Hello community, here is the log from the commit of package rsyslog.3026 for openSUSE:13.1:Update checked in at 2014-10-01 08:45:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/rsyslog.3026 (Old) and /work/SRC/openSUSE:13.1:Update/.rsyslog.3026.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rsyslog.3026" Changes: -------- New Changes file: --- /dev/null 2014-09-26 12:09:11.568032006 +0200 +++ /work/SRC/openSUSE:13.1:Update/.rsyslog.3026.new/rsyslog.changes 2014-10-01 08:45:52.000000000 +0200 @@ -0,0 +1,1366 @@ +------------------------------------------------------------------- +Wed Sep 17 11:28:48 UTC 2014 - [email protected] + +- added template file for fast firewall config + +------------------------------------------------------------------- +Fri Aug 22 14:37:57 UTC 2014 - [email protected] + +- Stop syslog.socket in %preun to avoid the daemon we uninstall + gets started by a log message due to dependencies (bnc#840815). + +------------------------------------------------------------------- +Wed Dec 11 22:53:14 UTC 2013 - [email protected] + +- update to 7.4.7 [v7.4-stable] [bnc#855058] +- bugfix: limiting queue disk space did not work properly +- bugfix: linux kernel-like ratelimiter did not work properly with all + inputs (for example, it did not work with imdup). +- bugfix: disk queues created files in wrong working directory +- bugfix: legacy directive $ActionQueueWorkerThreads was not honored +- bugfix: segfault on startup when certain script constructs are used + e.g. "if not $msg ..." +- bugfix: imuxsock: UseSysTimeStamp config parameter did not work correctly +- bugfix: $SystemLogUseSysTimeStamp/$SystemLogUsePIDFromSystem did not work +- improved checking of queue config parameters on startup +- bugfix: call to ruleset with async queue did not use the queue +- bugfix: if imtcp is loaded and no listeners are configured (which is + uncommon), rsyslog crashes during shutdown. + +------------------------------------------------------------------- +Mon Nov 4 20:18:45 UTC 2013 - [email protected] + +- update to 7.4.6 [v7.4-stable] [bnc#848574] + Fixes various segfault, memory leak and buffer overrun fixes and + a selection of application bugs + - bugfix: potential abort during HUP + - bugfix: imtcp flowControl parameter incorrectly defaulted to "off" + - now requires libestr 0.1.9 for number handling in RainerScript + - bugfix: memory leak in strlen() RainerScript function + - bugfix: buffer overrun if re_extract function was called for submatch 50 + - bugfix: memleak in re_extract() function + - bugfix: potential abort in RainerScript optimizer + - bugfix: memory leak in omhiredis + - bugfix: segfault if variable was assigned to non-container subtree +- also contains changes from 7.4.5 + - mmanon: removed the check for specific "terminator characters" + - omelasticsearch: add failed.httprequests stats counter + - bugfix: invalid property filter was not properly disabled in ruleset + - bugfix: segfault if re_extract() function was used and no match found + - bugfix: potential misadressing on startup if property-filter was used + - bugfix: omelasticsearch: correct failed.http stats counter + - bugfix: omelasticsearch: did not correctly initialize stats counters + - bugfix: omelasticsearch: failed.es counter was only maintained in bulk mode + - bugfix: mmanon did not detect all IP addresses in rewrite mode + - bugfix: mmanon sometimes used invalid replacement char in simple mode + - bugfix: memory leak in mmnormalize + - bugfix: array-based ==/!