diff --git a/README.md b/README.md index e501faba..a76b6472 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# Welcome to the syslog-ng documentation center source repository +# Welcome to the syslog-ng OSE documentation center source repository [gh:gh-doc-pages]: https://syslog-ng.github.io/doc/ [gh:gh-syslog-ng-doc-issue-tracker]: https://github.com/syslog-ng/doc/issues @@ -9,15 +9,15 @@ [ref:admin-guide]: doc/_admin-guide [ref:dev-guide]: doc/_dev-guide -Here you can browse, search and contribute to most of the syslog-ng documentation. +Here you can browse, search and contribute to most of the syslog-ng OSE documentation. ## [Documentation guide][ref:doc-guide] If you would like to help us to make our documentation better, this is [how to contribute][ref:doc-guide-contrib]. -## [Administrator guide][ref:admin-guide] +## [Administration guide][ref:admin-guide] -This repository part contains the source code of `The syslog-ng Open Source Edition Administration Guide`. +This repository part contains the source code of `The syslog-ng OSE Administration Guide`. ## [Developer guide][ref:dev-guide] diff --git a/_config.yml b/_config.yml index d0031a07..5084a22b 100644 --- a/_config.yml +++ b/_config.yml @@ -242,3 +242,7 @@ masthead: footer: top_margin: 2em # originally 3em, needed if there are visible prev/next navigator buttons + +product: + name: 'syslog-ng Open Source Edition' + short_name: 'syslog-ng OSE' diff --git a/_data/external_links.yml b/_data/external_links.yml index dd798eb8..f1a6a6fb 100644 --- a/_data/external_links.yml +++ b/_data/external_links.yml @@ -20,12 +20,12 @@ bb-syslog-ng-mail-list: id: bb-syslog-ng-mail-list url: https://lists.balabit.hu/mailman/listinfo/syslog-ng - title: [ "syslog-ng mailing list" ] + title: [ "syslog-ng OSE mailing list" ] gh-pages: id: gh-pages url: https://syslog-ng.github.io - title: [ "syslog-ng documentation center" ] + title: [ "syslog-ng OSE documentation center" ] gh-syslog-ng: id: gh-syslog-ng @@ -35,17 +35,17 @@ gh-syslog-ng: gh-syslog-ng-doc: id: gh-syslog-ng-doc url: https://github.com/syslog-ng/syslog-ng.github.io - title: [ "syslog-ng Doc on GitHub" ] + title: [ "syslog-ng OSE Doc on GitHub" ] gh-syslog-ng-doc-issue-tracker: id: gh-syslog-ng-doc-issue-tracker url: https://github.com/syslog-ng/syslog-ng.github.io/issues - title: [ "syslog-ng documentation issue tracker on GitHub" ] + title: [ "syslog-ng OSE documentation issue tracker on GitHub" ] gh-syslog-ng-issue-tracker: id: gh-syslog-ng-issue-tracker url: https://github.com/syslog-ng/syslog-ng/issues - title: [ "syslog-ng issue tracker on GitHub" ] + title: [ "syslog-ng OSE issue tracker on GitHub" ] oi-sn-pe: id: oi-sn-pe @@ -80,7 +80,7 @@ sn-con-sup: sn-docker: id: sn-docker url: https://syslog-ng.com/blog/central-log-server-docker/ - title: [ "syslog-ng docker image" ] + title: [ "syslog-ng OSE docker image" ] sn-docker-log: id: sn-docker-log @@ -110,7 +110,7 @@ sn-prod-binaries-dl: sn-selinux: id: sn-selinux url: https://syslog-ng.com/blog/using-syslog-ng-with-selinux-in-enforcing-mode/ - title: [ "Using syslog-ng with SELinux in enforcing mode" ] + title: [ "Using syslog-ng OSE with SELinux in enforcing mode" ] ### One Identity site links ### @@ -1059,7 +1059,7 @@ slack-web-api: slack-webhook-doc: id: slack-webhook-doc url: https://api.slack.com/incoming-webhooks - title: [ "Slack documentation" ] + title: [ "Slack webhook documentation" ] sn-graphite: id: sn-graphite diff --git a/_includes/doc/admin-guide/batch-size.md b/_includes/doc/admin-guide/batch-size.md index 432f2bd1..9a9d51a0 100644 --- a/_includes/doc/admin-guide/batch-size.md +++ b/_includes/doc/admin-guide/batch-size.md @@ -1,17 +1,17 @@ ## Batch size The batch-bytes(), batch-lines(), and batch-timeout() options of the -destination determine how many log messages syslog-ng OSE sends in a +destination determine how many log messages {{ site.product.short_name }} sends in a batch. The batch-lines() option determines the maximum number of -messages syslog-ng OSE puts in a batch in. This can be limited based on +messages {{ site.product.short_name }} puts in a batch in. This can be limited based on size and time: -- syslog-ng OSE sends a batch every batch-timeout() milliseconds, even +- {{ site.product.short_name }} sends a batch every batch-timeout() milliseconds, even if the number of messages in the batch is less than batch-lines(). That way the destination receives every message in a timely manner even if suddenly there are no more messages. -- syslog-ng OSE sends the batch if the total size of the messages in +- {{ site.product.short_name }} sends the batch if the total size of the messages in the batch reaches batch-bytes() bytes. To increase the performance of the destination, increase the number of diff --git a/_includes/doc/admin-guide/facility-severity.md b/_includes/doc/admin-guide/facility-severity.md index 5b739af1..1de86a5d 100644 --- a/_includes/doc/admin-guide/facility-severity.md +++ b/_includes/doc/admin-guide/facility-severity.md @@ -2,13 +2,13 @@ The possible Facility values (between 0 and 23) and Severity values (between 0 and 7) each correspond to a message type (see **Table 1: syslog Message Facilities**), or a message importance level (see **Table 2:** syslog Message Severities). **NOTE:** Facility codes may slightly vary between different platforms. The -syslog-ng Open Source Edition (syslog-ng OSE) application accepts +{{ site.product.short_name }} application accepts Facility codes as numerical values as well. {: .notice--info} The following table lists possible Facility values. -**Table 1:** syslog-ng message facilities +**Table 1:** {{ site.product.short_name }} message facilities |Numerical Code| Facility| |-----------------|--------| @@ -30,7 +30,7 @@ The following table lists possible Facility values. |15 |clock daemon| |16-23 |locally used facilities (local0-local7)| -**Table 2:** syslog-ng message severities +**Table 2:** {{ site.product.short_name }} message severities The following table lists possible Severity values. diff --git a/_includes/doc/admin-guide/host-from-macro.md b/_includes/doc/admin-guide/host-from-macro.md index e2f7592f..5cfbe079 100644 --- a/_includes/doc/admin-guide/host-from-macro.md +++ b/_includes/doc/admin-guide/host-from-macro.md @@ -1,14 +1,14 @@ The FQDN of the host that sent the message to syslog-ng -as resolved by syslog-ng using DNS. If the message traverses several +as resolved by {{ site.product.short_name }} using DNS. If the message traverses several hosts, this is the last host in the chain. -The syslog-ng OSE application uses the following procedure to determine +The {{ site.product.short_name }} application uses the following procedure to determine the value of the {{ include.from }} macro: -1. The syslog-ng OSE application takes the IP address of the host +1. The {{ site.product.short_name }} application takes the IP address of the host sending the message. -2. If the use-dns() option is enabled, syslog-ng OSE attempts to +2. If the use-dns() option is enabled, {{ site.product.short_name }} attempts to resolve the IP address to a hostname. If it succeeds, the returned hostname will be the value of the {{ include.from }} macro. This value will be the FQDN of the host if the use-fqdn() option is enabled, @@ -18,5 +18,5 @@ the value of the {{ include.from }} macro: fails, the {{ include.from }} macro will return the IP address of the sender host. -For details on using name resolution in syslog-ng OSE, see +For details on using name resolution in {{ site.product.short_name }}, see Using name resolution in syslog-ng. diff --git a/_includes/doc/admin-guide/host-macro.md b/_includes/doc/admin-guide/host-macro.md index c1ef4022..21c43d48 100644 --- a/_includes/doc/admin-guide/host-macro.md +++ b/_includes/doc/admin-guide/host-macro.md @@ -7,7 +7,7 @@ The name of the source host where the message originates from. - If the keep-hostname() option is disabled (**keep-hostname(no)**), the value of the {{ include.macro }} macro will be the DNS hostname of the host that sent the message to - syslog-ng OSE (that is, the DNS hostname of the last hop). In this + {{ site.product.short_name }} (that is, the DNS hostname of the last hop). In this case the {{ include.macro }} and {{ include.from }} macros will have the same value. @@ -23,5 +23,5 @@ The name of the source host where the message originates from. hostname. {: .notice--info} -For details on using name resolution in syslog-ng OSE, see +For details on using name resolution in {{ site.product.short_name }}, see Using name resolution in syslog-ng. diff --git a/_includes/doc/admin-guide/load-balancing.md