "" +"Properties defined inside a template (between two percent signs (`%`)) " +"enable access various contents of a syslog message through the use of a " +"_property replacer_. To define a property inside a template (between the two " +"quotation marks " +"(`\"`pass:attributes[{blank}]…pass:attributes[{blank}]`\"`)), use the " +"following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:513 +#, no-wrap +msgid "%pass:quotes[_PROPERTY_NAME_]:pass:quotes[_FROM_CHAR_]:pass:quotes[_TO_CHAR_]:pass:quotes[_OPTION_]%\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:518 +msgid "" +"The _PROPERTY_NAME_ attribute specifies the name of a property. A list of " +"all available properties and their detailed description can be found in the " +"`rsyslog.conf(5)` manual page under the section *Available Properties*." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:520 +msgid "" +"_FROM_CHAR_ and _TO_CHAR_ attributes denote a range of characters that the " +"specified property will act upon. Alternatively, regular expressions can be " +"used to specify a range of characters. To do so, set the letter `R` as the " +"_FROM_CHAR_ attribute and specify your desired regular expression as the " +"_TO_CHAR_ attribute." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:522 +msgid "" +"The _OPTION_ attribute specifies any property options, such as the " +"[option]`lowercase` option to convert the input to lowercase. A list of all " +"available property options and their detailed description can be found in " +"the `rsyslog.conf(5)` manual page under the section *Property Options*." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:524 +msgid "The following are some examples of simple properties:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:526 +msgid "The following property obtains the whole message text of a syslog message:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:530 +#, no-wrap +msgid "%msg%\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:533 +msgid "" +"The following property obtains the first two characters of the message text " +"of a syslog message:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:537 +#, no-wrap +msgid "%msg:1:2%\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:540 +msgid "" +"The following property obtains the whole message text of a syslog message " +"and drops its last line feed character:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:544 +#, no-wrap +msgid "%msg:::drop-last-lf%\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:547 +msgid "" +"The following property obtains the first 10 characters of the time stamp " +"that is generated when the syslog message is received and formats it " +"according to the " +"[citetitle]_link:++https://www.rfc-editor.org/info/rfc3339++[RFC 3339]_ date " +"standard." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:551 +#, no-wrap +msgid "%timegenerated:1:10:date-rfc3339%\n" +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:553 +#, no-wrap +msgid "Template Examples" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:555 +msgid "This section presents a few examples of [application]*rsyslog* templates." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:557 +msgid "" +"xref:Viewing_and_Managing_Log_Files.adoc#example-temp1[A verbose syslog " +"message template] shows a template that formats a syslog message so that it " +"outputs the message's severity, facility, the time stamp of when the message " +"was received, the host name, the message tag, the message text, and ends " +"with a new line." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:559 +#, no-wrap +msgid "A verbose syslog message template" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:565 +#, no-wrap +msgid "" +"$template verbose, \"%syslogseverity%, %syslogfacility%, %timegenerated%, " +"%HOSTNAME%, %syslogtag%, %msg%\\n\"\n" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:570 +msgid "" +"xref:Viewing_and_Managing_Log_Files.adoc#example-temp2[A wall message " +"template] shows a template that resembles a traditional wall message (a " +"message that is send to every user that is logged in and has their `mesg(1)` " +"permission set to `yes`). This template outputs the message text, along with " +"a host name, message tag and a time stamp, on a new line (using `\\r` and " +"`\\n`) and rings the bell (using `\\7`)." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:572 +#, no-wrap +msgid "A wall message template" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:578 +#, no-wrap +msgid "" +"$template wallmsg,\"\\r\\n\\7Message from syslogd@%HOSTNAME% at " +"%timegenerated% ...\\r\\n %syslogtag% %msg%\\n\\r\"\n" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:583 +msgid "" +"xref:Viewing_and_Managing_Log_Files.adoc#example-temp3[A database formatted " +"message template] shows a template that formats a syslog message so that it " +"can be used as a database query. Notice the use of the `sql` option at the " +"end of the template specified as the template option. It tells the database " +"writer to format the message as an MySQL `SQL` query." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:585 +#, no-wrap +msgid "A database formatted message template" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:591 +#, no-wrap +msgid "" +"$template dbFormat,\"insert into SystemEvents (Message, Facility, FromHost, " +"Priority, DeviceReportedTime, ReceivedAt, InfoUnitID, SysLogTag) values " +"('%msg%', %syslogfacility%, '%HOSTNAME%', %syslogpriority%, " +"'%timereported:::date-mysql%', '%timegenerated:::date-mysql%', %iut%, " +"'%syslogtag%')\", sql\n" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:596 +msgid "" +"[application]*rsyslog* also contains a set of predefined templates " +"identified by the `RSYSLOG_` prefix. These are reserved for the syslog's use " +"and it is advisable to not create a template using this prefix to avoid " +"conflicts. The following list shows these predefined templates along with " +"their definitions." +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:597 +#, no-wrap +msgid "`RSYSLOG_DebugFormat`" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:598 +msgid "A special format used for troubleshooting property problems." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:602 +#, no-wrap +msgid "" +"\"Debug line with all properties:\\nFROMHOST: '%FROMHOST%', fromhost-ip: " +"'%fromhost-ip%', HOSTNAME: '%HOSTNAME%', PRI: %PRI%,\\nsyslogtag " +"'%syslogtag%', programname: '%programname%', APP-NAME: '%APP-NAME%', PROCID: " +"'%PROCID%', MSGID: '%MSGID%',\\nTIMESTAMP: '%TIMESTAMP%', STRUCTURED-DATA: " +"'%STRUCTURED-DATA%',\\nmsg: '%msg%'\\nescaped msg: " +"'%msg:::drop-cc%'\\nrawmsg: '%rawmsg%'\\n\\n\\\"\n" +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:604 +#, no-wrap +msgid "`RSYSLOG_SyslogProtocol23Format`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:605 +msgid "" +"The format specified in IETF's internet-draft ietf-syslog-protocol-23, which " +"is assumed to become the new syslog standard RFC." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:609 +#, no-wrap +msgid "" +"\"%PRI%1 %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% " +"%STRUCTURED-DATA% %msg%\\n\\\"\n" +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:611 +#, no-wrap +msgid "`RSYSLOG_FileFormat`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:612 +msgid "" +"A modern-style logfile format similar to TraditionalFileFormat, but with " +"high-precision time stamps and time zone information." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:616 +#, no-wrap +msgid "" +"\"%TIMESTAMP:::date-rfc3339% %HOSTNAME% " +"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\\n\\\"\n" +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:618 +#, no-wrap +msgid "`RSYSLOG_TraditionalFileFormat`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:619 +msgid "The older default log file format with low-precision time stamps." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:623 +#, no-wrap +msgid "" +"\"%TIMESTAMP% %HOSTNAME% " +"%syslogtag%%msg:::sp-if-no-1st-sp%%msg:::drop-last-lf%\\n\\\"\n" +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:625 +#, no-wrap +msgid "`RSYSLOG_ForwardFormat`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:626 +msgid "" +"A forwarding format with high-precision time stamps and time zone " +"information." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:630 +#, no-wrap +msgid "" +"\"%PRI%%TIMESTAMP:::date-rfc3339% %HOSTNAME% " +"%syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\\\"\n" +msgstr "" + +#. type: Labeled list +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:632 +#, no-wrap +msgid "`RSYSLOG_TraditionalForwardFormat`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:633 +msgid "The traditional forwarding format with low-precision time stamps." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:637 +#, no-wrap +msgid "" +"\"%PRI%%TIMESTAMP% %HOSTNAME% " +"%syslogtag:1:32%%msg:::sp-if-no-1st-sp%%msg%\\\"\n" +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:640 +#, no-wrap +msgid "Global Directives" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:643 +msgid "" +"indexterm:[rsyslog,global directives] Global directives are configuration " +"options that apply to the `rsyslogd` daemon. They usually specify a value " +"for a specific predefined variable that affects the behavior of the " +"`rsyslogd` daemon or a rule that follows. All of the global directives must " +"start with a dollar sign (`$`). Only one directive can be specified per " +"line. The following is an example of a global directive that specifies the " +"maximum size of the syslog message queue:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:648 +#, no-wrap +msgid "$MainMsgQueueSize 50000\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:652 +msgid "" +"The default size defined for this directive (10,000 messages) can be " +"overridden by specifying a different value (as shown in the example above)." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:654 +msgid "" +"You can define multiple directives in your `/etc/rsyslog.conf` configuration " +"file. A directive affects the behavior of all configuration options until " +"another occurrence of that same directive is detected. Global directives can " +"be used to configure actions, queues and for debugging. A comprehensive list " +"of all available configuration directives can be found in " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online " +"Documentation]. Currently, a new configuration format has been developed " +"that replaces the $-based syntax (see " +"xref:Viewing_and_Managing_Log_Files.adoc#sec-using_the_new_configuration_format[Using " +"the New Configuration Format]). However, classic global directives remain " +"supported as a legacy format." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:656 +#, no-wrap +msgid "Log Rotation" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:659 +msgid "" +"indexterm:[rsyslog,log rotation] The following is a sample " +"`/etc/logrotate.conf` configuration file:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:668 +#, no-wrap +msgid "" +"# rotate log files weekly\n" +"weekly\n" +"# keep 4 weeks worth of backlogs\n" +"rotate 4\n" +"# uncomment this if you want your log files compressed\n" +"compress\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:672 +msgid "" +"All of the lines in the sample configuration file define global options that " +"apply to every log file. In our example, log files are rotated weekly, " +"rotated log files are kept for four weeks, and all rotated log files are " +"compressed by [application]*gzip* into the `.gz` format. Any lines that " +"begin with a hash sign (#) are comments and are not processed." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:674 +msgid "" +"You may define configuration options for a specific log file and place it " +"under the global options. However, it is advisable to create a separate " +"configuration file for any specific log file in the `/etc/logrotate.d/` " +"directory and define any configuration options there." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:676 +msgid "" +"The following is an example of a configuration file placed in the " +"`/etc/logrotate.d/` directory:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:687 +#, no-wrap +msgid "" +"/var/log/messages {\n" +" rotate 5\n" +" weekly\n" +" postrotate\n" +" /usr/bin/killall -HUP syslogd\n" +" endscript\n" +"}\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:691 +msgid "" +"The configuration options in this file are specific for the " +"`/var/log/messages` log file only. The settings specified here override the " +"global settings where possible. Thus the rotated `/var/log/messages` log " +"file will be kept for five weeks instead of four weeks as was defined in the " +"global options." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:693 +msgid "" +"The following is a list of some of the directives you can specify in your " +"[application]*logrotate* configuration file:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:695 +msgid "" +"`weekly` — Specifies the rotation of log files to be done weekly. Similar " +"directives include:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:697 +msgid "`daily`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:699 +msgid "`monthly`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:701 +msgid "`yearly`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:703 +msgid "" +"`compress` — Enables compression of rotated log files. Similar directives " +"include:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:705 +msgid "`nocompress`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:707 +msgid "`compresscmd` — Specifies the command to be used for compressing." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:709 +msgid "`uncompresscmd`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:711 +msgid "`compressext` — Specifies what extension is to be used for compressing." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:713 +msgid "" +"`compressoptions` — Specifies any options to be passed to the compression " +"program used." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:715 +msgid "" +"`delaycompress` — Postpones the compression of log files to the next " +"rotation of log files." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:717 +msgid "" +"`rotate _INTEGER_pass:attributes[{blank}]` — Specifies the number of " +"rotations a log file undergoes before it is removed or mailed to a specific " +"address. If the value 0 is specified, old log files are removed instead of " +"rotated." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:719 +msgid "" +"`mail _ADDRESS_pass:attributes[{blank}]` — This option enables mailing of " +"log files that have been rotated as many times as is defined by the `rotate` " +"directive to the specified address. Similar directives include:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:721 +msgid "`nomail`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:723 +msgid "" +"`mailfirst` — Specifies that the just-rotated log files are to be mailed, " +"instead of the about-to-expire log files." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:725 +msgid "" +"`maillast` — Specifies that the about-to-expire log files are to be mailed, " +"instead of the just-rotated log files. This is the default option when " +"`mail` is enabled." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:727 +msgid "" +"For the full list of directives and various configuration options, see the " +"`logrotate(8)` manual page." +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:729 +#, no-wrap +msgid "Using the New Configuration Format" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:732 +msgid "" +"indexterm:[rsyslog,new configuration format] In [application]*rsyslog* " +"version 6, a new configuration syntax was introduced. This new configuration " +"format aims to be more powerful, more intuitive, and to prevent common " +"mistakes by not permitting certain invalid constructs. The syntax " +"enhancement is enabled by the new configuration processor that relies on " +"RainerScript. The legacy format is still fully supported and it is used by " +"default in the `/etc/rsyslog.conf` configuration file." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:734 +msgid "" +"RainerScript is a scripting language designed for processing network events " +"and configuring event processors such as " +"[application]*rsyslog*. RainerScript was first used to define " +"expression-based filters, see " +"xref:Viewing_and_Managing_Log_Files.adoc#ex-expression-based_filters[Expression-based " +"Filters]. The version of RainerScript in rsyslog version 7 implemented the " +"`input()` and `ruleset()` statements, which permit the `/etc/rsyslog.conf` " +"configuration file to be written in the new syntax. The new syntax differs " +"mainly in that it is much more structured; parameters are passed as " +"arguments to statements, such as input, action, template, and module " +"load. The scope of options is limited by blocks. This enhances readability " +"and reduces the number of bugs caused by misconfiguration. There is also a " +"significant performance gain. Some functionality is exposed in both " +"syntaxes, some only in the new one." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:736 +msgid "Compare the configuration written with legacy-style parameters:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:744 +#, no-wrap +msgid "" +"$InputFileName /tmp/inputfile\n" +"$InputFileTag tag1:\n" +"$InputFileStateFile inputfile-state\n" +"$InputRunFileMonitor\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:748 +msgid "and the same configuration with the use of the new format statement:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:753 +#, no-wrap +msgid "" +"input(type=\"imfile\" file=\"/tmp/inputfile\" tag=\"tag1:\" " +"statefile=\"inputfile-state\")\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:757 +msgid "" +"This significantly reduces the number of parameters used in configuration, " +"improves readability, and also provides higher execution speed. For more " +"information on RainerScript statements and parameters see " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online " +"Documentation]." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:759 +#, no-wrap +msgid "Rulesets" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:762 +msgid "" +"indexterm:[rsyslog,rulesets] Leaving special directives aside, " +"[application]*rsyslog* handles messages as defined by *rules* that consist " +"of a filter condition and an action to be performed if the condition is " +"true. With a traditionally written `/etc/rsyslog.conf` file, all rules are " +"evaluated in order of appearance for every input message. This process " +"starts with the first rule and continues until all rules have been processed " +"or until the message is discarded by one of the rules." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:764 +msgid "" +"However, rules can be grouped into sequences called _rulesets_. With " +"rulesets, you can limit the effect of certain rules only to selected inputs " +"or enhance the performance of [application]*rsyslog* by defining a distinct " +"set of actions bound to a specific input. In other words, filter conditions " +"that will be inevitably evaluated as false for certain types of messages can " +"be skipped. The legacy ruleset definition in `/etc/rsyslog.conf` can look as " +"follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:771 +#, no-wrap +msgid "" +"$RuleSet _rulesetname_\n" +"_rule_\n" +"_rule2_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:774 +msgid "" +"The rule ends when another rule is defined, or the default ruleset is called " +"as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:777 +#, no-wrap +msgid "$RuleSet RSYSLOG_DefaultRuleset\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:780 +msgid "" +"With the new configuration format in rsyslog 7, the `input()` and " +"`ruleset()` statements are reserved for this operation. The new format " +"ruleset definition in `/etc/rsyslog.conf` can look as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:790 +#, no-wrap +msgid "" +"ruleset(name=\"pass:attributes[{blank}]_rulesetname_pass:attributes[{blank}]\") " +"{\n" +" _rule_\n" +" _rule2_\n" +" call _rulesetname2_\n" +" …\n" +"}\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:794 +msgid "" +"Replace _rulesetname_ with an identifier for your ruleset. The ruleset name " +"cannot start with `RSYSLOG_` since this namespace is reserved for use by " +"[application]*rsyslog*. `RSYSLOG_DefaultRuleset` then defines the default " +"set of rules to be performed if the message has no other ruleset " +"assigned. With _rule_ and _rule2_ you can define rules in filter-action " +"format mentioned above. With the `call` parameter, you can nest rulesets by " +"calling them from inside other ruleset blocks." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:796 +msgid "After creating a ruleset, you need to specify what input it will apply to:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:800 +#, no-wrap +msgid "" +"input(type=\"pass:quotes[_input_type_]\" port=\"pass:quotes[_port_num_]\" " +"ruleset=\"pass:quotes[_rulesetname_]\");\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:803 +msgid "" +"Here you can identify an input message by _input_type_, which is an input " +"module that gathered the message, or by _port_num_ – the port " +"number. Other parameters such as *file* or *tag* can be specified for " +"`input()`. Replace _rulesetname_ with a name of the ruleset to be evaluated " +"against the message. In case an input message is not explicitly bound to a " +"ruleset, the default ruleset is triggered." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:805 +msgid "" +"You can also use the legacy format to define rulesets, for more information " +"see " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online " +"Documentation]." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:807 +#, no-wrap +msgid "Using rulesets" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:811 +msgid "" +"The following rulesets ensure different handling of remote messages coming " +"from different ports. Add the following into `/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:817 +#, no-wrap +msgid "" +"ruleset(name=\"remote-10514\") {\n" +" action(type=\"omfile\" file=\"/var/log/remote-10514\")\n" +"}\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:822 +#, no-wrap +msgid "" +"ruleset(name=\"remote-10515\") {\n" +" cron.* action(type=\"omfile\" file=\"/var/log/remote-10515-cron\")\n" +" mail.* action(type=\"omfile\" file=\"/var/log/remote-10515-mail\")\n" +"}\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:825 +#, no-wrap +msgid "" +"input(type=\"imtcp\" port=\"10514\" ruleset=\"remote-10514\");\n" +"input(type=\"imtcp\" port=\"10515\" ruleset=\"remote-10515\");\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:829 +msgid "" +"Rulesets shown in the above example define log destinations for the remote " +"input from two ports, in case of 10515, messages are sorted according to the " +"facility. Then, the TCP input is enabled and bound to rulesets. Note that " +"you must load the required modules (imtcp) for this configuration to work." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:833 +#, no-wrap +msgid "Compatibility with syslogd" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:836 +msgid "" +"From [application]*rsyslog* version 6, compatibility mode specified via the " +"[option]`-c` option has been removed. Also, the syslogd-style command-line " +"options are deprecated and configuring [application]*rsyslog* through these " +"command-line options should be avoided. However, you can use several " +"templates and directives to configure `rsyslogd` to emulate syslogd-like " +"behavior." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:838 +msgid "" +"For more information on various `rsyslogd` options, see the " +"`rsyslogd(8)`pass:attributes[{blank}]manual page." +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:840 +#, no-wrap +msgid "Working with Queues in Rsyslog" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:843 +msgid "" +"indexterm:[rsyslog,queues] Queues are used to pass content, mostly syslog " +"messages, between components of [application]*rsyslog*. With queues, rsyslog " +"is capable of processing multiple messages simultaneously and to apply " +"several actions to a single message at once. The data flow inside " +"[application]*rsyslog* can be illustrated as follows:" +msgstr "" + +#. type: Positional ($1) AttributeList argument for macro 'image' +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:845 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:847 +#, no-wrap +msgid "Message Flow in Rsyslog" +msgstr "" + +#. type: Target for macro image +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:847 +#, no-wrap +msgid "rsyslog_message_flow.png" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:850 +msgid "" +"Whenever [application]*rsyslog* receives a message, it passes this message " +"to the preprocessor and then places it into the _main message " +"queue_. Messages wait there to be dequeued and passed to the _rule " +"processor_." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:852 +msgid "" +"The *rule processor* is a parsing and filtering engine. Here, the rules " +"defined in `/etc/rsyslog.conf` are applied. Based on these rules, the rule " +"processor evaluates which actions are to be performed. Each action has its " +"own action queue. Messages are passed through this queue to the respective " +"action processor which creates the final output. Note that at this point, " +"several actions can run simultaneously on one message. For this purpose, a " +"message is duplicated and passed to multiple action processors." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:854 +msgid "" +"Only one queue per action is possible. Depending on configuration, the " +"messages can be sent right to the action processor without action " +"queuing. This is the behavior of *direct queues* (see below). In case the " +"output action fails, the action processor notifies the action queue, which " +"then takes an unprocessed element back and after some time interval, the " +"action is attempted again." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:856 +msgid "" +"To sum up, there are two positions where queues stand in " +"[application]*rsyslog*: either in front of the rule processor as a single " +"*main message queue* or in front of various types of output actions as " +"*action queues*. Queues provide two main advantages that both lead to " +"increased performance of message processing:" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:858 +msgid "" +"they serve as buffers that *decouple* producers and consumers in the " +"structure of [application]*rsyslog*" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:860 +msgid "they allow for *parallelization* of actions performed on messages" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:862 +msgid "" +"Apart from this, queues can be configured with several directives to provide " +"optimal performance for your system. These configuration options are covered " +"in the following sections." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:867 +msgid "" +"If an output plug-in is unable to deliver a message, it is stored in the " +"preceding message queue. If the queue fills, the inputs block until it is no " +"longer full. This will prevent new messages from being logged via the " +"blocked queue. In the absence of separate action queues this can have severe " +"consequences, such as preventing `SSH` logging, which in turn can prevent " +"`SSH` access. Therefore it is advised to use dedicated action queues for " +"outputs which are forwarded over a network or to a database." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:871 +#, no-wrap +msgid "Defining Queues" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:874 +msgid "" +"Based on where the messages are stored, there are several types of queues: " +"*direct*, *in-memory*, *disk*, and *disk-assisted in-memory* queues that are " +"most widely used. You can choose one of these types for the main message " +"queue and also for action queues. Add the following into " +"`/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:878 +#, no-wrap +msgid "$pass:quotes[_object_]QueueType pass:quotes[_queue_type_]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:881 +msgid "" +"Here, you can apply the setting for the main message queue (replace _object_ " +"with [option]`MainMsg`) or for an action queue (replace _object_ with " +"[option]`Action`). Replace _queue_type_ with one of `direct`, `linkedlist` " +"or `fixedarray` (which are in-memory queues), or `disk`." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:883 +msgid "" +"The default setting for a main message queue is the FixedArray queue with a " +"limit of 10,000 messages. Action queues are by default set as Direct queues." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:884 +#, no-wrap +msgid "Direct Queues" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:886 +msgid "" +"For many simple operations, such as when writing output to a local file, " +"building a queue in front of an action is not needed. To avoid queuing, use:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:890 +#, no-wrap +msgid "$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueType Direct\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:893 +msgid "" +"Replace _object_ with [option]`MainMsg` or with [option]`Action` to use this " +"option to the main message queue or for an action queue respectively. With " +"direct queue, messages are passed directly and immediately from the producer " +"to the consumer." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:894 +#, no-wrap +msgid "Disk Queues" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:896 +msgid "" +"Disk queues store messages strictly on a hard drive, which makes them highly " +"reliable but also the slowest of all possible queuing modes. This mode can " +"be used to prevent the loss of highly important log data. However, disk " +"queues are not recommended in most use cases. To set a disk queue, type the " +"following into `/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:900 +#, no-wrap +msgid "$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueType Disk\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:903 +msgid "" +"Replace _object_ with [option]`MainMsg` or with [option]`Action` to use this " +"option to the main message queue or for an action queue respectively. Disk " +"queues are written in parts, with a default size 10 Mb. This default size " +"can be modified with the following configuration directive:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:907 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueMaxFileSize " +"_size_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:910 +msgid "" +"where _size_ represents the specified size of disk queue part. The defined " +"size limit is not restrictive, [application]*rsyslog* always writes one " +"complete queue entry, even if it violates the size limit. Each part of a " +"disk queue matches with an individual file. The naming directive for these " +"files looks as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:914 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueFilename " +"_name_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:917 +msgid "" +"This sets a _name_ prefix for the file followed by a 7-digit number starting " +"at one and incremented for each file." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:918 +#, no-wrap +msgid "In-memory Queues" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:920 +msgid "" +"With in-memory queue, the enqueued messages are held in memory which makes " +"the process very fast. The queued data is lost if the computer is power " +"cycled or shut down. However, you can use the " +"[option]`$ActionQueueSaveOnShutdown` setting to save the data before " +"shutdown. There are two types of in-memory queues:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:922 +#, no-wrap +msgid "" +"*FixedArray* queue — the default mode for the main message queue, with " +"a limit of 10,000 elements. This type of queue uses a fixed, pre-allocated " +"array that holds pointers to queue elements. Due to these pointers, even if " +"the queue is empty a certain amount of memory is consumed. However, " +"FixedArray offers the best run time performance and is optimal when you " +"expect a relatively low number of queued messages and high performance.\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:924 +#, no-wrap +msgid "" +"*LinkedList* queue — here, all structures are dynamically allocated in " +"a linked list, thus the memory is allocated only when needed. LinkedList " +"queues handle occasional message bursts very well.\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:926 +msgid "" +"In general, use LinkedList queues when in doubt. Compared to FixedArray, it " +"consumes less memory and lowers the processing overhead." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:928 +msgid "Use the following syntax to configure in-memory queues:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:932 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueType " +"LinkedList\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:937 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueType " +"FixedArray\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:940 +msgid "" +"Replace _object_ with [option]`MainMsg` or with [option]`Action` to use this " +"option to the main message queue or for an action queue respectively." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:941 +#, no-wrap +msgid "Disk-Assisted In-memory Queues" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:943 +msgid "" +"Both disk and in-memory queues have their advantages and " +"[application]*rsyslog* lets you combine them in *disk-assisted in-memory " +"queues*. To do so, configure a normal in-memory queue and then add the " +"[option]`$objectQueueFileName` directive to define a file name for disk " +"assistance. This queue then becomes *disk-assisted*, which means it couples " +"an in-memory queue with a disk queue to work in tandem." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:945 +msgid "" +"The disk queue is activated if the in-memory queue is full or needs to " +"persist after shutdown. With a disk-assisted queue, you can set both " +"disk-specific and in-memory specific configuration parameters. This type of " +"queue is probably the most commonly used, it is especially useful for " +"potentially long-running and unreliable actions." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:947 +msgid "" +"To specify the functioning of a disk-assisted in-memory queue, use the " +"so-called *watermarks*:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:951 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1047 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueHighWatermark " +"_number_\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:956 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueLowWatermark " +"_number_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:959 +msgid "" +"Replace _object_ with [option]`MainMsg` or with [option]`Action` to use this " +"option to the main message queue or for an action queue " +"respectively. Replace _number_ with a number of enqueued messages. When an " +"in-memory queue reaches the number defined by the high watermark, it starts " +"writing messages to disk and continues until the in-memory queue size drops " +"to the number defined with the low watermark. Correctly set watermarks " +"minimize unnecessary disk writes, but also leave memory space for message " +"bursts since writing to disk files is rather lengthy. Therefore, the high " +"watermark must be lower than the whole queue capacity set with " +"*$objectQueueSize*. The difference between the high watermark and the " +"overall queue size is a spare memory buffer reserved for message bursts. On " +"the other hand, setting the high watermark too low will turn on disk " +"assistance unnecessarily often." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:961 +#, no-wrap +msgid "Reliable Forwarding of Log Messages to a Server" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:965 +msgid "" +"Rsyslog is often used to maintain a centralized logging system, where log " +"messages are forwarded to a server over the network. To avoid message loss " +"when the server is not available, it is advisable to configure an action " +"queue for the forwarding action. This way, messages that failed to be sent " +"are stored locally until the server is reachable again. Note that such " +"queues are not configurable for connections using the `UDP` protocol. To " +"establish a fully reliable connection, for example when your logging server " +"is outside of your private network, consider using the RELP protocol " +"described in xref:Viewing_and_Managing_Log_Files.adoc#s2-using_RELP[Using " +"RELP]." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:967 +#, no-wrap +msgid "Forwarding To a Single Server" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:969 +msgid "" +"Suppose the task is to forward log messages from the system to a server with " +"host name *example.com*, and to configure an action queue to buffer the " +"messages in case of a server outage. To do so, perform the following steps:" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:971 +msgid "Create a working directory to store the queue files. For example:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:975 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1014 +#, no-wrap +msgid "~]#{nbsp}mkdir pass:quotes[`/rsyslog/work/`]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:978 +msgid "" +"Use the following configuration in `/etc/rsyslog.conf` or create a file with " +"the following content in the `/etc/rsyslog.d/` directory:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:981 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1020 +#, no-wrap +msgid "$WorkDirectory /rsyslog/work\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:987 +#, no-wrap +msgid "" +"$ActionQueueType LinkedList\n" +"$ActionQueueFileName example_fwd\n" +"$ActionResumeRetryCount -1\n" +"$ActionQueueSaveOnShutdown on\n" +"*.* @@example.com:18\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:990 +msgid "Where:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:992 +msgid "" +"the `/rsyslog/work/` directory created in the previous step is marked as a " +"working directory," +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:994 +msgid "[option]`$ActionQueueType` enables a LinkedList in-memory queue," +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:996 +msgid "" +"[option]`$ActionFileName` defines a disk storage, in this case the backup " +"files are created in the `/rsyslog/work/` directory with the *example_fwd* " +"prefix," +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:998 +msgid "" +"the [option]`$ActionResumeRetryCount -1` setting prevents rsyslog form " +"dropping messages when retrying to connect if server is not responding," +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1000 +msgid "" +"enabled [option]`$ActionQueueSaveOnShutdown` saves in-memory data if rsyslog " +"shuts down," +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1002 +msgid "" +"the last line forwards all received messages to the logging server, port " +"specification is optional." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1004 +msgid "" +"With the above configuration, rsyslog keeps messages in memory if the remote " +"server is not reachable. A file on disk is created only if rsyslog runs out " +"of the configured memory queue space or needs to shut down, which benefits " +"the system performance." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1006 +#, no-wrap +msgid "Forwarding To Multiple Servers" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1008 +msgid "" +"The process of forwarding log messages to multiple servers is similar to the " +"previous procedure:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1010 +msgid "" +"Create a working directory for rsyslog to store the queue files. For " +"example:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1017 +msgid "" +"Each destination server requires a separate forwarding rule, action queue " +"specification, and backup file on disk. For example, use the following " +"configuration in `/etc/rsyslog.conf` or create a file with the following " +"content in the `/etc/rsyslog.d/` directory:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1026 +#, no-wrap +msgid "" +"$ActionQueueType LinkedList\n" +"$ActionQueueFileName example_fwd1\n" +"$ActionResumeRetryCount -1\n" +"$ActionQueueSaveOnShutdown on\n" +"*.* @@example1.com\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1032 +#, no-wrap +msgid "" +"$ActionQueueType LinkedList\n" +"$ActionQueueFileName example_fwd2\n" +"$ActionResumeRetryCount -1\n" +"$ActionQueueSaveOnShutdown on\n" +"*.* @@example2.com\n" +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1037 +#, no-wrap +msgid "Managing Queues" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1040 +msgid "" +"All types of queues can be further configured to match your " +"requirements. You can use several directives to modify both action queues " +"and the main message queue. Currently, there are more than 20 queue " +"parameters available, see " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online " +"Documentation]. Some of these settings are used commonly, others, such as " +"worker thread management, provide closer control over the queue behavior and " +"are reserved for advanced users. With advanced settings, you can optimize " +"[application]*rsyslog*pass:attributes[{blank}]'s performance, schedule " +"queuing, or modify the behavior of a queue on system shutdown." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1041 +#, no-wrap +msgid "Limiting Queue Size" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1043 +msgid "" +"You can limit the number of messages that queue can contain with the " +"following setting:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1050 +msgid "" +"Replace _object_ with [option]`MainMsg` or with [option]`Action` to use this " +"option to the main message queue or for an action queue " +"respectively. Replace _number_ with a number of enqueued messages. You can " +"set the queue size only as the number of messages, not as their actual " +"memory size. The default queue size is 10,000 messages for the main message " +"queue and ruleset queues, and 1000 for action queues." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1052 +msgid "" +"Disk assisted queues are unlimited by default and can not be restricted with " +"this directive, but you can reserve them physical disk space in bytes with " +"the following settings:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1056 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueMaxDiscSpace " +"_number_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1059 +msgid "" +"Replace _object_ with [option]`MainMsg` or with [option]`Action`. When the " +"size limit specified by _number_ is hit, messages are discarded until " +"sufficient amount of space is freed by dequeued messages." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1060 +#, no-wrap +msgid "Discarding Messages" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1062 +msgid "" +"When a queue reaches a certain number of messages, you can discard less " +"important messages in order to save space in the queue for entries of higher " +"priority. The threshold that launches the discarding process can be set with " +"the so-called *discard mark*:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1066 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueDiscardMark " +"_number_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1069 +msgid "" +"Replace _object_ with [option]`MainMsg` or with [option]`Action` to use this " +"option to the main message queue or for an action queue respectively. Here, " +"_number_ stands for a number of messages that have to be in the queue to " +"start the discarding process. To define which messages to discard, use:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1073 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueDiscardSeverity " +"_priority_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1076 +msgid "" +"Replace _priority_ with one of the following keywords (or with a number): " +"[command]#debug# (7), [command]#info# (6), [command]#notice# (5), " +"[command]#warning# (4), [command]#err# (3), [command]#crit# (2), " +"[command]#alert# (1), and [command]#emerg# (0). With this setting, both " +"newly incoming and already queued messages with lower than defined priority " +"are erased from the queue immediately after the discard mark is reached." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1077 +#, no-wrap +msgid "Using Timeframes" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1079 +msgid "" +"You can configure [application]*rsyslog* to process queues during a specific " +"time period. With this option you can, for example, transfer some processing " +"into off-peak hours. To define a time frame, use the following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1083 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueDequeueTimeBegin " +"_hour_\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1088 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueDequeueTimeEnd " +"_hour_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1091 +msgid "" +"With _hour_ you can specify hours that bound your time frame. Use the " +"24-hour format without minutes." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1092 +#, no-wrap +msgid "Configuring Worker Threads" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1094 +msgid "" +"A _worker thread_ performs a specified action on the enqueued message. For " +"example, in the main message queue, a worker task is to apply filter logic " +"to each incoming message and enqueue them to the relevant action " +"queues. When a message arrives, a worker thread is started " +"automatically. When the number of messages reaches a certain number, another " +"worker thread is turned on. To specify this number, use:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1098 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueWorkerThreadMinimumMessages " +"_number_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1101 +msgid "" +"Replace _number_ with a number of messages that will trigger a supplemental " +"worker thread. For example, with _number_ set to 100, a new worker thread is " +"started when more than 100 messages arrive. When more than 200 messages " +"arrive, the third worker thread starts and so on. However, too many working " +"threads running in parallel becomes ineffective, so you can limit the " +"maximum number of them by using:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1105 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueWorkerThreads " +"_number_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1108 +msgid "" +"where _number_ stands for a maximum number of working threads that can run " +"in parallel. For the main message queue, the default limit is 1 thread. Once " +"a working thread has been started, it keeps running until an inactivity " +"timeout appears. To set the length of timeout, type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1112 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueWorkerTimeoutThreadShutdown " +"_time_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1115 +msgid "" +"Replace _time_ with the duration set in milliseconds. Without this setting, " +"a zero timeout is applied and a worker thread is terminated immediately when " +"it runs out of messages. If you specify _time_ as `-1`, no thread will be " +"closed." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1116 +#, no-wrap +msgid "Batch Dequeuing" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1118 +msgid "" +"To increase performance, you can configure [application]*rsyslog* to dequeue " +"multiple messages at once. To set the upper limit for such dequeueing, use:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1122 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueDequeueBatchSize " +"_number_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1125 +msgid "" +"Replace _number_ with the maximum number of messages that can be dequeued at " +"once. Note that a higher setting combined with a higher number of permitted " +"working threads results in greater memory consumption." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1126 +#, no-wrap +msgid "Terminating Queues" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1128 +msgid "" +"When terminating a queue that still contains messages, you can try to " +"minimize the data loss by specifying a time interval for worker threads to " +"finish the queue processing:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1132 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueTimeoutShutdown " +"_time_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1135 +msgid "" +"Specify _time_ in milliseconds. If after that period there are still some " +"enqueued messages, workers finish the current data element and then " +"terminate. Unprocessed messages are therefore lost. Another time interval " +"can be set for workers to finish the final element:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1139 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueTimeoutActionCompletion " +"_time_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1142 +msgid "" +"In case this timeout expires, any remaining workers are shut down. To save " +"data at shutdown, use:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1146 +#, no-wrap +msgid "" +"$pass:attributes[{blank}]_object_pass:attributes[{blank}]QueueTimeoutSaveOnShutdown " +"_time_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1149 +msgid "" +"If set, all queue elements are saved to disk before [application]*rsyslog* " +"terminates." +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1151 +#, no-wrap +msgid "Configuring rsyslog on a Logging Server" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1154 +msgid "" +"The `rsyslog` service provides facilities both for running a logging server " +"and for configuring individual systems to send their log files to the " +"logging server. See " +"xref:Viewing_and_Managing_Log_Files.adoc#ex-net_forwarding_with_queue[Reliable " +"Forwarding of Log Messages to a Server] for information on client rsyslog " +"configuration." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1156 +msgid "" +"The `rsyslog` service must be installed on the system that you intend to use " +"as a logging server and all systems that will be configured to send logs to " +"it. Rsyslog is installed by default in {MAJOROSVER}. If required, to ensure " +"that it is, enter the following command as `root`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1160 +#, no-wrap +msgid "~]#{nbsp}dnf install rsyslog\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1163 +msgid "" +"The steps in this procedure must be followed on the system that you intend " +"to use as your logging server. All steps in this procedure must be made as " +"the `root` user:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1165 +msgid "Configure the firewall to allow `rsyslog` `TCP` traffic." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1167 +msgid "" +"The default port for `rsyslog` `TCP` traffic is `514`. To allow `TCP` " +"traffic on this port, enter a command as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1172 +#, no-wrap +msgid "" +"~]#{nbsp}firewall-cmd --zone=zone --add-port=514/tcp\n" +"success\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1175 +msgid "Where _zone_ is the zone of the interface to use." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1177 +msgid "Open the `/etc/rsyslog.conf` file in a text editor and proceed as follows:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1179 +msgid "" +"Add these lines below the modules section but above the `Provides UDP syslog " +"reception` section:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1182 +#, no-wrap +msgid "# Define templates before the rules that use them\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1186 +#, no-wrap +msgid "" +"### Per-Host Templates for Remote Systems ###\n" +"$template TmplAuthpriv, " +"\"/var/log/remote/auth/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log\"\n" +"$template TmplMsg, " +"\"/var/log/remote/msg/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log\"\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1189 +msgid "" +"Replace the default `Provides TCP syslog reception` section with the " +"following:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1200 +#, no-wrap +msgid "" +"# Provides TCP syslog reception\n" +"$ModLoad imtcp\n" +"# Adding this ruleset to process remote messages\n" +"$RuleSet remote1\n" +"authpriv.* ?TmplAuthpriv\n" +"*.info;mail.none;authpriv.none;cron.none ?TmplMsg\n" +"$RuleSet RSYSLOG_DefaultRuleset #End the rule set by switching back to the " +"default rule set\n" +"$InputTCPServerBindRuleset remote1 #Define a new input and bind it to the " +"\"remote1\" rule set\n" +"$InputTCPServerRun 514\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1203 +msgid "Save the changes to the `/etc/rsyslog.conf` file." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1205 +msgid "" +"The `rsyslog` service must be running on both the logging server and the " +"systems attempting to log to it." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1207 +msgid "Use the [command]#systemctl# command to start the `rsyslog` service." +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1211 +#, no-wrap +msgid "~]#{nbsp}pass:quotes[`systemctl start rsyslog`]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1214 +msgid "" +"To ensure the `rsyslog` service starts automatically in future, enter the " +"following command as root:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1218 +#, no-wrap +msgid "~]#{nbsp}pass:quotes[`systemctl enable rsyslog`]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1221 +msgid "" +"Your log server is now configured to receive and store log files from the " +"other systems in your environment." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1223 +#, no-wrap +msgid "Using The New Template Syntax on a Logging Server" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1226 +msgid "" +"Rsyslog 7 has a number of different templates styles. The string template " +"most closely resembles the legacy format. Reproducing the templates from the " +"example above using the string format would look as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1232 +#, no-wrap +msgid "" +"template(name=\"TmplAuthpriv\" type=\"string\"\n" +" " +"string=\"/var/log/remote/auth/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log\"\n" +" )\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1236 +#, no-wrap +msgid "" +"template(name=\"TmplMsg\" type=\"string\"\n" +" " +"string=\"/var/log/remote/msg/%HOSTNAME%/%PROGRAMNAME:::secpath-replace%.log\"\n" +" )\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1240 +msgid "These templates can also be written in the list format as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1251 +#, no-wrap +msgid "" +"template(name=\"TmplAuthpriv\" type=\"list\") {\n" +" constant(value=\"/var/log/remote/auth/\")\n" +" property(name=\"hostname\")\n" +" constant(value=\"/\")\n" +" property(name=\"programname\" SecurePath=\"replace\")\n" +" constant(value=\".log\")\n" +" }\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1262 +#, no-wrap +msgid "" +"template(name=\"TmplMsg\" type=\"list\") {\n" +" constant(value=\"/var/log/remote/msg/\")\n" +" property(name=\"hostname\")\n" +" constant(value=\"/\")\n" +" property(name=\"programname\" SecurePath=\"replace\")\n" +" constant(value=\".log\")\n" +" }\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1265 +msgid "" +"This template text format might be easier to read for those new to rsyslog " +"and therefore can be easier to adapt as requirements change." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1267 +msgid "" +"To complete the change to the new syntax, we need to reproduce the module " +"load command, add a rule set, and then bind the rule set to the protocol, " +"port, and ruleset:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1271 +#, no-wrap +msgid "module(load=\"imtcp\")\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1276 +#, no-wrap +msgid "" +"ruleset(name=\"remote1\"){\n" +" authpriv.* action(type=\"omfile\" DynaFile=\"TmplAuthpriv\")\n" +" *.info;mail.none;authpriv.none;cron.none action(type=\"omfile\" " +"DynaFile=\"TmplMsg\")\n" +"}\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1278 +#, no-wrap +msgid "input(type=\"imtcp\" port=\"514\" ruleset=\"remote1\")\n" +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1281 +#, no-wrap +msgid "Using Rsyslog Modules" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1284 +msgid "" +"indexterm:[rsyslog,modules] Due to its modular design, " +"[application]*rsyslog* offers a variety of _modules_ which provide " +"additional functionality. Note that modules can be written by third " +"parties. Most modules provide additional inputs (see *Input Modules* below) " +"or outputs (see *Output Modules* below). Other modules provide special " +"functionality specific to each module. The modules may provide additional " +"configuration directives that become available after a module is loaded. To " +"load a module, use the following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1289 +#, no-wrap +msgid "$ModLoad _MODULE_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1293 +msgid "" +"where [option]`$ModLoad` is the global directive that loads the specified " +"module and _MODULE_ represents your desired module. For example, if you want " +"to load the Text File Input Module ([command]#imfile#) that enables " +"[application]*rsyslog* to convert any standard text files into syslog " +"messages, specify the following line in the `/etc/rsyslog.conf` " +"configuration file:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1298 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1379 +#, no-wrap +msgid "$ModLoad imfile\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1302 +msgid "" +"[application]*rsyslog* offers a number of modules which are split into the " +"following main categories:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1304 +msgid "" +"Input Modules — Input modules gather messages from various sources. The name " +"of an input module always starts with the `im` prefix, such as " +"[command]#imfile# and [command]#imjournal#." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1306 +msgid "" +"Output Modules — Output modules provide a facility to issue message to " +"various targets such as sending across a network, storing in a database, or " +"encrypting. The name of an output module always starts with the `om` prefix, " +"such as [command]#omsnmp#, [command]#omrelp#, and so on." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1308 +msgid "" +"Parser Modules — These modules are useful in creating custom parsing rules " +"or to parse malformed messages. With moderate knowledge of the C programming " +"language, you can create your own message parser. The name of a parser " +"module always starts with the `pm` prefix, such as [command]#pmrfc5424#, " +"[command]#pmrfc3164#, and so on." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1310 +msgid "" +"Message Modification Modules — Message modification modules change content " +"of syslog messages. Names of these modules start with the `mm` " +"prefix. Message Modification Modules such as [command]#mmanon#, " +"[command]#mmnormalize#, or [command]#mmjsonparse# are used for anonymization " +"or normalization of messages." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1312 +msgid "" +"String Generator Modules — String generator modules generate strings based " +"on the message content and strongly cooperate with the template feature " +"provided by [application]*rsyslog*. For more information on templates, see " +"xref:Viewing_and_Managing_Log_Files.adoc#s2-Templates[Templates]. The name " +"of a string generator module always starts with the `sm` prefix, such as " +"[command]#smfile# or [command]#smtradfile#." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1314 +msgid "" +"Library Modules — Library modules provide functionality for other loadable " +"modules. These modules are loaded automatically by [application]*rsyslog* " +"when needed and cannot be configured by the user." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1316 +msgid "" +"A comprehensive list of all available modules and their detailed description " +"can be found at " +"link:++https://www.rsyslog.com/doc/rsyslog_conf_modules.html/++[https://www.rsyslog.com/doc/rsyslog_conf_modules.html]." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1321 +msgid "" +"Note that when [application]*rsyslog* loads any modules, it provides them " +"with access to some of its functions and data. This poses a possible " +"security threat. To minimize security risks, use trustworthy modules only." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1325 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1371 +#, no-wrap +msgid "Importing Text Files" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1328 +msgid "" +"The Text File Input Module, abbreviated as [command]#imfile#, enables " +"[application]*rsyslog* to convert any text file into a stream of syslog " +"messages. You can use [command]#imfile# to import log messages from " +"applications that create their own text file logs. To load " +"[command]#imfile#, add the following into `/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1334 +#, no-wrap +msgid "" +"$ModLoad imfile\n" +"$InputFilePollInterval _int_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1338 +msgid "" +"It is sufficient to load [command]#imfile# once, even when importing " +"multiple files. The *$InputFilePollInterval* global directive specifies how " +"often [application]*rsyslog* checks for changes in connected text files. The " +"default interval is 10 seconds, to change it, replace _int_ with a time " +"interval specified in seconds." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1340 +msgid "" +"To identify the text files to import, use the following syntax in " +"`/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1351 +#, no-wrap +msgid "" +"# File 1\n" +"$InputFileName pass:quotes[_path_to_file_]\n" +"$InputFileTag pass:quotes[_tag:_]\n" +"$InputFileStateFile pass:quotes[_state_file_name_]\n" +"$InputFileSeverity pass:quotes[_severity_]\n" +"$InputFileFacility pass:quotes[_facility_]\n" +"$InputRunFileMonitor\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1355 +#, no-wrap +msgid "" +"# File 2\n" +"$InputFileName pass:quotes[_path_to_file2_]\n" +"...\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1359 +msgid "Four settings are required to specify an input text file:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1361 +msgid "replace _path_to_file_ with a path to the text file." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1363 +msgid "replace _tag:_ with a tag name for this message." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1365 +msgid "" +"replace _state_file_name_ with a unique name for the *state file*. *State " +"files*, which are stored in the rsyslog working directory, keep cursors for " +"the monitored files, marking what partition has already been processed. If " +"you delete them, whole files will be read in again. Make sure that you " +"specify a name that does not already exist." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1367 +msgid "" +"add the *$InputRunFileMonitor* directive that enables the file " +"monitoring. Without this setting, the text file will be ignored." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1369 +msgid "" +"Apart from the required directives, there are several other settings that " +"can be applied on the text input. Set the severity of imported messages by " +"replacing _severity_ with an appropriate keyword. Replace _facility_ with a " +"keyword to define the subsystem that produced the message. The keywords for " +"severity and facility are the same as those used in facility/priority-based " +"filters, see xref:Viewing_and_Managing_Log_Files.adoc#s2-Filters[Filters]." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1375 +msgid "" +"The Apache HTTP server creates log files in text format. To apply the " +"processing capabilities of [application]*rsyslog* to apache error messages, " +"first use the [command]#imfile# module to import the messages. Add the " +"following into `/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1384 +#, no-wrap +msgid "" +"$InputFileName /var/log/httpd/error_log\n" +"$InputFileTag apache-error:\n" +"$InputFileStateFile state-apache-error\n" +"$InputRunFileMonitor\n" +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1390 +#, no-wrap +msgid "Exporting Messages to a Database" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1393 +msgid "" +"Processing of log data can be faster and more convenient when performed in a " +"database rather than with text files. Based on the type of DBMS used, choose " +"from various output modules such as [command]#ommysql#, [command]#ompgsql#, " +"[command]#omoracle#, or [command]#ommongodb#. As an alternative, use the " +"generic [command]#omlibdbi# output module that relies on the `libdbi` " +"library. The [command]#omlibdbi# module supports database systems " +"Firebird/Interbase, MS SQL, Sybase, SQLite, Ingres, Oracle, mSQL, MySQL, and " +"PostgreSQL." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1395 +#, no-wrap +msgid "Exporting Rsyslog Messages to a Database" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1399 +msgid "" +"To store the rsyslog messages in a MySQL database, add the following into " +"`/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1403 +#, no-wrap +msgid "$ModLoad ommysql\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1406 +#, no-wrap +msgid "" +"$ActionOmmysqlServerPort 1234\n" +"*.* " +":ommysql:database-server,database-name,database-userid,database-password\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1410 +msgid "" +"First, the output module is loaded, then the communication port is " +"specified. Additional information, such as name of the server and the " +"database, and authentication data, is specified on the last line of the " +"above example." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1414 +#, no-wrap +msgid "Enabling Encrypted Transport" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1417 +msgid "" +"Confidentiality and integrity in network transmissions can be provided by " +"either the *TLS* or *GSSAPI* encryption protocol." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1419 +#, no-wrap +msgid "" +"*Transport Layer Security* (TLS) is a cryptographic protocol designed to " +"provide communication security over the network. When using TLS, rsyslog " +"messages are encrypted before sending, and mutual authentication exists " +"between the sender and receiver.\n" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1421 +#, no-wrap +msgid "" +"*Generic Security Service API* (GSSAPI) is an application programming " +"interface for programs to access security services. To use it in connection " +"with [application]*rsyslog* you must have a functioning " +"[application]*Kerberos* environment.\n" +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1423 +#, no-wrap +msgid "Using RELP" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1426 +#, no-wrap +msgid "" +"*Reliable Event Logging Protocol* (RELP) is a networking protocol for data " +"logging in computer networks. It is designed to provide reliable delivery of " +"event messages, which makes it useful in environments where message loss is " +"not acceptable.\n" +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1428 +#, no-wrap +msgid "Interaction of Rsyslog and Journal" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1431 +msgid "" +"As mentioned above, [application]*Rsyslog* and [application]*Journal*, the " +"two logging applications present on your system, have several distinctive " +"features that make them suitable for specific use cases. In many situations " +"it is useful to combine their capabilities, for example to create structured " +"messages and store them in a file database (see " +"xref:Viewing_and_Managing_Log_Files.adoc#s1-structured_logging_with_rsyslog[Structured " +"Logging with Rsyslog]). A communication interface needed for this " +"cooperation is provided by input and output modules on the side of " +"[application]*Rsyslog* and by the " +"[application]*Journal*pass:attributes[{blank}]'s communication socket." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1433 +msgid "" +"By default, `rsyslogd` uses the `imjournal` module as a default input mode " +"for journal files. With this module, you import not only the messages but " +"also the structured data provided by `journald`. Also, older data can be " +"imported from `journald` (unless forbidden with the " +"[option]`$ImjournalIgnorePreviousMessages` directive). See " +"xref:Viewing_and_Managing_Log_Files.adoc#s2-importing_data_from_journal[Importing " +"Data from Journal] for basic configuration of `imjournal`." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1435 +msgid "" +"As an alternative, configure `rsyslogd` to read from the socket provided by " +"`journal` as an output for syslog-based applications. The path to the socket " +"is `/run/systemd/journal/syslog`. Use this option when you want to maintain " +"plain rsyslog messages. Compared to `imjournal` the socket input currently " +"offers more features, such as ruleset binding or filtering. To import " +"[application]*Journal* data trough the socket, use the following " +"configuration in `/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1441 +#, no-wrap +msgid "" +"$ModLoad imuxsock\n" +"$OmitLocalLogging off\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1445 +msgid "" +"The above syntax loads the `imuxsock` module and turns off the " +"[option]`$OmitLocalLogging` directive, which enables the import trough the " +"system socket. The path to this socket is specified separately in " +"`/etc/rsyslog.d/listen.conf` as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1450 +#, no-wrap +msgid "$SystemLogSocketName /run/systemd/journal/syslog\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1454 +msgid "" +"You can also output messages from [application]*Rsyslog* to " +"[application]*Journal* with the `omjournal` module. Configure the output in " +"`/etc/rsyslog.conf` as follows:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1458 +#, no-wrap +msgid "$ModLoad omjournal\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1460 +#, no-wrap +msgid "*.* :omjournal:\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1464 +msgid "" +"For instance, the following configuration forwards all received messages on " +"tcp port 10514 to the Journal:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1469 +#, no-wrap +msgid "" +"$ModLoad imtcp\n" +"$ModLoad omjournal\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1472 +#, no-wrap +msgid "" +"$RuleSet remote\n" +"*.* :omjournal:\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1475 +#, no-wrap +msgid "" +"$InputTCPServerBindRuleset remote\n" +"$InputTCPServerRun 10514\n" +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1479 +#, no-wrap +msgid "Structured Logging with Rsyslog" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1482 +msgid "" +"On systems that produce large amounts of log data, it can be convenient to " +"maintain log messages in a *structured format*. With structured messages, it " +"is easier to search for particular information, to produce statistics and to " +"cope with changes and inconsistencies in message " +"structure. [application]*Rsyslog* uses the *JSON* (JavaScript Object " +"Notation) format to provide structure for log messages." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1484 +msgid "Compare the following unstructured log message:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1488 +#, no-wrap +msgid "" +"Oct 25 10:20:37 localhost anacron[1395]: Jobs will be executed " +"sequentially\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1491 +msgid "with a structured one:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1495 +#, no-wrap +msgid "" +"{\"timestamp\":\"2013-10-25T10:20:37\", \"host\":\"localhost\", " +"\"program\":\"anacron\", \"pid\":\"1395\", \"msg\":\"Jobs will be executed " +"sequentially\"}\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1498 +msgid "" +"Searching structured data with use of key-value pairs is faster and more " +"precise than searching text files with regular expressions. The structure " +"also lets you to search for the same entry in messages produced by various " +"applications. Also, JSON files can be stored in a document database such as " +"MongoDB, which provides additional performance and analysis capabilities. On " +"the other hand, a structured message requires more disk space than the " +"unstructured one." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1500 +msgid "" +"In [application]*rsyslog*, log messages with meta data are pulled from " +"[application]*Journal* with use of the `imjournal` module. With the " +"`mmjsonparse` module, you can parse data imported from " +"[application]*Journal* and from other sources and process them further, for " +"example as a database output. For parsing to be successful, `mmjsonparse` " +"requires input messages to be structured in a way that is defined by the " +"*Lumberjack* project." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1502 +msgid "" +"The *Lumberjack* project aims to add structured logging to " +"[application]*rsyslog* in a backward-compatible way. To identify a " +"structured message, *Lumberjack* specifies the *@cee:* string that prepends " +"the actual JSON structure. Also, *Lumberjack* defines the list of standard " +"field names that should be used for entities in the JSON string. For more " +"information on *Lumberjack*, see " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online " +"Documentation]." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1504 +msgid "The following is an example of a lumberjack-formatted message:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1509 +#, no-wrap +msgid "" +" @cee: {\"pid\":17055, \"uid\":1000, \"gid\":1000, " +"\"appname\":\"logger\", \"msg\":\"Message text.\"}\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1513 +msgid "" +"To build this structure inside [application]*Rsyslog*, a template is used, " +"see " +"xref:Viewing_and_Managing_Log_Files.adoc#s2-filtering_structured_messages[Filtering " +"Structured Messages]. Applications and servers can employ the `libumberlog` " +"library to generate messages in the lumberjack-compliant form. For more " +"information on `libumberlog`, see " +"xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Online " +"Documentation]." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1515 +#, no-wrap +msgid "Importing Data from Journal" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1518 +msgid "" +"The [command]#imjournal# module is " +"[application]*Rsyslog*pass:attributes[{blank}]'s input module to natively " +"read the journal files (see " +"xref:Viewing_and_Managing_Log_Files.adoc#s1-interaction_of_rsyslog_and_journal[Interaction " +"of Rsyslog and Journal]). Journal messages are then logged in text format as " +"other rsyslog messages. However, with further processing, it is possible to " +"translate meta data provided by [application]*Journal* into a structured " +"message." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1520 +msgid "" +"To import data from [application]*Journal* to [application]*Rsyslog*, use " +"the following configuration in `/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1525 +#, no-wrap +msgid "$ModLoad imjournal\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1531 +#, no-wrap +msgid "" +"$imjournalPersistStateInterval pass:quotes[_number_of_messages_]\n" +"$imjournalStateFile pass:quotes[_path_]\n" +"$imjournalRatelimitInterval pass:quotes[_seconds_]\n" +"$imjournalRatelimitBurst pass:quotes[_burst_number_]\n" +"$ImjournalIgnorePreviousMessages pass:quotes[_off/on_]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1535 +msgid "" +"With _number_of_messages_, you can specify how often the journal data must " +"be saved. This will happen each time the specified number of messages is " +"reached." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1537 +msgid "" +"Replace _path_ with a path to the state file. This file tracks the journal " +"entry that was the last one processed." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1539 +msgid "" +"With _seconds_, you set the length of the rate limit interval. The number of " +"messages processed during this interval can not exceed the value specified " +"in _burst_number_. The default setting is 20,000 messages per 600 " +"seconds. Rsyslog discards messages that come after the maximum burst within " +"the time frame specified." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1541 +msgid "" +"With [option]`$ImjournalIgnorePreviousMessages` you can ignore messages that " +"are currently in Journal and import only new messages, which is used when " +"there is no state file specified. The default setting is `off`. Please note " +"that if this setting is off and there is no state file, all messages in the " +"Journal are processed, even if they were already processed in a previous " +"rsyslog session." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1546 +msgid "" +"You can use `imjournal` simultaneously with `imuxsock` module that is the " +"traditional system log input. However, to avoid message duplication, you " +"must prevent `imuxsock` from reading the Journal's system socket. To do so, " +"use the [option]`$OmitLocalLogging` directive:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1552 +#, no-wrap +msgid "" +"$ModLoad imuxsock\n" +"$ModLoad imjournal\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1555 +#, no-wrap +msgid "" +"$OmitLocalLogging on\n" +"$AddUnixListenSocket /run/systemd/journal/syslog\n" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1561 +msgid "" +"You can translate all data and meta data stored by [application]*Journal* " +"into structured messages. Some of these meta data entries are listed in " +"xref:Viewing_and_Managing_Log_Files.adoc#ex-verbose_journalctl_output[Verbose " +"journalctl Output], for a complete list of journal fields see the " +"`systemd.journal-fields(7)` manual page. For example, it is possible to " +"focus on *kernel journal fields*, that are used by messages originating in " +"the kernel." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1563 +#, no-wrap +msgid "Filtering Structured Messages" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1566 +msgid "" +"To create a lumberjack-formatted message that is required by " +"[application]*rsyslog*pass:attributes[{blank}]'s parsing module, use the " +"following template:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1571 +#, no-wrap +msgid "" +"template(name=\"CEETemplate\" type=\"string\" string=\"%TIMESTAMP% " +"%HOSTNAME% %syslogtag% @cee: %$!all-json%\\n\")\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1575 +msgid "" +"This template prepends the `@cee:` string to the JSON string and can be " +"applied, for example, when creating an output file with `omfile` module. To " +"access JSON field names, use the *$!* prefix. For example, the following " +"filter condition searches for messages with specific *hostname* and *UID*:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1580 +#, no-wrap +msgid "" +"($!hostname == " +"\"pass:attributes[{blank}]_hostname_pass:attributes[{blank}]\" && $!UID== " +"\"pass:attributes[{blank}]_UID_pass:attributes[{blank}]\")\n" +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1584 +#, no-wrap +msgid "Parsing JSON" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1587 +msgid "The `mmjsonparse` module is used for parsing structured messages." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1589 +msgid "" +"These messages can come from [application]*Journal* or from other input " +"sources, and must be formatted in a way defined by the *Lumberjack* " +"project. These messages are identified by the presence of the *@cee:* " +"string. Then, `mmjsonparse` checks if the JSON structure is valid and then " +"the message is parsed." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1591 +msgid "" +"To parse lumberjack-formatted JSON messages with `mmjsonparse`, use the " +"following configuration in the `/etc/rsyslog.conf`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1595 +#, no-wrap +msgid "$ModLoad mmjsonparse\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1597 +#, no-wrap +msgid "*.* :mmjsonparse:\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1601 +msgid "" +"In this example, the `mmjsonparse` module is loaded on the first line, then " +"all messages are forwarded to it. Currently, there are no configuration " +"parameters available for `mmjsonparse`." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1603 +#, no-wrap +msgid "Storing Messages in the MongoDB" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1606 +msgid "" +"[application]*Rsyslog* supports storing JSON logs in the MongoDB document " +"database through the *ommongodb* output module." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1608 +msgid "" +"To forward log messages into MongoDB, use the following syntax in the " +"`/etc/rsyslog.conf` (configuration parameters for *ommongodb* are available " +"only in the new configuration format; see " +"xref:Viewing_and_Managing_Log_Files.adoc#sec-using_the_new_configuration_format[Using " +"the New Configuration Format]):" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1613 +#, no-wrap +msgid "$ModLoad ommongodb\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1615 +#, no-wrap +msgid "" +"*.* action(type=\"ommongodb\" server=\"pass:quotes[_DB_server_]\" " +"serverport=\"pass:quotes[_port_]\" db=\"pass:quotes[_DB_name_]\" " +"collection=\"pass:quotes[_collection_name_]\" uid=\"pass:quotes[_UID_]\" " +"pwd=\"pass:quotes[_password_]\")\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1619 +msgid "" +"Replace _DB_server_ with the name or address of the MongoDB server. Specify " +"_port_ to select a non-standard port from the MongoDB server. The default " +"_port_ value is `0` and usually there is no need to change this parameter." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1621 +msgid "" +"With _DB_name_, you identify to which database on the MongoDB server you " +"want to direct the output. Replace _collection_name_ with the name of a " +"collection in this database. In MongoDB, collection is a group of documents, " +"the equivalent of an RDBMS table." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1623 +msgid "You can set your login details by replacing _UID_ and _password_." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1625 +msgid "" +"You can shape the form of the final database output with use of " +"templates. By default, [application]*rsyslog* uses a template based on " +"standard [application]*lumberjack* field names." +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1627 +#, no-wrap +msgid "Debugging Rsyslog" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1630 +msgid "" +"indexterm:[rsyslog,debugging] To run `rsyslogd` in debugging mode, use the " +"following command:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1634 +#, no-wrap +msgid "`rsyslogd` [option]`-dn`\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1637 +msgid "" +"With this command, `rsyslogd` produces debugging information and prints it " +"to the standard output. The [option]`-n` stands for \"no fork\". You can " +"modify debugging with environmental variables, for example, you can store " +"the debug output in a log file. Before starting `rsyslogd`, type the " +"following on the command line:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1643 +#, no-wrap +msgid "" +"export RSYSLOG_DEBUGLOG=\"pass:quotes[_path_]\"\n" +"export RSYSLOG_DEBUG=\"Debug\"\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1647 +msgid "" +"Replace _path_ with a desired location for the file where the debugging " +"information will be logged. For a complete list of options available for the " +"RSYSLOG_DEBUG variable, see the related section in the `rsyslogd(8)` manual " +"page." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1649 +msgid "To check if syntax used in the `/etc/rsyslog.conf` file is valid use:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1653 +#, no-wrap +msgid "`rsyslogd` [option]`-N` `1`\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1656 +msgid "" +"Where `1` represents level of verbosity of the output message. This is a " +"forward compatibility option because currently, only one level is " +"provided. However, you must add this argument to run the validation." +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1658 +#, no-wrap +msgid "Troubleshooting Logging to a Server" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1661 +msgid "" +"Ensure the time is correctly set on the systems generating the log messages " +"as well as on any logging servers. See " +"xref:basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring " +"the Date and Time] for information on checking and setting the time. See " +"xref:servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring " +"NTP Using ntpd] and " +"xref:servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring " +"NTP Using the chrony Suite] for information on using `NTP` to keep the " +"system clock accurately set." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1663 +msgid "" +"On a logging server, check that the firewall has the appropriate ports open " +"to allow ingress of either `UDP` or `TCP`, depending on what traffic and " +"port the sending systems are configured to use. For example:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1667 +#, no-wrap +msgid "~]#{nbsp}firewall-cmd --zone=public --list-ports\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1670 +msgid "" +"For more information on opening and closing ports in `firewalld`, see the " +"link:++https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/++[Red{nbsp}Hat " +"Enterprise{nbsp}Linux{nbsp}7 Security Guide]. Review the configuration of " +"the logging server to ensure it is listening on the same port the sending " +"systems are configured to send on, and all are set to use the same protocol." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1672 +msgid "" +"Use the [command]#logger# command to generate test log messages. For " +"example:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1677 +#, no-wrap +msgid "" +"~]$ [command]#logger -p authpriv.info \"Test Secret\"#\n" +"~]$ [command]#logger -p auth.info \"Test Info\"#\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1680 +msgid "" +"See the `logger(1)` manual page for more information on the " +"[command]#logger# command." +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1682 +#, no-wrap +msgid "Using the Journal" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1685 +msgid "" +"The Journal is a component of [application]*systemd* that is responsible for " +"viewing and management of log files. It can be used in parallel, or in place " +"of a traditional syslog daemon, such as `rsyslogd`. The Journal was " +"developed to address problems connected with traditional logging. It is " +"closely integrated with the rest of the system, supports various logging " +"technologies and access management for the log files." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1687 +msgid "" +"Logging data is collected, stored, and processed by the Journal's `journald` " +"service. It creates and maintains binary files called *journals* based on " +"logging information that is received from the kernel, from user processes, " +"from standard output, and standard error output of system services or via " +"its native API. These journals are structured and indexed, which provides " +"relatively fast seek times. Journal entries can carry a unique " +"identifier. The `journald` service collects numerous meta data fields for " +"each log message. The actual journal files are secured, and therefore cannot " +"be manually edited." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1689 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2000 +#, no-wrap +msgid "Viewing Log Files" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1692 +msgid "" +"To access the journal logs, use the [application]*journalctl* tool. For a " +"basic view of the logs type as `root`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1696 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1899 +#, no-wrap +msgid "[command]#journalctl#\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1699 +msgid "" +"An output of this command is a list of all log files generated on the system " +"including messages generated by system components and by users. The " +"structure of this output is similar to one used in `/var/log/messages/` but " +"with certain improvements:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1701 +msgid "" +"the priority of entries is marked visually. Lines of error priority and " +"higher are highlighted with red color and a bold font is used for lines with " +"notice and warning priority" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1703 +msgid "the time stamps are converted for the local time zone of your system" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1705 +msgid "all logged data is shown, including rotated logs" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1707 +msgid "the beginning of a boot is tagged with a special line" +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1709 +#, no-wrap +msgid "Example Output of journalctl" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1713 +msgid "" +"The following is an example output provided by the [application]*journalctl* " +"tool. When called without parameters, the listed entries begin with a time " +"stamp, then the host name and application that performed the operation is " +"mentioned followed by the actual message. This example shows the first three " +"entries in the journal log:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1721 +#, no-wrap +msgid "" +"# journalctl\n" +"-- Logs begin at Thu 2013-08-01 15:42:12 CEST, end at Thu 2013-08-01 " +"15:48:48 CEST. --\n" +"Aug 01 15:42:12 localhost systemd-journal[54]: Allowing runtime journal " +"files to grow to 49.7M.\n" +"Aug 01 15:42:12 localhost kernel: Initializing cgroup subsys cpuset\n" +"Aug 01 15:42:12 localhost kernel: Initializing cgroup subsys cpu\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1723 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1779 +#, no-wrap +msgid "[...]\n" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1729 +msgid "" +"In many cases, only the latest entries in the journal log are relevant. The " +"simplest way to reduce [command]#journalctl# output is to use the " +"[option]`-n` option that lists only the specified number of most recent log " +"entries:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1733 +#, no-wrap +msgid "[command]#journalctl# [option]`-n` _Number_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1736 +msgid "" +"Replace _Number_ with the number of lines to be shown. When no number is " +"specified, [command]#journalctl# displays the ten most recent entries." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1738 +msgid "" +"The [command]#journalctl# command allows controlling the form of the output " +"with the following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1742 +#, no-wrap +msgid "[command]#journalctl# [option]`-o` _form_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1745 +msgid "" +"Replace _form_ with a keyword specifying a desired form of output. There are " +"several options, such as [option]`verbose`, which returns full-structured " +"entry items with all fields, [option]`export`, which creates a binary stream " +"suitable for backups and network transfer, and [option]`json`, which formats " +"entries as JSON data structures. For the full list of keywords, see the " +"`journalctl(1)` manual page." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1747 +#, no-wrap +msgid "Verbose journalctl Output" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1751 +msgid "To view full meta data about all entries, type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1756 +#, no-wrap +msgid "" +"# journalctl -o verbose\n" +"[...]\n" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1777 +#, no-wrap +msgid "" +"Fri 2013-08-02 14:41:22 CEST " +"[s=e1021ca1b81e4fc688fad6a3ea21d35b;i=55c;b=78c81449c920439da57da7bd5c56a770;m=27cc\n" +" _BOOT_ID=78c81449c920439da57da7bd5c56a770\n" +" PRIORITY=5\n" +" SYSLOG_FACILITY=3\n" +" _TRANSPORT=syslog\n" +" _MACHINE_ID=69d27b356a94476da859461d3a3bc6fd\n" +" _HOSTNAME=localhost.localdomain\n" +" _PID=562\n" +" _COMM=dbus-daemon\n" +" _EXE=/usr/bin/dbus-daemon\n" +" _CMDLINE=/bin/dbus-daemon --system --address=systemd: --nofork " +"--nopidfile --systemd-activation\n" +" _SYSTEMD_CGROUP=/system/dbus.service\n" +" _SYSTEMD_UNIT=dbus.service\n" +" SYSLOG_IDENTIFIER=dbus\n" +" SYSLOG_PID=562\n" +" _UID=81\n" +" _GID=81\n" +" _SELINUX_CONTEXT=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023\n" +" MESSAGE=[system] Successfully activated service " +"'net.reactivated.Fprint'\n" +" _SOURCE_REALTIME_TIMESTAMP=1375447282839181\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1783 +msgid "" +"This example lists fields that identify a single log entry. These meta data " +"can be used for message filtering as shown in " +"xref:Viewing_and_Managing_Log_Files.adoc#advanced_filtering[Advanced " +"Filtering]. For a complete description of all possible fields see the " +"`systemd.journal-fields(7)` manual page." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1787 +#, no-wrap +msgid "Access Control" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1790 +msgid "" +"By default, [application]*Journal* users without `root` privileges can only " +"see log files generated by them. The system administrator can add selected " +"users to the *adm* group, which grants them access to complete log files. To " +"do so, type as `root`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1794 +#, no-wrap +msgid "[command]#usermod# [option]`-a` [option]`-G` *adm* _username_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1797 +msgid "" +"Here, replace _username_ with a name of the user to be added to the *adm* " +"group. This user then receives the same output of the [command]#journalctl# " +"command as the root user. Note that access control only works when " +"persistent storage is enabled for [application]*Journal*." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1799 +#, no-wrap +msgid "Using The Live View" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1802 +msgid "" +"When called without parameters, [command]#journalctl# shows the full list of " +"entries, starting with the oldest entry collected. With the live view, you " +"can supervise the log messages in real time as new entries are continuously " +"printed as they appear. To start [application]*journalctl* in live view " +"mode, type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1806 +#, no-wrap +msgid "[command]#journalctl# [option]`-f`\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1809 +msgid "" +"This command returns a list of the ten most current log lines. The " +"[application]*journalctl* utility then stays running and waits for new " +"changes to show them immediately." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1811 +#, no-wrap +msgid "Filtering Messages" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1814 +msgid "" +"The output of the [command]#journalctl# command executed without parameters " +"is often extensive, therefore you can use various filtering methods to " +"extract information to meet your needs." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1815 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1826 +#, no-wrap +msgid "Filtering by Priority" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1817 +msgid "" +"Log messages are often used to track erroneous behavior on the system. To " +"view only entries with a selected or higher priority, use the following " +"syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1821 +#, no-wrap +msgid "[command]#journalctl# [option]`-p` _priority_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1824 +msgid "" +"Here, replace _priority_ with one of the following keywords (or with a " +"number): [command]#debug# (7), [command]#info# (6), [command]#notice# (5), " +"[command]#warning# (4), [command]#err# (3), [command]#crit# (2), " +"[command]#alert# (1), and [command]#emerg# (0)." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1830 +msgid "To view only entries with *error* or higher priority, use:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1834 +#, no-wrap +msgid "[command]#journalctl# [option]`-p err`\n" +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1838 +#, no-wrap +msgid "Filtering by Time" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1840 +msgid "To view log entries only from the current boot, type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1844 +#, no-wrap +msgid "[command]#journalctl# [option]`-b`\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1847 +msgid "" +"If you reboot your system just occasionally, the [option]`-b` will not " +"significantly reduce the output of [command]#journalctl#. In such cases, " +"time-based filtering is more helpful:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1851 +#, no-wrap +msgid "" +"[command]#journalctl# " +"[option]`--since`pass:attributes[{blank}]=pass:attributes[{blank}]_value_ " +"[option]`--until`pass:attributes[{blank}]=pass:attributes[{blank}]_value_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1854 +msgid "" +"With [option]`--since` and [option]`--until`, you can view only log messages " +"created within a specified time range. You can pass _values_ to these " +"options in form of date or time or both as shown in the following example." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1856 +#, no-wrap +msgid "Filtering by Time and Priority" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1860 +msgid "" +"Filtering options can be combined to reduce the set of results according to " +"specific requests. For example, to view the *warning* or higher priority " +"messages from a certain point in time, type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1864 +#, no-wrap +msgid "" +"[command]#journalctl# [option]`-p warning` [option]`--since=\"2013-3-16 " +"23:59:59\"`\n" +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1869 +#, no-wrap +msgid "Advanced Filtering" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1871 +msgid "" +"xref:Viewing_and_Managing_Log_Files.adoc#ex-verbose_journalctl_output[Verbose " +"journalctl Output] lists a set of fields that specify a log entry and can " +"all be used for filtering. For a complete description of meta data that " +"`systemd` can store, see the `systemd.journal-fields(7)` manual page. This " +"meta data is collected for each log message, without user " +"intervention. Values are usually text-based, but can take binary and large " +"values; fields can have multiple values assigned though it is not very " +"common." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1873 +msgid "" +"To view a list of unique values that occur in a specified field, use the " +"following syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1877 +#, no-wrap +msgid "[command]#journalctl# [option]`-F` _fieldname_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1880 +msgid "Replace _fieldname_ with a name of a field you are interested in." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1882 +msgid "" +"To show only log entries that fit a specific condition, use the following " +"syntax:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1886 +#, no-wrap +msgid "" +"[command]#journalctl# " +"_fieldname_pass:attributes[{blank}]=pass:attributes[{blank}]_value_\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1889 +msgid "" +"Replace _fieldname_ with a name of a field and _value_ with a specific value " +"contained in that field. As a result, only lines that match this condition " +"are returned." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1890 +#, no-wrap +msgid "kbd:[Tab] Completion on Field Names" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1895 +msgid "" +"As the number of meta data fields stored by `systemd` is quite large, it is " +"easy to forget the exact name of the field of interest. When unsure, type:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1902 +msgid "" +"and press the kbd:[Tab] key two times. This shows a list of available field " +"names. kbd:[Tab] completion based on context works on field names, so you " +"can type a distinctive set of letters from a field name and then press " +"kbd:[Tab] to complete the name automatically. Similarly, you can list unique " +"values from a field. Type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1906 +#, no-wrap +msgid "[command]#journalctl# _fieldname_pass:attributes[{blank}]=\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1909 +msgid "" +"and press kbd:[Tab] two times. This serves as an alternative to " +"[command]#journalctl# [option]`-F` _fieldname_." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1913 +msgid "You can specify multiple values for one field:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1917 +#, no-wrap +msgid "" +"[command]#journalctl# " +"_fieldname_pass:attributes[{blank}]=pass:attributes[{blank}]_value1_ " +"_fieldname_pass:attributes[{blank}]=pass:attributes[{blank}]_value2_ ...\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1920 +msgid "" +"Specifying two matches for the same field results in a logical `OR` " +"combination of the matches. Entries matching _value1_ or _value2_ are " +"displayed." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1922 +msgid "" +"Also, you can specify multiple field-value pairs to further reduce the " +"output set:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1926 +#, no-wrap +msgid "" +"[command]#journalctl# " +"_fieldname1_pass:attributes[{blank}]=pass:attributes[{blank}]_value_ " +"_fieldname2_pass:attributes[{blank}]=pass:attributes[{blank}]_value_ ...\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1929 +msgid "" +"If two matches for different field names are specified, they will be " +"combined with a logical `AND`. Entries have to match both conditions to be " +"shown." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1931 +msgid "" +"With use of the *+* symbol, you can set a logical `OR` combination of " +"matches for multiple fields:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1935 +#, no-wrap +msgid "" +"journalctl pass:quotes[_fieldname1_]=pass:quotes[_value_] + " +"pass:quotes[_fieldname2_]=pass:quotes[_value_] ...\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1938 +msgid "" +"This command returns entries that match at least one of the conditions, not " +"only those that match both of them." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1940 +#, no-wrap +msgid "Advanced filtering" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1944 +msgid "" +"To display entries created by `avahi-daemon.service` or `crond.service` " +"under user with UID 70, use the following command:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1948 +#, no-wrap +msgid "" +"journalctl pass:quotes[`_UID=70`] " +"pass:quotes[`_SYSTEMD_UNIT=avahi-daemon.service`] " +"pass:quotes[`_SYSTEMD_UNIT=crond.service`]\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1951 +msgid "" +"Since there are two values set for the `_SYSTEMD_UNIT` field, both results " +"will be displayed, but only when matching the `_UID=70` condition. This can " +"be expressed simply as: (UID=70 and (avahi or cron))." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1955 +msgid "" +"You can apply the aforementioned filtering also in the live-view mode to " +"keep track of the latest changes in the selected group of log entries:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1959 +#, no-wrap +msgid "" +"[command]#journalctl# [option]`-f` " +"_fieldname_pass:attributes[{blank}]=pass:attributes[{blank}]_value_ ...\n" +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1962 +#, no-wrap +msgid "Enabling Persistent Storage" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1965 +msgid "" +"By default, [application]*Journal* stores log files only in memory or a " +"small ring-buffer in the `/run/log/journal/` directory. This is sufficient " +"to show recent log history with [command]#journalctl#. This directory is " +"volatile, log data is not saved permanently. With the default configuration, " +"syslog reads the journal logs and stores them in the `/var/log/` " +"directory. With persistent logging enabled, journal files are stored in " +"`/var/log/journal` which means they persist after reboot. Journal can then " +"replace [application]*rsyslog* for some users (but see the chapter " +"introduction)." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1967 +msgid "Enabled persistent storage has the following advantages" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1969 +msgid "Richer data is recorded for troubleshooting in a longer period of time" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1971 +msgid "For immediate troubleshooting, richer data is available after a reboot" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1973 +msgid "Server console currently reads data from journal, not log files" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1975 +msgid "Persistent storage has also certain disadvantages:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1977 +msgid "" +"Even with persistent storage the amount of data stored depends on free " +"memory, there is no guarantee to cover a specific time span" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1979 +msgid "More disk space is needed for logs" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1981 +msgid "" +"To enable persistent storage for Journal, create the journal directory " +"manually as shown in the following example. As `root` type:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1985 +#, no-wrap +msgid "[command]#mkdir# [option]`-p` `/var/log/journal`\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1988 +msgid "Then, restart `journald` to apply the change:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1992 +#, no-wrap +msgid "[command]#systemctl# [option]`restart` `systemd-journald`\n" +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1995 +#, no-wrap +msgid "Managing Log Files in a Graphical Environment" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:1998 +msgid "" +"As an alternative to the aforementioned command-line utilities, Red{nbsp}Hat " +"Enterprise{nbsp}Linux{nbsp}7 provides an accessible GUI for managing log " +"messages." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2005 +msgid "" +"indexterm:[log files,viewing] Most log files are stored in plain text " +"format. You can view them with any text editor such as [command]#Vi# or " +"[application]*Emacs*. Some log files are readable by all users on the " +"system; however, root privileges are required to read most log files. " +"indexterm:[gnome-system-log,System Log] To view system log files in an " +"interactive, real-time application, use the [application]*System Log*." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2006 +#, no-wrap +msgid "Installing the gnome-system-log package" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2011 +msgid "" +"In order to use the [application]*System Log*, first ensure the " +"[package]*gnome-system-log* package is installed on your system by running, " +"as `root`:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2015 +#, no-wrap +msgid "~]#{nbsp}dnf install gnome-system-log\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2019 +msgid "" +"For more information on installing packages with DNF, see " +"xref:package-management/DNF.adoc#sec-Installing[Installing Packages]." +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2023 +msgid "" +"After you have installed the [package]*gnome-system-log* package, open the " +"[application]*System Log* by clicking " +"menu:Applications[pass:attributes[{blank}]`System Tools` > `System " +"Log`pass:attributes[{blank}]], or type the following command at a shell " +"prompt:" +msgstr "" + +#. type: delimited block - +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2027 +#, no-wrap +msgid "~]${nbsp}pass:attributes[{blank}][command]#gnome-system-log#\n" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2032 +msgid "" +"The application only displays log files that exist; thus, the list might " +"differ from the one shown in " +"xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer[System Log]. " +"indexterm:[System Log,searching]indexterm:[System Log,filtering]" +msgstr "" + +#. type: Positional ($1) AttributeList argument for macro 'image' +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2034 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2036 +#, no-wrap +msgid "System Log" +msgstr "" + +#. type: Target for macro image +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2036 +#, no-wrap +msgid "redhat-logviewer.png" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2039 +msgid "" +"indexterm:[System Log,refresh rate] The [application]*System Log* " +"application lets you filter any existing log file. Click on the button " +"marked with the gear symbol to view the menu, select " +"menu:[pass:attributes[{blank}]`Filters` > > `Manage " +"Filters`pass:attributes[{blank}]] to define or edit the desired filter." +msgstr "" + +#. type: Positional ($1) AttributeList argument for macro 'image' +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2041 +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2043 +#, no-wrap +msgid "System Log - Filters" +msgstr "" + +#. type: Target for macro image +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2043 +#, no-wrap +msgid "redhat-filters.png" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2046 +msgid "" +"Adding or editing a filter lets you define its parameters as is shown in " +"xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-filter-sample[System Log " +"- defining a filter]." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2048 +#, no-wrap +msgid "System Log - defining a filter" +msgstr "" + +#. type: Positional ($1) AttributeList argument for macro 'image' +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2050 +#, no-wrap +msgid "System Log - Defining a Filter" +msgstr "" + +#. type: Target for macro image +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2050 +#, no-wrap +msgid "redhat-filter-sample.png" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2053 +msgid "When defining a filter, the following parameters can be edited:" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2055 +msgid "`Name` — Specifies the name of the filter." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2057 +msgid "" +"`Regular Expression` — Specifies the regular expression that will be applied " +"to the log file and will attempt to match any possible strings of text in " +"it." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2059 +msgid "`Effect`" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2061 +msgid "" +"`Highlight` — If checked, the found results will be highlighted with the " +"selected color. You may select whether to highlight the background or the " +"foreground of the text." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2063 +msgid "" +"`Hide` — If checked, the found results will be hidden from the log file you " +"are viewing." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2065 +msgid "" +"When you have at least one filter defined, it can be selected from the " +"`Filters` menu and it will automatically search for the strings you have " +"defined in the filter and highlight or hide every successful match in the " +"log file you are currently viewing." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2067 +#, no-wrap +msgid "System Log - enabling a filter" +msgstr "" + +#. type: Positional ($1) AttributeList argument for macro 'image' +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2069 +#, no-wrap +msgid "System Log - Enabling a Filter" +msgstr "" + +#. type: Target for macro image +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2069 +#, no-wrap +msgid "redhat-filter-enable.png" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2072 +msgid "" +"When you select the `Show matches only` option, only the matched strings " +"will be shown in the log file you are currently viewing." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2074 +#, no-wrap +msgid "Adding a Log File" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2081 +msgid "" +"To add a log file you want to view in the list, select menu:File[> `Open` " +">]. This will display the `Open Log` window where you can select the " +"directory and file name of the log file you want to view. " +"xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer-add[System Log " +"- adding a log file] illustrates the Open Log window." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2083 +#, no-wrap +msgid "System Log - adding a log file" +msgstr "" + +#. type: Positional ($1) AttributeList argument for macro 'image' +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2085 +#, no-wrap +msgid "System Log - Adding a Log File" +msgstr "" + +#. type: Target for macro image +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2085 +#, no-wrap +msgid "redhat-logviewer-add.png" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2088 +msgid "" +"Click on the btn:[Open] button to open the file. The file is immediately " +"added to the viewing list where you can select it and view its contents." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2089 +#, no-wrap +msgid "Reading zipped log files" +msgstr "" + +#. type: delimited block = +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2094 +msgid "" +"The [application]*System Log* also allows you to open log files zipped in " +"the `.gz` format." +msgstr "" + +#. type: Title === +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2098 +#, no-wrap +msgid "Monitoring Log Files" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2101 +msgid "" +"indexterm:[log files,monitoring]indexterm:[System Log,monitoring] " +"[application]*System Log* monitors all opened logs by default. If a new line " +"is added to a monitored log file, the log name appears in bold in the log " +"list. If the log file is selected or displayed, the new lines appear in bold " +"at the bottom of the log " +"file. " +"xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer-monitoring[System " +"Log - new log alert] illustrates a new alert in the `cron` log file and in " +"the `messages` log file. Clicking on the `messages` log file displays the " +"logs in the file with the new lines in bold." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2103 +#, no-wrap +msgid "System Log - new log alert" +msgstr "" + +#. type: Positional ($1) AttributeList argument for macro 'image' +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2105 +#, no-wrap +msgid "System Log - New Log Alert" +msgstr "" + +#. type: Target for macro image +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2105 +#, no-wrap +msgid "redhat-logviewer-monitoring.png" +msgstr "" + +#. type: Title == +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2108 +#, no-wrap +msgid "Additional Resources" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2111 +msgid "" +"For more information on how to configure the `rsyslog` daemon and how to " +"locate, view, and monitor log files, see the resources listed below." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2112 +#, no-wrap +msgid "Installed Documentation" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2115 +msgid "" +"`rsyslogd`(8) — The manual page for the `rsyslogd` daemon documents its " +"usage." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2117 +msgid "" +"`rsyslog.conf`(5) — The manual page named `rsyslog.conf` documents available " +"configuration options." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2119 +msgid "" +"`logrotate`(8) — The manual page for the [application]*logrotate* utility " +"explains in greater detail how to configure and use it." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2121 +msgid "" +"`journalctl`(1) — The manual page for the [command]#journalctl# daemon " +"documents its usage." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2123 +msgid "" +"`journald.conf`(5) — This manual page documents available configuration " +"options." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2125 +msgid "" +"`systemd.journal-fields`(7) — This manual page lists special " +"[application]*Journal* fields." +msgstr "" + +#. type: Block title +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2127 +#, no-wrap +msgid "Online Documentation" +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2130 +msgid "" +"link:++https://www.rsyslog.com/++[rsyslog Home Page] — The " +"[application]*rsyslog* home page offers a thorough technical breakdown of " +"its features, documentation, configuration examples, and video tutorials." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2132 +msgid "" +"link:++https://www.rsyslog.com/doc/rainerscript.html++[pass:attributes[{blank}]*RainerScript* " +"documentation on the rsyslog Home Page] — Commented summary of data types, " +"expressions, and functions available in *RainerScript*." +msgstr "" + +#. type: Plain text +#: ./pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc:2133 +msgid "" +"link:++https://www.rsyslog.com/doc/queues.html++[Description of *queues* on " +"the rsyslog Home Page] — General information on various types of message " +"queues and their usage." +msgstr ""