= comparisions lead to invalid results + - bugfix: omprog blocked signals to executed programs + - bugfix: doc: imuxsock legacy param $SystemLogSocketParseTrusted was + misspelled + - bugfix: imfile "facility" input parameter improperly handled + - bugfix: small memory leak in imfile when $ResetConfigVariables was used + - bugfix: segfault on startup if TLS was used but no CA cert set + - bugfix: segfault on startup if TCP TLS was used but no cert or key set + - bugfix: some more build problems with newer json-c versions + - bugfix: build system: libgcrypt.h needed even if libgrcypt was disabled +- fix ppc build, add patch from upstream to fix build on platforms + without atomic instructions + rsyslog-7.4.6-omelasticsearch-atomic-instructions-ppc.patch +------------------------------------------------------------------- +Thu Sep 12 21:42:29 UTC 2013 - [email protected] + +- update to 7.4.4 [v7.4-stable] +- better error messages in GuardTime signature provider +- make rsyslog use the new json-c pkgconfig file if available +- bugfix: imfile parameter "persistStateInterval" was unusable + due to a case typo in imfile; work-around was to use legacy config +- bugfix: TLV16 flag encoding error in signature files from GT provider + This fixes a problem where the TLV16 flag was improperly encoded. + Unfortunately, existing files already have the bug and may not properly + be processed. The fix uses constants from the GuardTime API lib to + prevent such problems in the future. +- bugfix: slightly malformed SMTP handling in ommail +- bugfix: segfault in omprog if no template was provided (now dflt is used) +- bugfix: segfault in ompipe if no template was provided (now dflt is used) +- bugfix: segfault in omsnmp if no template was provided (now dflt is used) +- bugfix: some omsnmp optional config params were flagged as mandatory +- bugfix: segfault in omelasticsearch when resuming queued messages + after restarting Elasticsearch +- bugfix: imtcp addtlframedelimiter could not be set to zero +- doc bugfix: remove no-longer existing omtemplate from developer doc + was specifically mentioned as a sample for creating new plugins + +------------------------------------------------------------------- +Sat Jul 20 12:52:05 UTC 2013 - [email protected] + +- update to 7.4.3 [v7.4-stable] + - bugfix: memory leak if disk queues were used and json data + rresent + - bugfix: CEE/json data was lost during disk queue operation + - bugfix: potential segfault during startup on invalid config + - bugfix: 100% CPU utilization when DA queue became full + - bugfix: omlibdbi did not properly close connection on some + errors + - cosmetic bugfix: file name buffer was not freed on disk queue + destruction + +------------------------------------------------------------------- +Fri Jul 5 08:25:02 UTC 2013 - [email protected] + +- Update to 7.4.2 [v7.4-stable] (bnc#828140,CVE-2013-4758): + - bugfix: in RFC5425 TLS, multiple wildcards in auth could cause + segfault + - bugfix: RainerScript object required parameters were not properly + checked - this clould result to segfaults on startup if parameters + were missing. + - bugfix: double-free in omelasticsearch + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=461 + a security advisory for this bug is available at: + http://www.lsexperts.de/advisories/lse-2013-07-03.txt + PLEASE NOTE: This issue only existed if omelasticsearch was used + in a non-default configuration, where the "errorfile" parameter + was specified. Without that parameter set, the bug could not be + triggered. Thanks to Markus Vervier and Marius Ionescu for providing + a detailled bug report. Special thanks to Markus for coordinating + his security advisory with us. + - bugfix: omrelp potential segfault at startup on invalid config + parameters + - bugfix: small memory leak when $uptime property was used + - bugfix: potential segfault on rsyslog termination in imudp + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=456 + - bugfix: lmsig_gt abort on invalid configuration parameters + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=448 + Thanks to Risto Laanoja for the patch. + - imtcp: fix typo in "listner" parameter, which is "listener" + Currently, both names are accepted. + - solved build problems on FreeBSD + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=457 + closes: http://bugzilla.adiscon.com/show_bug.cgi?id=458 + Thanks to Christiano for reproting and suggesting patches + - solved build problems on CENTOS5 + +------------------------------------------------------------------- +Wed Jun 26 10:48:34 UTC 2013 - [email protected] + +- Use --enable-cached-man-pages configure option on SLES-11, where + rst2man is not available and removed prebuilt man pages. + +------------------------------------------------------------------- +Sat Jun 22 20:54:14 UTC 2013 - [email protected] + +- update to 7.4.1 [v7.4-stable]: + - imjournal: add ratelimiting capability + - bugfix imzmq3: potential segfault on startup +- includes changes from 7.4.0 [v7.4-stable]: + - doc bugfix: ReadMode wrong in imfile doc, two values were swapped + - imjournal: no longer do periodic wakeup + - bugfix: potential hang *in debug mode* on rsyslogd termination + - bugfix: $template statement with multiple spaces lead to invalid tpl name + - 0mq fixes +- includes changes from version 7.3.15 + - bugfix: problem in build system (especially when cross-compiling) + - bugfix: imjournal had problem with systemd journal API change + - imjournal: now obtain and include PID + - bugfix: .logsig files had tlv16 indicator bit at wrong offset + - bugfix: omrelp legacy config parameters set a timeout of zero + which lead the legacy config to be unusable. + - bugfix: segfault on startup if a disk queue was configure without file + name + - bugfix: invalid addressing in string class (recent regression) +- packaging changes: + - rebase rsyslog-unit.patch + - move libee/liblognorm dependencies to mmnormalize conditional + +------------------------------------------------------------------- +Fri Jun 14 04:17:57 UTC 2013 - [email protected] + +- Required version of pkgconfig(relp) is >= 1.0.3 +- Requires version of libsystemd-journal is >= 197 +- Notify systemd on sucessful startup of the daemon to avoid + confusing behaviour such as : + http://lists.opensuse.org/opensuse/2013-06/msg00603.html + +------------------------------------------------------------------- +Mon May 13 09:42:56 UTC 2013 - [email protected] + +- Fixed SLES-11 build that does not have rst2man/python-docutils; + added pre-built rscryutil.1 and rsgtutil.1 as sources because + v7.3.14 does not ship them pre-built any more. + +------------------------------------------------------------------- +Tue May 7 18:27:48 UTC 2013 - [email protected] + +- update to 7.3.14 [beta] 2013-05-06: + - bugfix: some man pages were not properly installed either + rscryutil or rsgtutil man was installed, but not both. + Thanks to Marius Tomaschewski for the patch. ++++ 1169 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.rsyslog.3026.new/rsyslog.changes New: ---- rsyslog-7.4.6-omelasticsearch-atomic-instructions-ppc.patch rsyslog-7.4.7.tar.gz rsyslog-service-prepare.in rsyslog-unit.patch rsyslog.changes rsyslog.conf.in rsyslog.d.remote.conf.in rsyslog.firewall rsyslog.spec rsyslog.sysconfig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rsyslog.spec ++++++ ++++ 1036 lines (skipped) ++++++ rsyslog-7.4.6-omelasticsearch-atomic-instructions-ppc.patch ++++++ From: Rainer Gerhards <[email protected]> Date: Fri, 18 Oct 2013 05:11:44 +0000 (+0200) Subject: bugfix: omelasticsearch did not compile on platforms without atomic instructions X-Git-Url: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff_plain;h=16207e3d55ac6bb15af6d50791d2c7462816de57 References: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=16207e3d55ac6bb15af6d50791d2c7462816de57#patch2 Fixes build on ppc. [ 249s] In file included from ../../runtime/prop.h:25:0, [ 249s] from ../../runtime/glbl.h:35, [ 249s] from ../../runtime/stream.h:70, [ 249s] from ../../runtime/obj.h:48, [ 249s] from ../../runtime/rsyslog.h:525, [ 249s] from omelasticsearch.c:26: [ 249s] omelasticsearch.c: In function 'curlPost': [ 249s] omelasticsearch.c:611:39: error: 'mutHTTPReqFail' undeclared (first use in this function) [ 249s] STATSCOUNTER_INC(indexHTTPReqFail, mutHTTPReqFail); and similar --- plugins/omelasticsearch/omelasticsearch.