b/_includes/doc/admin-guide/load-balancing.md index 24b511cf..24c0c5f1 100644 --- a/_includes/doc/admin-guide/load-balancing.md +++ b/_includes/doc/admin-guide/load-balancing.md @@ -1,11 +1,11 @@ Starting with version 3.19, you can specify multiple URLs, for example, -url("site1" "site2"). In this case, syslog-ng OSE sends log messages +url("site1" "site2"). In this case, {{ site.product.short_name }} sends log messages to the specified URLs in a load-balance fashion. This means that -syslog-ng OSE sends each message to only one URL. For example, you can +{{ site.product.short_name }} sends each message to only one URL. For example, you can use this to send the messages to a set of ingestion nodes or indexers of your SIEM solution if a single node cannot handle the load. Note that the order of the messages as they arrive on the servers can differ from -the order syslog-ng OSE has received them, so use load-balancing only if +the order {{ site.product.short_name }} has received them, so use load-balancing only if your server can use the timestamp from the messages. If the server uses the timestamp when it receives the messages, the order of the messages will be incorrect. @@ -15,7 +15,7 @@ If you set multiple URLs in the url() option, set the **persist-name()** option as well to avoid data loss. {: .notice--warning} -Starting with version syslog-ng OSE version 3.22, you can use any of the +Starting with version {{ site.product.short_name }} version 3.22, you can use any of the following formats to specify multiple URLs: ```config diff --git a/_includes/doc/admin-guide/manpages-footnote.md b/_includes/doc/admin-guide/manpages-footnote.md index fd4f982f..81389ebc 100644 --- a/_includes/doc/admin-guide/manpages-footnote.md +++ b/_includes/doc/admin-guide/manpages-footnote.md @@ -1,11 +1,11 @@ ## See also The syslog-ng.conf manual page -The syslog-ng manual page +The {{ site.product.short_name }} manual page >**NOTE:** ->If you experience any problems or need help with syslog-ng OSE, visit ->the syslog-ng mailing list. +>If you experience any problems or need help with {{ site.product.short_name }}, visit +>the {{ site.product.short_name }} mailing list. > ->For news and notifications about syslog-ng OSE, visit the syslog-ng blogs. +>For news and notifications about {{ site.product.short_name }}, visit the syslog-ng blogs. {: .notice--info} diff --git a/_includes/doc/admin-guide/manpages-intro.md b/_includes/doc/admin-guide/manpages-intro.md index a00f3c7a..81cc27d2 100644 --- a/_includes/doc/admin-guide/manpages-intro.md +++ b/_includes/doc/admin-guide/manpages-intro.md @@ -1,8 +1,8 @@ -**NOTE:** The {{ page.app }} application is distributed with the syslog-ng OSE -system logging application, and is usually part of the syslog-ng OSE -package. The latest version of the syslog-ng OSE application is -available at the syslog-ng OSE page. +**NOTE:** The {{ page.app }} application is distributed with the {{ site.product.short_name }} +system logging application, and is usually part of the {{ site.product.short_name }} +package. The latest version of the {{ site.product.short_name }} application is +available at the {{ site.product.short_name }} page. {: .notice--info} This manual page is only an abstract. diff --git a/_includes/doc/admin-guide/notes/convert-match-var.md b/_includes/doc/admin-guide/notes/convert-match-var.md index 368b1ea1..71f0d762 100644 --- a/_includes/doc/admin-guide/notes/convert-match-var.md +++ b/_includes/doc/admin-guide/notes/convert-match-var.md @@ -1,4 +1,4 @@ -**NOTE:** To convert match variables into a syslog-ng OSE list, use the $\* +**NOTE:** To convert match variables into a {{ site.product.short_name }} list, use the $\* macro, which can be further manipulated using List manipulation, or turned into a list in type-aware destinations. {: .notice--info} \ No newline at end of file diff --git a/_includes/doc/admin-guide/notes/kafka-c.md b/_includes/doc/admin-guide/notes/kafka-c.md index 74ee4bdd..84c1cf96 100644 --- a/_includes/doc/admin-guide/notes/kafka-c.md +++ b/_includes/doc/admin-guide/notes/kafka-c.md @@ -2,6 +2,6 @@ mandatory. While you can specify everything in the config() option if you want, the properties-file() is optional. If you have an option in both the config() and the properties-file() specified, the option -specified later in the syslog-ng OSE configuration file will prevail. +specified later in the {{ site.product.short_name }} configuration file will prevail. {: .notice--info} diff --git a/_includes/doc/admin-guide/notes/not-valid-param.md b/_includes/doc/admin-guide/notes/not-valid-param.md index c9f14af9..a6c560c5 100644 --- a/_includes/doc/admin-guide/notes/not-valid-param.md +++ b/_includes/doc/admin-guide/notes/not-valid-param.md @@ -1,5 +1,4 @@ **NOTE:** If the specified parameter value is not a valid value, the -function ignores it and sends a debug message. However, the syslog-ng -Open Source Edition (syslog-ng OSE) application will still send the +function ignores it and sends a debug message. However, the ({{ site.product.short_name }} application will still send the message. {: .notice--info} diff --git a/_includes/doc/admin-guide/notes/python-arrow.md b/_includes/doc/admin-guide/notes/python-arrow.md index 1ce6402a..7ab2df85 100644 --- a/_includes/doc/admin-guide/notes/python-arrow.md +++ b/_includes/doc/admin-guide/notes/python-arrow.md @@ -1,4 +1,4 @@ ->**NOTE:** From version 3.27, syslog-ng OSE supports the arrow syntax for +>**NOTE:** From version 3.27, {{ site.product.short_name }} supports the arrow syntax for >declaring custom Java and Python options. You can alternatively declare >them using a similar syntax: > diff --git a/_includes/doc/admin-guide/notes/python-persist.md b/_includes/doc/admin-guide/notes/python-persist.md index ce99804c..5e3d8564 100644 --- a/_includes/doc/admin-guide/notes/python-persist.md +++ b/_includes/doc/admin-guide/notes/python-persist.md @@ -1,8 +1,8 @@ ->**NOTE:** Starting with 3.26, syslog-ng OSE assigns a persist name to Python sources and +>**NOTE:** Starting with 3.26, {{ site.product.short_name }} assigns a persist name to Python sources and >destinations. The persist name is generated from the class name. >If you want to use the ->same Python class multiple times in your syslog-ng OSE configuration, add a unique ->persist-name() to each source or destination, otherwise syslog-ng OSE will not start. +>same Python class multiple times in your {{ site.product.short_name }} configuration, add a unique +>persist-name() to each source or destination, otherwise {{ site.product.short_name }} will not start. > >For example: > diff --git a/_includes/doc/admin-guide/options/batch-bytes.md b/_includes/doc/admin-guide/options/batch-bytes.md index b3277e27..d7bc5a19 100644 --- a/_includes/doc/admin-guide/options/batch-bytes.md +++ b/_includes/doc/admin-guide/options/batch-bytes.md @@ -4,12 +4,12 @@ |Default:| {{ page.batch_bytes | default: 'none'}} | *Description:* Sets the maximum size of payload in a batch. If the size -of the messages reaches this value, syslog-ng OSE sends the batch to the +of the messages reaches this value, {{ site.product.short_name }} sends the batch to the destination even if the number of messages is less than the value of the batch-lines() option. Note that if the batch-timeout() option is enabled and the queue becomes -empty, syslog-ng OSE flushes the messages only if batch-timeout() +empty, {{ site.product.short_name }} flushes the messages only if batch-timeout() expires, or the batch reaches the limit set in batch-bytes(). -Available in syslog-ng OSE version 3.19 and later. +Available in {{ site.product.short_name }} version 3.19 and later. diff --git a/_includes/doc/admin-guide/options/batch-lines.md b/_includes/doc/admin-guide/options/batch-lines.md index 7dbd97ad..63a5f101 100644 --- a/_includes/doc/admin-guide/options/batch-lines.md +++ b/_includes/doc/admin-guide/options/batch-lines.md @@ -4,25 +4,24 @@ |Default:| {{ page.batch_lines | default:'1' }}| *Description:* Specifies how many lines are flushed to a destination in -one batch. The syslog-ng OSE application waits for this number of lines +one batch. The {{ site.product.short_name }} application waits for this number of lines to accumulate and sends them off in a single batch. Increasing this number increases throughput as more messages are sent in a single batch, but also increases message latency. -For example, if you set batch-lines() to 100, syslog-ng OSE waits for +For example, if you set batch-lines() to 100, {{ site.product.short_name }} waits for 100 messages. -If the batch-timeout() option is disabled, the syslog-ng