rsyslog

时间:2024-12-03 17:34:14

http://www.rsyslog.com/

http://www.rsyslog.com/doc/v5-stable/troubleshooting/troubleshoot.html

RSYSLOG is the rocket-fast system for log processing.

It offers high-performance, great security features and a modular design.
它提供高性能,极大的安全特性和模块化设计。
While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to accept inputs from a wide variety of sources, transform them, and output to the results to diverse destinations.
当作为一个普通syslogd启动时,rsyslog进化为日志界的瑞士军刀的一种,能接受多种源的输入,传输他们,输出结果到不同的目的地
RSYSLOG can deliver over one million messages per second to local destinations when limited processing is applied (based on v7, December 2013).
rsyslog每秒能转发百万条消息到本地目的地,当处理受限被应用时。
Even with remote destinations and more elaborate processing the performance is usually considered "stunning".
单词:elaborate:adj. 精心制作的;详尽的;煞费苦心的
单词:stunning:adj.出色的
甚至远程目的地和更详尽的处理时,性能通常被认为是出色的。

http://www.adiscon.com/common/en/glossary/rfc3195.php

RFC 3195 is a relatively new IETF standard. It specifies how syslog messages can reliably be transmitted via a TCP connection. RFC 3195 optionally allows for message encryption and authentication of sender and reciver.
RFC 3195是最新的IETF标准。它指出syslog消息如何能可靠地经由一个TCP连接被传送。RFC 3195可选允许消息加密与发送者和接收者的认证。
Adiscon's MonitorWare line of products implement the core RFC 3195 protocol (actually, Adiscon was the first one to do this on the Windows platform).
adiscon的monitorware产品线实现了RFC 3195协议的核心(事实上,adiscon也是第一个在win平台上做这件事的人)。
Under UNIX, rsyslog and SDSC syslog are known to support RFC 3195. Our liblogging project enables your own applications to "talk" 3195.
在UNIX下,大家知道rsyslog和SDSC syslog支持RFC 3195。我们的liblogging项目可以使你自己的应用对话3195。
The formal specification for RFC 3195 can be found in the IETF RFC repository.
在IETF RFC的库中可以找到RFC3195的正式规范。
During its creation, RFC 3195 was known as "syslog-reliable". Many people still use this name to refer to it.
在它创建期间,
Further information on RFC 3195 and currently available implementations can be found at http://www.syslog.cc/ietf/rfcs/3195.html.
There is also a mailing list available for implementors and users of RFC 3195.

RSyslog - History

Rsyslog was initiated by Rainer Gerhards. If you are interested to learn why Rainer initiated the project, you may want to read his blog posting on “why the world needs another syslogd”.
rsyslog由rainer gerhards发起。如果你对rainer为何发起这个项目感兴趣,你可能想要阅读他的关于“世界为什么需要另一个syslogd”的blog。

The name “rsyslog” stems back to the planned support for syslog-reliable. Ironically, the initial release of rsyslog did NEITHER support syslog-reliable NOR tcp based syslog.
名字rsyslog可以追溯到可靠的syslog支持计划。讽刺的是,rsyslog的初始版本既不支持可靠的syslog,也不支持基于syslog的tcp。
Instead, it contained enhanced configurability and other enhancements (like database support).
替代的,它包含了加强配置和其它改进(像数据库支持)。
The reason for this is that full support for RFC 3195 would require even more changes and especially fundamental architectural changes.
这点的理由是RFC3195的完全支持可能需要更多的变化和特别是基础结构的更改。
Also, questions asked on the loganalysis list and at other places indicated that RFC3195 is NOT a prime priority for users, but rather better control over the output format.
同样,在日志分析列表的问题回答和由RFC3195指示的其它地方对用户来说不是一个基本优先级,但可以对输出格式更好的控制。
So there we were, with a rsyslogd that covers a lot of enhancements, but not a single one of these that made its name ;)

Since version 0.9.2, receiving syslog messages via plain tcp is finally supported, a bit later sending via TCP, too.
从版本0.9.2开始,经由普通tcp接收syslog 消息最终被支持,晚一点经tcp发送也支持。
Starting with 1.11.0, RFC 3195 is finally supported at the receiving side (a.k.a. “listener”).
从1.11.0开始,RFC3195在接收边被最终支持(又名监听器)。
Support for sending via RFC 3195 is still due. Anyhow, rsyslog has come much closer to what it name promises.
经由RFC3195的发送依然不支持。总之,rsyslog已经更接近于它初始的预期。

The database support was initially included so that our web-based syslog interface could be used.
数据库支持一开始就包括以便我们基于web的syslog接口能被使用。
This is another open source project which can be found under http://www.phplogcon.org. We highly recommend having a look at it.
这是另一个开源项目能在以下网址找到。我们高度推荐看一看。
It might not work for you if you expect thousands of messages per second (because your database won’t be able to provide adequate performance), but in many cases it is a very handy analysis and troubleshooting tool.
假如你希望每秒上千的消息(因为你的数据库不能提供充足的性能),它可能不会工作,但在大多数情况下它是一个非常方便的分析和排障工具。
In the mean time, of course, lots of people have found many applications for writing to databases, so the prime focus is no longer on phpLogcon.
在平均时间里,当然,大多数人可能找到写数据库的很多应用,因此焦点不再是phplogcon。

Rsyslogd supports an enhanced syslog.conf file format, and also works with the standard syslog.conf.
rsyslogd支持一个加强的syslog.conf文件格式,同样也能工作在标准syslog.conf下。
In theory, it should be possible to simply replace the syslogd binary with the one that comes with rsyslog.
原则上,它应该能用rsyslog来简单替换syslogd二进制。
Of course, in order to use any of the new features, you must re-write your syslog.conf. To learn how to do this, please review our commented sample.conf file.
当然,为了使用任何一个新的特性,你必须重写你的syslog.conf。学习如何去做,请查看我们推荐的sample.conf文件。
It outlines the enhancements over stock syslogd. Discussion has often arisen of whether having an “old syslogd” logfile format is good or evil.
它在老的syslogd基础之上概括了增强。讨论经常升级为老的syslogd日志文件格式是好的或坏的。
So far, this has not been solved (but Rainer likes the idea of a new format), so we need to live with it for the time being.
距今为止,这不能被解决(但Rainer喜欢新格式),因此我们需要时间来考验。
It is planned to be reconsidered in the 3.x release time frame.
在3.x发行时间里,计划重新考虑。