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) Index: rsyslog-7.4.6/plugins/omelasticsearch/omelasticsearch.c =================================================================== --- rsyslog-7.4.6.orig/plugins/omelasticsearch/omelasticsearch.c 2013-10-29 15:08:48.000000000 +0000 +++ rsyslog-7.4.6/plugins/omelasticsearch/omelasticsearch.c 2013-11-04 20:00:38.000000000 +0000 @@ -608,7 +608,7 @@ curlPost(instanceData *pData, uchar *mes case CURLE_COULDNT_RESOLVE_PROXY: case CURLE_COULDNT_CONNECT: case CURLE_WRITE_ERROR: - STATSCOUNTER_INC(indexHTTPReqFail, mutHTTPReqFail); + STATSCOUNTER_INC(indexHTTPReqFail, mutIndexHTTPReqFail); indexHTTPFail += nmsgs; DBGPRINTF("omelasticsearch: we are suspending ourselfs due " "to failure %lld of curl_easy_perform()\n", @@ -1001,16 +1001,16 @@ CODEmodInit_QueryRegCFSLineHdlr /* support statistics gathering */ CHKiRet(statsobj.Construct(&indexStats)); CHKiRet(statsobj.SetName(indexStats, (uchar *)"omelasticsearch")); - STATSCOUNTER_INIT(indexSubmit, mutCtrIndexSubmit); + STATSCOUNTER_INIT(indexSubmit, mutIndexSubmit); CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"submitted", ctrType_IntCtr, &indexSubmit)); - STATSCOUNTER_INIT(indexHTTPFail, mutCtrIndexHTTPFail); + STATSCOUNTER_INIT(indexHTTPFail, mutIndexHTTPFail); CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.http", ctrType_IntCtr, &indexHTTPFail)); - STATSCOUNTER_INIT(indexHTTPReqFail, mutCtrIndexHTTPReqFail); + STATSCOUNTER_INIT(indexHTTPReqFail, mutIndexHTTPReqFail); CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.httprequests", ctrType_IntCtr, &indexHTTPReqFail)); - STATSCOUNTER_INIT(indexESFail, mutCtrIndexESFail); + STATSCOUNTER_INIT(indexESFail, mutIndexESFail); CHKiRet(statsobj.AddCounter(indexStats, (uchar *)"failed.es", ctrType_IntCtr, &indexESFail)); CHKiRet(statsobj.ConstructFinalize(indexStats)); ++++++ rsyslog-service-prepare.in ++++++ #!/bin/sh test -s "/etc/sysconfig/syslog" && \ . "/etc/sysconfig/syslog" run_dir="RUN_DIR" cfg_file="ADDITIONAL_SOCKETS" umask 0022 /bin/mkdir -p -m 0755 "${run_dir}" # # Prepare include with sockets in chroot's # > "${cfg_file}" for variable in ${!SYSLOGD_ADDITIONAL_SOCKET*}; do eval value=\$$variable test -z "$value" && continue test -d "${value%/*}" || continue echo "\$AddUnixListenSocket $value" done >> "${cfg_file}" # # make sure xconsole exists and is a pipe # if test -e /dev/xconsole -a ! -p /dev/xconsole ; then /bin/rm -f /dev/xconsole fi if test ! -e /dev/xconsole ; then /bin/mknod -m 0600 /dev/xconsole p /bin/chown root:tty /dev/xconsole restorecon /dev/xconsole 2> /dev/null fi exit 0 ++++++ rsyslog-unit.patch ++++++ --- rsyslog.service.in | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) Index: rsyslog-7.4.1/rsyslog.service.in =================================================================== --- rsyslog-7.4.1.orig/rsyslog.service.in 2013-06-17 06:50:28.000000000 +0100 +++ rsyslog-7.4.1/rsyslog.service.in 2013-06-22 21:41:46.000000000 +0100 @@ -1,11 +1,18 @@ [Unit] Description=System Logging Service Requires=syslog.socket +Requires=var-run.mount +After=var-run.mount +Conflicts=syslog-ng.service syslogd.service [Service] Type=notify -ExecStart=@sbindir@/rsyslogd -n +ExecStart=@sbindir@/rsyslogd -n $RSYSLOGD_PARAMS StandardOutput=null +Environment=RSYSLOGD_PARAMS= +ExecStartPre=@sbindir@/rsyslog-service-prepare +EnvironmentFile=-/etc/sysconfig/syslog +ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target ++++++ rsyslog.conf.in ++++++ ## ## === When you're using remote logging, enable on-disk queues === ## === in rsyslog.d/remote.conf. When neccesary also set the === ## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, === ## === e.g. when rsyslog has to receive on a specific IP only. === ## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote ## filesystem, except on newer systems where initrd mounts /usr. ## [The modules are linked against libraries installed bellow of ## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## # # if you experience problems, check # http://www.rsyslog.com/troubleshoot for assistance # and report them at http://bugzilla.novell.com/ # # since rsyslog v3: load input modules # If you do not load inputs, nothing happens! # provides --MARK-- message capability (every 1 hour) $ModLoad immark.so $MarkMessagePeriod 3600 # provides support