OSE application +If the batch-timeout() option is disabled, the {{ site.product.short_name }} application flushes the messages if it has sent batch-lines() number of messages, or -the queue became empty. If you stop or reload syslog-ng OSE or in case -of network sources, the connection with the client is closed, syslog-ng -OSE automatically sends the unsent messages to the destination. +the queue became empty. If you stop or reload {{ site.product.short_name }} or in case +of network sources, the connection with the client is closed, {{ site.product.short_name }} automatically sends the unsent messages to the destination. Note that if the batch-timeout() option is enabled and the queue becomes -empty, syslog-ng OSE flushes the messages only if batch-timeout() +empty, {{ site.product.short_name }} flushes the messages only if batch-timeout() expires, or the batch reaches the limit set in batch-lines(). -For optimal performance, make sure that the syslog-ng OSE source that +For optimal performance, make sure that the {{ site.product.short_name }} source that feeds messages to this destination is configured properly: the value of the log-iw-size() option of the source must be higher than the batch-lines()\*workers() of the destination. Otherwise, the size of the diff --git a/_includes/doc/admin-guide/options/batch-timeout.md b/_includes/doc/admin-guide/options/batch-timeout.md index 48ea9a49..3a41bbad 100644 --- a/_includes/doc/admin-guide/options/batch-timeout.md +++ b/_includes/doc/admin-guide/options/batch-timeout.md @@ -3,9 +3,8 @@ | Type:| time in milliseconds| |Default:| {{ page.batch_timeout | default: '-1 (disabled)' }}| -*Description:* Specifies the time syslog-ng OSE waits for lines to -accumulate in the output buffer. The syslog-ng OSE application sends +*Description:* Specifies the time {{ site.product.short_name }} waits for lines to +accumulate in the output buffer. The {{ site.product.short_name }} application sends batches to the destinations evenly. The timer starts when the first -message arrives to the buffer, so if only few messages arrive, syslog-ng -OSE sends messages to the destination at most once every batch-timeout() +message arrives to the buffer, so if only few messages arrive, {{ site.product.short_name }} sends messages to the destination at most once every batch-timeout() milliseconds. diff --git a/_includes/doc/admin-guide/options/ca-dir.md b/_includes/doc/admin-guide/options/ca-dir.md index 87c72a66..d8201bf5 100644 --- a/_includes/doc/admin-guide/options/ca-dir.md +++ b/_includes/doc/admin-guide/options/ca-dir.md @@ -7,13 +7,13 @@ certificates in PEM format. The CA certificate files have to be named after the 32-bit hash of the subject\'s name. This naming can be created using the c\_rehash utility in openssl. For an example, see -Configuring TLS on the syslog-ng clients. -The syslog-ng OSE application uses the CA +Configuring TLS on the {{ site.product.short_name }} clients. +The {{ site.product.short_name }} application uses the CA certificates in this directory to validate the certificate of the peer. This option can be used together with the optional ca-file() option. -**NOTE:** During a TLS handshake, syslog-ng OSE automatically sets the +**NOTE:** During a TLS handshake, {{ site.product.short_name }} automatically sets the `certificate_authorities` field of the certificate request based on the `ca-file()` and `ca-dir()` options. {: .notice--info} \ No newline at end of file diff --git a/_includes/doc/admin-guide/options/ca-file.md b/_includes/doc/admin-guide/options/ca-file.md index f0a58a58..ea3785bb 100644 --- a/_includes/doc/admin-guide/options/ca-file.md +++ b/_includes/doc/admin-guide/options/ca-file.md @@ -4,7 +4,7 @@ |Default:| empty| *Description:* Optional. The name of a file that contains a set of -trusted CA certificates in PEM format. The syslog-ng OSE application +trusted CA certificates in PEM format. The {{ site.product.short_name }} application uses the CA certificates in this file to validate the certificate of the peer. @@ -19,7 +19,7 @@ option, and it is relevant when peer-verify() is set to other than no or `optional-untrusted`. {: .notice--info} -**NOTE:** During a TLS handshake, syslog-ng OSE automatically sets the +**NOTE:** During a TLS handshake, {{ site.product.short_name }} automatically sets the `certificate_authorities` field of the certificate request based on the `ca-file()` and `ca-dir()` options. {: .notice--info} \ No newline at end of file diff --git a/_includes/doc/admin-guide/options/cert-file.md b/_includes/doc/admin-guide/options/cert-file.md index 0c5dbc5d..607db91e 100644 --- a/_includes/doc/admin-guide/options/cert-file.md +++ b/_includes/doc/admin-guide/options/cert-file.md @@ -5,8 +5,8 @@ *Description:* Name of a file, that contains an X.509 certificate (or a certificate chain) in PEM format, suitable as a TLS certificate, -matching the private key set in the key-file() option. The syslog-ng OSE -application uses this certificate to authenticate the syslog-ng OSE +matching the private key set in the key-file() option. The {{ site.product.short_name }} +application uses this certificate to authenticate the {{ site.product.short_name }} client on the destination server. If the file contains a certificate chain, the file must begin with the certificate of the host, followed by the CA certificate that signed the certificate of the host, and any diff --git a/_includes/doc/admin-guide/options/cipher-suite.md b/_includes/doc/admin-guide/options/cipher-suite.md index bdc5f39c..3344aa4a 100644 --- a/_includes/doc/admin-guide/options/cipher-suite.md +++ b/_includes/doc/admin-guide/options/cipher-suite.md @@ -1,12 +1,12 @@ ## cipher-suite() | Accepted values: | Name of a cipher, or a colon-separated list| -| Default: | Depends on the OpenSSL version that syslog-ng OSE uses| +| Default: | Depends on the OpenSSL version that {{ site.product.short_name }} uses| *Description:* Specifies the cipher, hash, and key-exchange algorithms used for the encryption, for example, ECDHE-ECDSA-AES256-SHA384. The list of available algorithms depends on the version of OpenSSL used to -compile syslog-ng OSE. To specify multiple ciphers, separate the cipher +compile {{ site.product.short_name }}. To specify multiple ciphers, separate the cipher names with a colon, and enclose the list between double-quotes, for example: @@ -32,6 +32,6 @@ TLSv1.2: echo "cipher-suite(\"$(openssl ciphers -v | grep TLSv1.2 | awk '{print $1}' | xargs echo -n | sed 's/ /:/g' | sed -e 's/:$//')\")" ``` -Note that starting with version 3.10, when syslog-ng OSE receives -TLS-encrypted connections, the order of ciphers set on the syslog-ng OSE +Note that starting with version 3.10, when {{ site.product.short_name }} receives +TLS-encrypted connections, the order of ciphers set on the {{ site.product.short_name }} server takes precedence over the client settings. diff --git a/_includes/doc/admin-guide/options/client-lib-dir.md b/_includes/doc/admin-guide/options/client-lib-dir.md index 113a4ff5..95953126 100644 --- a/_includes/doc/admin-guide/options/client-lib-dir.md +++ b/_includes/doc/admin-guide/options/client-lib-dir.md @@ -1,12 +1,12 @@ ## client-lib-dir() | Type:| string| -|Default:| The syslog-ng OSE module directory: /opt/syslog-ng/lib/syslog-ng/java-modules/| +|Default:| The {{ site.product.short_name }} module directory: /opt/syslog-ng/lib/syslog-ng/java-modules/| *Description:* The list of the paths where the required Java classes are located. For example, **class-path(\"/opt/syslog-ng/lib/syslog-ng/java-modules/:/opt/my-java-libraries/libs/\")**. -If you set this option multiple times in your syslog-ng OSE +If you set this option multiple times in your {{ site.product.short_name }} configuration (for example, because you have multiple Java-based -destinations), syslog-ng OSE will merge every available paths to a +destinations), {{ site.product.short_name }} will merge every available paths to a single list. diff --git a/_includes/doc/admin-guide/options/close-on-input.md b/_includes/doc/admin-guide/options/close-on-input.md index 118e0c0e..371afb2f 100644 --- a/_includes/doc/admin-guide/options/close-on-input.md +++ b/_includes/doc/admin-guide/options/close-on-input.md @@ -3,7 +3,7 @@ | Type: | yes \| no| | Default: | yes| -*Description:* By default, syslog-ng OSE closes destination sockets if +*Description:* By default, {{ site.product.short_name }} closes destination sockets if it receives any input from the socket (for example, a reply). If this -option is set to no, syslog-ng OSE just ignores the input, but does not +option is set to no, {{ site.product.short_name }} just ignores the input, but does not close the socket. diff --git a/_includes/doc/admin-guide/options/delimiter.md b/_includes/doc/admin-guide/options/delimiter.md index 525a0d3f..952f052b 100644 --- a/_includes/doc/admin-guide/options/delimiter.md +++ b/_includes/doc/admin-guide/options/delimiter.md @@ -3,6 +3,6 @@ | Accepted values:| string| |Default:| newline character| -*Description:* By default, syslog-ng OSE separates the log messages of +*Description:* By default, {{ site.product.short_name }} separates the log messages of the batch with a newline character. You can specify a different delimiter by using the delimiter() option. diff --git a/_includes/doc/admin-guide/options/destination-transport.md b/_includes/doc/admin-guide/options/destination-transport.md index 8dcf2bef..eac80866 100644 --- a/_includes/doc/admin-guide/options/destination-transport.md +++ b/_includes/doc/admin-guide/options/destination-transport.md @@ -6,6 +6,6 @@ *Description:* Specifies the protocol used to send messages to the destination server. -If you use the udp transport, syslog-ng OSE automatically sends +If you use the udp transport, {{ site.product.short_name }} automatically sends multicast packets if a multicast destination address is specified. The tcp transport does not support multicasting. diff --git a/_includes/doc/admin-guide/options/dir-options.md b/_includes/doc/admin-guide/options/dir-options.md index d486075c..1be79869 100644 --- a/_includes/doc/admin-guide/options/dir-options.md +++ b/_includes/doc/admin-guide/options/dir-options.md @@ -17,7 +17,7 @@ preserve the original properties of an existing directory, use the option without specifying an attribute: dir-owner(). Starting with version 3.16, the default value of this option is -1, so -syslog-ng OSE does not change the ownership, unless explicitly +{{ site.product.short_name }} does not change the ownership, unless explicitly configured to do so. ## dir-perm() @@ -38,5 +38,5 @@ the default permission of the directories is masked with the umask of the parent process (typically **0022**). Starting with version 3.16, the default value of this option is -1, so -syslog-ng OSE does not change the ownership, unless explicitly +{{ site.product.short_name }} does not change the ownership, unless explicitly configured to do so. diff --git a/_includes/doc/admin-guide/options/disk-buffer.md b/_includes/doc/admin-guide/options/disk-buffer.md index d6ef3d3a..a58bcddf 100644 --- a/_includes/doc/admin-guide/options/disk-buffer.md +++ b/_includes/doc/admin-guide/options/disk-buffer.md @@ -9,16 +9,16 @@ *Description:* This is a required option. The maximum size of the disk-buffer in bytes. The minimum value is 1048576 bytes. If you set a smaller value, the minimum value will be used automatically. It replaces the old log-disk-fifo-size() option. -In syslog-ng OSE version 4.2 and earlier, this option was called disk-buf-size(). +In {{ site.product.short_name }} version 4.2 and earlier, this option was called disk-buf-size(). ### compaction() | Type:| yes/no| | Default:| no| -*Description:* If set to yes, syslog-ng OSE prunes the unused space in the LogMessage representation, making the disk queue size smaller at the cost of some CPU time. Setting the compaction() argument to yes is recommended when numerous name-value pairs are unset during processing, or when the same names are set multiple times. +*Description:* If set to yes, {{ site.product.short_name }} prunes the unused space in the LogMessage representation, making the disk queue size smaller at the cost of some CPU time. Setting the compaction() argument to yes is recommended when numerous name-value pairs are unset during processing, or when the same names are set multiple times. -**NOTE:** Simply unsetting these name-value pairs by using the unset() rewrite operation is not enough, as due to performance reasons that help when syslog-ng OSE is CPU bound, the internal representation of a LogMessage will not release the memory associated with these name-value pairs. In some cases, however, the size of this overhead becomes significant (the raw message size can grow up to four times its original size), which unnecessarily increases the disk queue file size. For these cases, the compaction will drop unset values, making the LogMessage representation smaller at the cost of some CPU time required to perform compaction. +**NOTE:** Simply unsetting these name-value pairs by using the unset() rewrite operation is not enough, as due to performance reasons that help when {{ site.product.short_name }} is CPU bound, the internal representation of a LogMessage will not release the memory associated with these name-value pairs. In some cases, however, the size of this overhead becomes significant (the raw message size can grow up to four times its original size), which unnecessarily increases the disk queue file size. For these cases, the compaction will drop unset values, making the LogMessage representation smaller at the cost of some CPU time required to perform compaction. {: .notice--info} ### dir() @@ -31,7 +31,7 @@ In syslog-ng OSE version 4.2 and earlier, this option was called disk-buf-size() ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** When creating a new dir() option for a disk buffer, or modifying an existing one, make sure you delete the persist file. {: .notice--warning} -syslog-ng OSE creates disk-buffer files based on the path recorded in the persist file. Therefore, if the persist file is not deleted after modifying the dir() option, then following a restart, syslog-ng OSE will look for or create disk-buffer files in their old location. To ensure that syslog-ng OSE uses the new dir() setting, the persist file must not contain any information about the destinations which the disk-buffer file in question belongs to. +{{ site.product.short_name }} creates disk-buffer files based on the path recorded in the persist file. Therefore, if the persist file is not deleted after modifying the dir() option, then following a restart, {{ site.product.short_name }} will look for or create disk-buffer files in their old location. To ensure that {{ site.product.short_name }} uses the new dir() setting, the persist file must not contain any information about the destinations which the disk-buffer file in question belongs to. ### flow-control-window-bytes() @@ -40,7 +40,7 @@ syslog-ng OSE creates disk-buffer files based on the path recorded in the persis *Description:* Use this option if the option reliable() is set to yes. This option contains the size of the messages in bytes that is used in the memory part of the disk buffer. It replaces the old log-fifo-size() option. It does not inherit the value of the global log-fifo-size() option, even if it is provided. Note that this option will be ignored if the option reliable() is set to no. -In syslog-ng OSE version 4.2 and earlier, this option was called mem-buf-size(). +In {{ site.product.short_name }} version 4.2 and earlier, this option was called mem-buf-size(). ### flow-control-window-size() @@ -49,7 +49,7 @@ In syslog-ng OSE version 4.2 and earlier, this option was called mem-buf-size(). *Description:* Use this option if the option reliable() is set to no. This option contains the number of messages stored in overflow queue. It replaces the old log-fifo-size() option. It inherits the value of the global log-fifo-size() option if provided. If it is not provided, the default value is 10000 messages. Note that this option will be ignored if the option reliable() is set to yes. -In syslog-ng OSE version 4.2 and earlier, this option was called mem-buf-length(). +In {{ site.product.short_name }} version 4.2 and earlier, this option was called mem-buf-length(). ### front-cache-size() @@ -60,27 +60,27 @@ In syslog-ng OSE version 4.2 and earlier, this option was called mem-buf-length( Options reliable() and capacity-bytes() are required options. -In syslog-ng OSE version 4.2 and earlier, this option was called qout-size(). +In {{ site.product.short_name }} version 4.2 and earlier, this option was called qout-size(). ### prealloc() | Type:| yes/no| | Default:| no| -*Description:* By default, syslog-ng OSE doesn’t reserve the disk space for the disk-buffer file, since in a properly configured and sized environment the disk-buffer is practically empty, so a large preallocated disk-buffer file is just a waste of disk space. But a preallocated buffer can prevent other data from using the intended buffer space (and elicit a warning from the OS if disk space is low), preventing message loss if the buffer is actually needed. To avoid this problem, when using syslog-ng OSE 4.0 or later, you can preallocate the space for your disk-buffer files by setting prealloc(yes). +*Description:* By default, {{ site.product.short_name }} doesn’t reserve the disk space for the disk-buffer file, since in a properly configured and sized environment the disk-buffer is practically empty, so a large preallocated disk-buffer file is just a waste of disk space. But a preallocated buffer can prevent other data from using the intended buffer space (and elicit a warning from the OS if disk space is low), preventing message loss if the buffer is actually needed. To avoid this problem, when using {{ site.product.short_name }} 4.0 or later, you can preallocate the space for your disk-buffer files by setting prealloc(yes). In addition to making sure that the required disk space is available when needed, preallocated disk-buffer files provide radically better (3-4x) performance as well: in case of an outage the amount of messages stored in the disk-buffer is continuously growing, and using large continuous files is faster, than constantly waiting on a file to change its size. -If you are running syslog-ng OSE on a dedicated host (always recommended for any high-volume settings), use prealloc(yes). +If you are running {{ site.product.short_name }} on a dedicated host (always recommended for any high-volume settings), use prealloc(yes). -Available in syslog-ng OSE 4.0 and later. +Available in {{ site.product.short_name }} 4.0 and later. ### reliable() | Type:| yes/no| | Default:| no| -*Description:* If set to yes, syslog-ng OSE cannot lose logs in case of reload/restart, unreachable destination or syslog-ng OSE crash. This solution provides a slower, but reliable disk-buffer option. It is created and initialized at startup and gradually grows as new messages arrive. If set to no, the normal disk-buffer will be used. This provides a faster, but less reliable disk-buffer option. +*Description:* If set to yes, {{ site.product.short_name }} cannot lose logs in case of reload/restart, unreachable destination or {{ site.product.short_name }} crash. This solution provides a slower, but reliable disk-buffer option. It is created and initialized at startup and gradually grows as new messages arrive. If set to no, the normal disk-buffer will be used. This provides a faster, but less reliable disk-buffer option. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Hazard of data loss! If you change the value of reliable() option when there are messages in the disk-buffer, the messages stored in the disk-buffer will be lost. {: .notice--warning} @@ -90,9 +90,9 @@ Available in syslog-ng OSE 4.0 and later. | Type:| number((between 0 and 1))| | Default:| 1 (do not truncate)| -*Description:* Limits the truncation of the disk-buffer file. Truncating the disk-buffer file can slow down the disk IO operations, but it saves disk space. By default, syslog-ng OSE version 4.0 and later doesn’t truncate disk-buffer files by default (truncate-size-ratio(1)). Earlier versions freed the disk-space when at least 10% of the disk-buffer file could be freed (truncate-size-ratio(0.1)). +*Description:* Limits the truncation of the disk-buffer file. Truncating the disk-buffer file can slow down the disk IO operations, but it saves disk space. By default, {{ site.product.short_name }} version 4.0 and later doesn’t truncate disk-buffer files by default (truncate-size-ratio(1)). Earlier versions freed the disk-space when at least 10% of the disk-buffer file could be freed (truncate-size-ratio(0.1)). -syslog-ng OSE only truncates the file if the possible disk gain is more than truncate-size-ratio() times capacity-bytes(). +{{ site.product.short_name }} only truncates the file if the possible disk gain is more than truncate-size-ratio() times capacity-bytes(). * Smaller values free disk space quicker. * Larger ratios result in better performance. diff --git a/_includes/doc/admin-guide/options/failover.md b/_includes/doc/admin-guide/options/failover.md index 6ae96eeb..c19293f6 100644 --- a/_includes/doc/admin-guide/options/failover.md +++ b/_includes/doc/admin-guide/options/failover.md @@ -1,6 +1,6 @@ ## failover() -*Description:* Available only in syslog-ng Open Source Edition version +*Description:* Available only in {{ site.product.name }} version 3.17 and later. For details about how client-side failover works, see Client-side failover. @@ -9,8 +9,8 @@ Client-side failover. | Type: | list of IP addresses and fully-qualified domain names| | Default: | empty | -*Description:* Specifies a secondary destination server where log messages are sent if the primary server becomes inaccessible. To list several failover servers, separate the address of the servers with comma. By default, syslog-ng OSE waits for the a server before switching to the next failover server is set in the time-reopen() option. -If failback() is not set, syslog-ng OSE does not attempt to return to the primary server even if it becomes available. In case the failover server fails, syslog-ng OSE attempts to connect the next failover server in the list in round-robin fashion. +*Description:* Specifies a secondary destination server where log messages are sent if the primary server becomes inaccessible. To list several failover servers, separate the address of the servers with comma. By default, {{ site.product.short_name }} waits for the a server before switching to the next failover server is set in the time-reopen() option. +If failback() is not set, {{ site.product.short_name }} does not attempt to return to the primary server even if it becomes available. In case the failover server fails, {{ site.product.short_name }} attempts to connect the next failover server in the list in round-robin fashion. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** The failover servers must be accessible on the same port as the primary server. @@ -18,19 +18,19 @@ The failover servers must be accessible on the same port as the primary server. ### failback() -*Description:* Available only in syslog-ng Open Source Edition version 3.17 and later. +*Description:* Available only in {{ site.product.name }} version 3.17 and later. -When syslog-ng OSE starts up, it always connects to the primary +When {{ site.product.short_name }} starts up, it always connects to the primary server first. In the failover() option there is a possibility to customize the failover modes. -Depending on how you set the failback() option, syslog-ng OSE +Depending on how you set the failback() option, {{ site.product.short_name }} behaves as follows: -- **round-robin mode**: If failback() is not set, syslog-ng OSE does not attempt to return to the primary server even if it becomes available. In case the failover server fails, syslog-ng OSE attempts to connect the next failover server in the list in round-robin fashion. +- **round-robin mode**: If failback() is not set, {{ site.product.short_name }} does not attempt to return to the primary server even if it becomes available. In case the failover server fails, {{ site.product.short_name }} attempts to connect the next failover server in the list in round-robin fashion. Example: round-robin mode - In the following example syslog-ng OSE handles the logservers in round-robin fashion if the primary logserver becomes inaccessible (therefore failback() option is not set). + In the following example {{ site.product.short_name }} handles the logservers in round-robin fashion if the primary logserver becomes inaccessible (therefore failback() option is not set). ```config destination d_network { @@ -43,16 +43,16 @@ behaves as follows: }; ``` -- **failback mode**: If failback() is set, syslog-ng OSE attempts to return to the primary server. +- **failback mode**: If failback() is set, {{ site.product.short_name }} attempts to return to the primary server. - After syslog-ng OSE connects a secondary server during a failover, it sends a probe every tcp-probe-interval() seconds towards the primary server. If the primary logserver responds with a TCP ACK packet, the probe is successful. When the number of successful probes reaches the value set in the successful-probes-required() option, syslog-ng OSE tries to connect the primary server using the last probe. + After {{ site.product.short_name }} connects a secondary server during a failover, it sends a probe every tcp-probe-interval() seconds towards the primary server. If the primary logserver responds with a TCP ACK packet, the probe is successful. When the number of successful probes reaches the value set in the successful-probes-required() option, {{ site.product.short_name }} tries to connect