for local system logging (e.g. via logger command) $ModLoad imuxsock.so # reduce dupplicate log messages (last message repeated n times) $RepeatedMsgReduction on # kernel logging (may be also provided by /sbin/klogd) # see also http://www.rsyslog.com/doc-imklog.html. $ModLoad imklog.so # set log level 1 (same as in /etc/sysconfig/syslog). $klogConsoleLogLevel 1 # Use rsyslog native, rfc5424 conform log format as default # ($ActionFileDefaultTemplate RSYSLOG_FileFormat). # # To change a single file to use obsolete BSD syslog format # (rfc 3164, no high-precision timestamps), set the variable # bellow or append ";RSYSLOG_FileFormat" to the filename. # See # http://www.rsyslog.com/doc/rsyslog_conf_templates.html # for more informations. # #$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Include config generated by /etc/init.d/syslog script # using the SYSLOGD_ADDITIONAL_SOCKET* variables in the # /etc/sysconfig/syslog file. # $IncludeConfig ADDITIONAL_SOCKETS # # Include config files, that the admin provided? : # $IncludeConfig ETC_RSYSLOG_D_GLOB ### # print most important on tty10 and on the xconsole pipe # if ( \ /* kernel up to warning except of firewall */ \ ($syslogfacility-text == 'kern') and \ ($syslogseverity <= 4 /* warning */ ) and not \ ($msg contains 'IN=' and $msg contains 'OUT=') \ ) or ( \ /* up to errors except of facility authpriv */ \ ($syslogseverity <= 3 /* errors */ ) and not \ ($syslogfacility-text == 'authpriv') \ ) \ then /dev/tty10 & |/dev/xconsole # Emergency messages to everyone logged on (wall) *.emerg :omusrmsg:* # enable this, if you want that root is informed # immediately, e.g. of logins #*.alert root # # firewall messages into separate file and stop their further processing # if ($syslogfacility-text == 'kern') and \ ($msg contains 'IN=' and $msg contains 'OUT=') \ then -/var/log/firewall & stop # # acpid messages into separate file and stop their further processing # # => all acpid messages for debuging (uncomment if needed): #if ($programname == 'acpid' or $syslogtag == '[acpid]:') then \ # -/var/log/acpid # # => up to notice (skip info and debug) if ($programname == 'acpid' or $syslogtag == '[acpid]:') and \ ($syslogseverity <= 5 /* notice */) \ then -/var/log/acpid & stop # # NetworkManager into separate file and stop their further processing # if ($programname == 'NetworkManager') or \ ($programname startswith 'nm-') \ then -/var/log/NetworkManager & stop # # email-messages # mail.* -/var/log/mail mail.info -/var/log/mail.info mail.warning -/var/log/mail.warn mail.err /var/log/mail.err # # news-messages # news.crit -/var/log/news/news.crit news.err -/var/log/news/news.err news.notice -/var/log/news/news.notice # enable this, if you want to keep all news messages # in one file #news.* -/var/log/news.all # # Warnings in one file # *.=warning;*.=err -/var/log/warn *.crit /var/log/warn # # the rest in one file # *.*;mail.none;news.none -/var/log/messages # # enable this, if you want to keep all messages # in one file #*.* -/var/log/allmessages # # Some foreign boot scripts require local7 # local0.*;local1.* -/var/log/localmessages local2.*;local3.* -/var/log/localmessages local4.*;local5.* -/var/log/localmessages local6.*;local7.* -/var/log/localmessages ### ++++++ rsyslog.d.remote.conf.in ++++++ ## ## === When you're using remote logging, enable on-disk queues === ## === in rsyslog.d/remote.conf. When neccesary also set the === ## === SYSLOG_REQUIRES_NETWORK=yes in /etc/sysconfig/syslog, === ## === e.g. when rsyslog has to receive on a specific IP only. === ## ## Note, that when the MYSQL, PGSQL, GSSAPI, GnuTLS or SNMP modules ## (provided in separate rsyslog-module-* packages) are enabled, the ## configuration can't be used on a system with /usr on a remote ## filesystem, except on newer systems where initrd mounts /usr. ## [The modules are linked against libraries installed bellow of ## /usr thus also installed in /usr/lib*/rsyslog because of this.] ## # ######### Enable On-Disk queues for remote logging ########## # # An on-disk queue is created for this