the primary server using the last probe. - **NOTE:** syslog-ng OSE always waits for the result of the last probe before sending the next message. So if one connection attempt takes longer than the configured interval, that is, it waits for connection time out, you may experience longer intervals between actual probes. + **NOTE:** {{ site.product.short_name }} always waits for the result of the last probe before sending the next message. So if one connection attempt takes longer than the configured interval, that is, it waits for connection time out, you may experience longer intervals between actual probes. {: .notice--info} Example: failback mode - In the following example syslog-ng OSE attempts to return to the primary logserver, as set in the failback() option: it will check if the server is accessible every tcp-probe-interval() seconds, and reconnect to the primary logserver after three successful connection attempts. + In the following example {{ site.product.short_name }} attempts to return to the primary logserver, as set in the failback() option: it will check if the server is accessible every tcp-probe-interval() seconds, and reconnect to the primary logserver after three successful connection attempts. ```config destination d_network_2 { diff --git a/_includes/doc/admin-guide/options/filename.md b/_includes/doc/admin-guide/options/filename.md index 560f9132..b61b9326 100644 --- a/_includes/doc/admin-guide/options/filename.md +++ b/_includes/doc/admin-guide/options/filename.md @@ -3,5 +3,5 @@ |Type:| path| |Default:|| -*Description:* The log file of {{ page.fn_source }}. The syslog-ng OSE +*Description:* The log file of {{ page.fn_source }}. The {{ site.product.short_name }} application reads the {{ page.fn_logs }} logs from this file. diff --git a/_includes/doc/admin-guide/options/flush-lines.md b/_includes/doc/admin-guide/options/flush-lines.md index ea30bef8..742e7933 100644 --- a/_includes/doc/admin-guide/options/flush-lines.md +++ b/_includes/doc/admin-guide/options/flush-lines.md @@ -4,18 +4,18 @@ |Default:| {{ page.flush_lines | default: 'Use global setting (exception: for http() destination, the default is 1).' }}| *Description:* Specifies how many lines are flushed to a destination at -a time. The syslog-ng OSE application waits for this number of lines to +a time. The {{ site.product.short_name }} application waits for this number of lines to accumulate and sends them off in a single batch. Increasing this number increases throughput as more messages are sent in a single batch, but also increases message latency. -The syslog-ng OSE application flushes the messages if it has sent +The {{ site.product.short_name }} application flushes the messages if it has sent flush-lines() number of messages, or the queue became empty. If you stop -or reload syslog-ng OSE or in case of network sources, the connection -with the client is closed, syslog-ng OSE automatically sends the unsent +or reload {{ site.product.short_name }} or in case of network sources, the connection +with the client is closed, {{ site.product.short_name }} automatically sends the unsent messages to the destination. -For optimal performance when sending messages to an syslog-ng OSE +For optimal performance when sending messages to an {{ site.product.short_name }} server, make sure that the value of flush-lines() is smaller than the window size set in the log-iw-size() option in the source of your server. diff --git a/_includes/doc/admin-guide/options/frac-digits.md b/_includes/doc/admin-guide/options/frac-digits.md index 834bfb82..9d5191d6 100644 --- a/_includes/doc/admin-guide/options/frac-digits.md +++ b/_includes/doc/admin-guide/options/frac-digits.md @@ -3,18 +3,18 @@ |Type: | number| |Default:| 0| -*Description:* The syslog-ng application can store fractions of a second +*Description:* The {{ site.product.short_name }} application can store fractions of a second in the timestamps according to the ISO8601 format. The frac-digits() parameter specifies the number of digits stored. The digits storing the fractions are padded by zeros if the original timestamp of the message specifies only seconds. Fractions can always be stored for the time the message was received. -**NOTE:** The syslog-ng OSE application can add the fractions to non-ISO8601 +**NOTE:** The {{ site.product.short_name }} application can add the fractions to non-ISO8601 timestamps as well. {: .notice--info} -**NOTE:** As syslog-ng OSE is precise up to the microsecond, when the -frac-digits() option is set to a value higher than 6, syslog-ng OSE will +**NOTE:** As {{ site.product.short_name }} is precise up to the microsecond, when the +frac-digits() option is set to a value higher than 6, {{ site.product.short_name }} will truncate the fraction seconds in the timestamps after 6 digits. {: .notice--info} diff --git a/_includes/doc/admin-guide/options/gRPC-keep-alive.md b/_includes/doc/admin-guide/options/gRPC-keep-alive.md index 191774d7..70abcf46 100644 --- a/_includes/doc/admin-guide/options/gRPC-keep-alive.md +++ b/_includes/doc/admin-guide/options/gRPC-keep-alive.md @@ -1,6 +1,6 @@ ## keep-alive() -This option configures the forwarding of gRPC keepalive pings in syslog-ng OSE. +This option configures the forwarding of gRPC keepalive pings in {{ site.product.short_name }}. ### max-pings-without-data() @@ -14,11 +14,11 @@ This option configures the forwarding of gRPC keepalive pings in syslog-ng OSE. | Type:| number[milliseconds]| |Default:| | -*Description:* syslog-ng OSE sends a gRPC keepalive ping after the amount of time defined in the `time()` option elapsed. +*Description:* {{ site.product.short_name }} sends a gRPC keepalive ping after the amount of time defined in the `time()` option elapsed. ### timeout() | Type:| number[milliseconds]| |Default:| 10| -*Description:* The time syslog-ng OSE waits for an acknowledgement. \ No newline at end of file +*Description:* The time {{ site.product.short_name }} waits for an acknowledgement. \ No newline at end of file diff --git a/_includes/doc/admin-guide/options/hook.md b/_includes/doc/admin-guide/options/hook.md index b5e8a6bd..5c96c2eb 100644 --- a/_includes/doc/admin-guide/options/hook.md +++ b/_includes/doc/admin-guide/options/hook.md @@ -5,16 +5,16 @@ programs when the relevant driver is initialized or torn down. The hook-commands() can be used with all source and destination drivers with the exception of the usertty() and internal() drivers. -**NOTE:** The syslog-ng OSE application must be able to start and restart +**NOTE:** The {{ site.product.short_name }} application must be able to start and restart the external program, and have the necessary permissions to do so. For example, if your host is running AppArmor or SELinux, you might have to -modify your AppArmor or SELinux configuration to enable syslog-ng OSE to +modify your AppArmor or SELinux configuration to enable {{ site.product.short_name }} to execute external applications. {: .notice--info} -### Using the hook-commands() when syslog-ng OSE starts or stops +### Using the hook-commands() when {{ site.product.short_name }} starts or stops -To execute an external program when syslog-ng OSE starts or stops, use +To execute an external program when {{ site.product.short_name }} starts or stops, use the following options: #### startup() @@ -22,44 +22,44 @@ the following options: |Type:|string| |Default:|N/A| -*Description:* Defines the external program that is executed as syslog-ng OSE starts. +*Description:* Defines the external program that is executed as {{ site.product.short_name }} starts. #### shutdown() |Type:|string| |Default:|N/A| -*Description:* Defines the external program that is executed as syslog-ng OSE stops. +*Description:* Defines the external program that is executed as {{ site.product.short_name }} stops. -### Using the hook-commands() when syslog-ng OSE reloads +### Using the hook-commands() when {{ site.product.short_name }} reloads -To execute an external program when the syslog-ng OSE configuration is +To execute an external program when the {{ site.product.short_name }} configuration is initiated or torn down, for example, on startup/shutdown or during a -syslog-ng OSE reload, use the following options: +{{ site.product.short_name }} reload, use the following options: #### setup() |Type:|string| |Default: |N/A| -*Description:* Defines an external program that is executed when the syslog-ng OSE configuration is initiated, for example, on startup or during a syslog-ng OSE reload. +*Description:* Defines an external program that is executed when the {{ site.product.short_name }} configuration is initiated, for example, on startup or during a {{ site.product.short_name }} reload. #### teardown() |Type:|string| |Default:| N/A| -*Description:* Defines an external program that is executed when the syslog-ng OSE configuration is stopped or torn down, for example, on shutdown or during a syslog-ng OSE reload. +*Description:* Defines an external program that is executed when the {{ site.product.short_name }} configuration is stopped or torn down, for example, on shutdown or during a {{ site.product.short_name }} reload. ### Example: Using the hook-commands() with a network source In the following example, the hook-commands() is used with the network() driver and it opens an iptables port automatically as -syslog-ng OSE is started/stopped. +{{ site.product.short_name }} is started/stopped. The assumption in this example is that the LOGCHAIN chain is part of a -larger ruleset that routes traffic to it. Whenever the syslog-ng OSE +larger ruleset that routes traffic to it. Whenever the {{ site.product.short_name }} created rule is there, packets can flow, otherwise the port is closed. ```config diff --git a/_includes/doc/admin-guide/options/inherit-environment.md b/_includes/doc/admin-guide/options/inherit-environment.md index cf236af6..1788c9f6 100644 --- a/_includes/doc/admin-guide/options/inherit-environment.md +++ b/_includes/doc/admin-guide/options/inherit-environment.md @@ -5,5 +5,5 @@ *Description:* By default, when program() starts an external application or script, it inherits the entire environment of the parent process -(that is, syslog-ng OSE). Use **inherit-environment(no)** to prevent +(that is, {{ site.product.short_name }}). Use **inherit-environment(no)** to prevent this. diff --git a/_includes/doc/admin-guide/options/ip-localip.md b/_includes/doc/admin-guide/options/ip-localip.md index 686fef32..dafd338c 100644 --- a/_includes/doc/admin-guide/options/ip-localip.md +++ b/_includes/doc/admin-guide/options/ip-localip.md @@ -3,10 +3,10 @@ | Type:| string| |Default:| 0.0.0.0| -*Description:* The IP address to bind to. By default, syslog-ng OSE +*Description:* The IP address to bind to. By default, {{ site.product.short_name }} listens on every available interface. Note that this is not the address where messages are accepted from. If you specify a multicast bind address and use the **udp** transport, -syslog-ng OSE automatically joins the necessary multicast group. TCP +{{ site.product.short_name }} automatically joins the necessary multicast group. TCP does not support multicasting. diff --git a/_includes/doc/admin-guide/options/jvm-options.md b/_includes/doc/admin-guide/options/jvm-options.md index 5d4023a4..c66911d0 100644 --- a/_includes/doc/admin-guide/options/jvm-options.md +++ b/_includes/doc/admin-guide/options/jvm-options.md @@ -4,7 +4,7 @@ |Default:| N/A| *Description:* Specify the Java Virtual Machine (JVM) settings of your -Java destination from the syslog-ng OSE configuration file. +Java destination from the {{ site.product.short_name }} configuration file. For example: diff --git a/_includes/doc/admin-guide/options/keep-alive.md b/_includes/doc/admin-guide/options/keep-alive.md index 841929c7..accca41b 100644 --- a/_includes/doc/admin-guide/options/keep-alive.md +++ b/_includes/doc/admin-guide/options/keep-alive.md @@ -4,8 +4,8 @@ |Default:| yes| *Description:* Specifies whether connections to sources should be closed -when syslog-ng is forced to reload its configuration (upon the receipt +when {{ site.product.short_name }} is forced to reload its configuration (upon the receipt of a SIGHUP signal). Note that this applies to the server (source) side -of the syslog-ng connections, client-side (destination) connections are +of the {{ site.product.short_name }} connections, client-side (destination) connections are always reopened after receiving a HUP signal unless the keep-alive option is enabled for the destination. diff --git a/_includes/doc/admin-guide/options/keep-hostname.md b/_includes/doc/admin-guide/options/keep-hostname.md index 408222ad..deb1c0af 100644 --- a/_includes/doc/admin-guide/options/keep-hostname.md +++ b/_includes/doc/admin-guide/options/keep-hostname.md @@ -5,33 +5,33 @@ *Description:* Enable or disable hostname rewriting. -- If enabled (**keep-hostname(yes)**), syslog-ng OSE assumes that the +- If enabled (**keep-hostname(yes)**), {{ site.product.short_name }} assumes that the incoming log message was sent by the host specified in the HOST field of the message. -- If disabled (**keep-hostname(no)**), syslog-ng OSE rewrites the HOST +- If disabled (**keep-hostname(no)**), {{ site.product.short_name }} rewrites the HOST field of the message, either to the IP address (if the use-dns() parameter is set to **no**), or to the hostname (if the use-dns() parameter is set to **yes** and the IP address can be resolved to a - hostname) of the host sending the message to syslog-ng OSE. For - details on using name resolution in syslog-ng OSE, see + hostname) of the host sending the message to {{ site.product.short_name }}. For + details on using name resolution in {{ site.product.short_name }}, see Using name resolution in syslog-ng. **NOTE:** If the log message does not contain a hostname in its HOST field, -syslog-ng OSE automatically adds a hostname to the message. +{{ site.product.short_name }} automatically adds a hostname to the message. {: .notice--info} - For messages received from the network, this hostname is the address of the host that sent the message (this means the address of the last hop if the message was transferred via a relay). -- For messages received from the local host, syslog-ng OSE adds the +- For messages received from the local host, {{ site.product.short_name }} adds the name of the host. This option can be specified globally, and per-source as well. The local setting of the source overrides the global option if available. -**NOTE:** When relaying messages, enable this option on the syslog-ng OSE -server and also on every relay, otherwise syslog-ng OSE will treat +**NOTE:** When relaying messages, enable this option on the {{ site.product.short_name }} +server and also on every relay, otherwise {{ site.product.short_name }} will treat incoming messages as if they were sent by the last relay. {: .notice--info} \ No newline at end of file diff --git a/_includes/doc/admin-guide/options/keep-timestamp.md b/_includes/doc/admin-guide/options/keep-timestamp.md index b6e168a3..4160d3e6 100644 --- a/_includes/doc/admin-guide/options/keep-timestamp.md +++ b/_includes/doc/admin-guide/options/keep-timestamp.md @@ -3,12 +3,12 @@ |Accepted values:| yes \| no| |Default:| yes| -*Description:* Specifies whether syslog-ng should accept the timestamp +*Description:* Specifies whether {{ site.product.short_name }} should accept the timestamp received from the sending application or client. If disabled, the time of reception will be used instead. This option can be specified globally, and per-source as well. The local setting of the source overrides the global option if available. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** To use the S_ macros, -the keep-timestamp() option must be enabled (this is the default behavior of syslog-ng OSE). +the keep-timestamp() option must be enabled (this is the default behavior of {{ site.product.short_name }}). {: .notice--warning} diff --git a/_includes/doc/admin-guide/options/key-file.md b/_includes/doc/admin-guide/options/key-file.md index 51745108..8b731364 100644 --- a/_includes/doc/admin-guide/options/key-file.md +++ b/_includes/doc/admin-guide/options/key-file.md @@ -5,6 +5,6 @@ *Description:* The name of a file that contains an unencrypted private key in PEM format, suitable as a TLS key. If properly configured, the -syslog-ng OSE application uses this private key and the matching +{{ site.product.short_name }} application uses this private key and the matching certificate (set in the cert-file() option) to authenticate the -syslog-ng OSE client on the destination server. +{{ site.product.short_name }} client on the destination server. diff --git a/_includes/doc/admin-guide/options/loaders.md b/_includes/doc/admin-guide/options/loaders.md index ba5d4cb0..2a7ccc8f 100644 --- a/_includes/doc/admin-guide/options/loaders.md +++ b/_includes/doc/admin-guide/options/loaders.md @@ -3,11 +3,11 @@ | Type: | list of python modules| |Default:| empty list| -*Description:* The syslog-ng OSE application imports Python modules +*Description:* The {{ site.product.short_name }} application imports Python modules specified in this option, before importing the code of the Python class. This option has effect only when the Python class is