action. If the remote host is # down, messages are spooled to disk and sent when it is up again. # #$WorkDirectory RSYSLOG_SPOOL_DIR # where to place spool files #$ActionQueueFileName uniqName # unique name prefix for spool files #$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) #$ActionQueueSaveOnShutdown on # save messages to disk on shutdown #$ActionQueueType LinkedList # run asynchronously #$ActionResumeRetryCount -1 # infinite retries if host is down # ######### Sending Messages to Remote Hosts ########## # Remote Logging using TCP for reliable delivery # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @@remote-host # Remote Logging using UDP # remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional #*.* @remote-host # ######### Receiving Messages from Remote Hosts ########## # TCP Syslog Server: # provides TCP syslog reception and GSS-API (if compiled to support it) #$ModLoad imtcp.so # load module ##$UDPServerAddress 10.10.0.1 # force to listen on this IP only, ## # needs SYSLOG_REQUIRES_NETWORK=yes. #$InputTCPServerRun <port> # Starts a TCP server on selected port # UDP Syslog Server: #$ModLoad imudp.so # provides UDP syslog reception ##$UDPServerAddress 10.10.0.1 # force to listen on this IP only, ## # needs SYSLOG_REQUIRES_NETWORK=yes. #$UDPServerRun 514 # start a UDP syslog server at standard port 514 ########### Encrypting Syslog Traffic with TLS ########## # -- TLS Syslog Server: ## make gtls driver the default #$DefaultNetstreamDriver gtls # ## certificate files #$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem #$DefaultNetstreamDriverCertFile ETC_RSYSLOG_D_DIR/server_cert.pem #$DefaultNetstreamDriverKeyFile ETC_RSYSLOG_D_DIR/server_key.pem # #$ModLoad imtcp # load TCP listener # #$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode #$InputTCPServerStreamDriverAuthMode anon # client is NOT authenticated #$InputTCPServerRun 10514 # start up listener at port 10514 # # -- TLS Syslog Client: ## certificate files - just CA for a client #$DefaultNetstreamDriverCAFile ETC_RSYSLOG_D_DIR/ca.pem # ## set up the action #$DefaultNetstreamDriver gtls # use gtls netstream driver #$ActionSendStreamDriverMode 1 # require TLS for the connection #$ActionSendStreamDriverAuthMode anon # server is NOT authenticated #*.* @@(o)server.example.net:10514 # send (all) messages ++++++ rsyslog.firewall ++++++ # Do not edit this file as it's just a template and will be # overwritten on package updates! Copy to a new file instead. # Fill in the required variables and delete the unused ones. # If in doubt ask [email protected] # # Only the variables TCP, UDP, RPC, IP, BROADCAST, RELATED and # MODULES are allowed. More may be supported in the future. # # For a more detailed description of the individual variables see # the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2 # ## Name: Syslog Server ## Description: Opens ports to accept remote syslog clients. # space separated list of allowed TCP ports TCP="" # space separated list of allowed UDP ports UDP="syslog" # space separated list of allowed RPC services RPC="" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP ports that accept broadcasts BROADCAST="" ### variables below are only needed in very special cases # space separated list of net,protocol[,sport[,dport]] # see FW_SERVICES_ACCEPT_RELATED_EXT # net 0/0 means IPv4 and IPv6. If this sevice should only work for # IPv4 use 0.0.0.0/0 RELATED="" # additional kernel modules needed for this service # see FW_LOAD_MODULES MODULES="" ++++++ rsyslog.sysconfig ++++++ ## Type: string ## Default: "" ## Config: "" ## ServiceRestart: syslog # # Parameters for rsyslogd, except of the version compatibility (-c) # and the config file (-f), because they're used by sysconfig and # earlysysconfig init scripts. # # See also the RSYSLOGD_COMPAT_VERSION variable in this file, the # documentation provided in /usr/share/doc/packages/rsyslog/doc by # the rsyslog-doc package and the rsyslogd(8) and rsyslog.conf(5) # manual pages. # RSYSLOGD_PARAMS="" -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