provided in an external Python file. This option has no effect when the Python class is -provided within the syslog-ng OSE configuration file (in a python{} +provided within the {{ site.product.short_name }} configuration file (in a python{} block). You can use the loaders() option to modify the import mechanism that imports Python class. For example, that way you can use hy in your Python class. diff --git a/_includes/doc/admin-guide/options/mark-freq.md b/_includes/doc/admin-guide/options/mark-freq.md index beaa649b..b5d48fed 100644 --- a/_includes/doc/admin-guide/options/mark-freq.md +++ b/_includes/doc/admin-guide/options/mark-freq.md @@ -4,7 +4,7 @@ |Default:| 1200| *Description:* An alias for the obsolete mark() option, retained for -compatibility with syslog-ng version 1.6.x. +compatibility with {{ site.product.short_name }} version 1.6.x. The number of seconds between two MARK messages. MARK messages are generated when there was no message traffic to inform the receiver that diff --git a/_includes/doc/admin-guide/options/mark-mode.md b/_includes/doc/admin-guide/options/mark-mode.md index 32b715c5..9ba7523b 100644 --- a/_includes/doc/admin-guide/options/mark-mode.md +++ b/_includes/doc/admin-guide/options/mark-mode.md @@ -10,7 +10,7 @@ network(), pipe(), syslog() and in global option. - internal: When internal mark mode is selected, internal source should be placed in the log path as this mode does not generate mark by itself at the destination. This mode only yields the mark - messages from internal source. This is the mode as syslog-ng OSE 3.3 + messages from internal source. This is the mode as {{ site.product.short_name }} 3.3 worked. MARK will be generated by internal source if there was NO traffic on local sources: @@ -46,10 +46,10 @@ network(), pipe(), syslog() and in global option. - global: Destination driver uses the global mark-mode() setting. Note that setting the global mark-mode() to global causes a syntax error - in syslog-ng OSE. + in {{ site.product.short_name }}. **NOTE:** In case of dst-idle, host-idle and periodical, the MARK message will not be written in the destination, if it is not open yet. {: .notice--info} -Available in syslog-ng OSE 3.4 and later. +Available in {{ site.product.short_name }} 3.4 and later. diff --git a/_includes/doc/admin-guide/options/mqtt-keep-alive.md b/_includes/doc/admin-guide/options/mqtt-keep-alive.md index 7a55d878..2692fa47 100644 --- a/_includes/doc/admin-guide/options/mqtt-keep-alive.md +++ b/_includes/doc/admin-guide/options/mqtt-keep-alive.md @@ -3,7 +3,7 @@ | Type:| positive integer number (in seconds)| |Default:| 60| -*Description:* Specifies the number of seconds that syslog-ng OSE keeps +*Description:* Specifies the number of seconds that {{ site.product.short_name }} keeps the connection between the broker and clients open in case there is no message traffic. When keep-alive() number of seconds pass, the connection is terminated, and you have to reconnect. diff --git a/_includes/doc/admin-guide/options/multi-line-garbage.md b/_includes/doc/admin-guide/options/multi-line-garbage.md index aadf2b4e..5011b491 100644 --- a/_includes/doc/admin-guide/options/multi-line-garbage.md +++ b/_includes/doc/admin-guide/options/multi-line-garbage.md @@ -7,13 +7,13 @@ multi-line messages that contain unneeded parts between the messages. Specify a string or regular expression that matches the beginning of the unneeded message parts. If the multi-line-garbage() option is set, -syslog-ng OSE ignores the lines between the line matching the +{{ site.product.short_name }} ignores the lines between the line matching the multi-line-garbage() and the next line matching multi-line-prefix(). See also the multi-line-prefix() option. When receiving multi-line messages from a source when the multi-line-garbage() option is set, but no matching line is received -between two lines that match multi-line-prefix(), syslog-ng OSE will +between two lines that match multi-line-prefix(), {{ site.product.short_name }} will continue to process the incoming lines as a single message until a line matching multi-line-garbage() is received. @@ -21,5 +21,5 @@ To use the multi-line-garbage() option, set the multi-line-mode() option to **prefix-garbage**. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** If the multi-line-garbage() -option is set, syslog-ng OSE discards lines between the line matching the multi-line-garbage() and the next line matching multi-line-prefix(). +option is set, {{ site.product.short_name }} discards lines between the line matching the multi-line-garbage() and the next line matching multi-line-prefix(). {: .notice--warning} \ No newline at end of file diff --git a/_includes/doc/admin-guide/options/multi-line-mode.md b/_includes/doc/admin-guide/options/multi-line-mode.md index 7ded4e53..547e766d 100644 --- a/_includes/doc/admin-guide/options/multi-line-mode.md +++ b/_includes/doc/admin-guide/options/multi-line-mode.md @@ -4,7 +4,7 @@ |Default: | empty string| *Description:* Use the multi-line-mode() option when processing -multi-line messages. The syslog-ng OSE application provides the +multi-line messages. The {{ site.product.short_name }} application provides the following methods to process multi-line messages: - The *indented* mode can process messages where each line that diff --git a/_includes/doc/admin-guide/options/multi-line-prefix.md b/_includes/doc/admin-guide/options/multi-line-prefix.md index 6db72c14..b28b4dc6 100644 --- a/_includes/doc/admin-guide/options/multi-line-prefix.md +++ b/_includes/doc/admin-guide/options/multi-line-prefix.md @@ -9,8 +9,7 @@ example, Tomcat logs). Specify a string or regular expression that matches the beginning of the log messages (always start with the **^** character). Use as simple regular expressions as possible, because complex regular expressions can severely reduce the rate of processing -multi-line messages. If the multi-line-prefix() option is set, syslog-ng -OSE ignores newline characters from the source until a line matches the +multi-line messages. If the multi-line-prefix() option is set, {{ site.product.short_name }} ignores newline characters from the source until a line matches the regular expression again, and treats the lines between the matching lines as a single message. See also the multi-line-garbage() option. @@ -61,5 +60,5 @@ source s_file{ }; ``` -Note that flags(no-parse) is needed to prevent syslog-ng OSE trying to +Note that flags(no-parse) is needed to prevent {{ site.product.short_name }} trying to interpret the date in the message. diff --git a/_includes/doc/admin-guide/options/on-error.md b/_includes/doc/admin-guide/options/on-error.md index bb4db2d8..4bb3997b 100644 --- a/_includes/doc/admin-guide/options/on-error.md +++ b/_includes/doc/admin-guide/options/on-error.md @@ -4,8 +4,8 @@ | Default: | {{ page.on_error | default: 'Use the global setting (which defaults to drop-message)' }} | *Description:* Controls what happens when type-casting fails and -syslog-ng OSE cannot convert some data to the specified type. By -default, syslog-ng OSE drops the entire message and logs the error. +{{ site.product.short_name }} cannot convert some data to the specified type. By +default, {{ site.product.short_name }} drops the entire message and logs the error. Currently the value-pairs() option uses the settings of on-error(). - drop-message: Drop the entire message and log an error message to diff --git a/_includes/doc/admin-guide/options/optional.md b/_includes/doc/admin-guide/options/optional.md index 4dbd1927..24cc4133 100644 --- a/_includes/doc/admin-guide/options/optional.md +++ b/_includes/doc/admin-guide/options/optional.md @@ -3,7 +3,7 @@ |Accepted values:| yes or no| |Default:|| -*Description:* Instruct syslog-ng to ignore the error if a specific +*Description:* Instruct {{ site.product.short_name }} to ignore the error if a specific source cannot be initialized. No other attempts to initialize the source will be made until the configuration is reloaded. This option currently applies to the pipe(), unix-dgram, and unix-stream drivers. diff --git a/_includes/doc/admin-guide/options/pad-size.md b/_includes/doc/admin-guide/options/pad-size.md index f8d0e3e6..4c46ef29 100644 --- a/_includes/doc/admin-guide/options/pad-size.md +++ b/_includes/doc/admin-guide/options/pad-size.md @@ -5,11 +5,11 @@ *Description:* Specifies input padding. Some operating systems (such as HP-UX) pad all messages to block boundary. This option can be used to -specify the block size. The syslog-ng OSE application will pad reads +specify the block size. The {{ site.product.short_name }} application will pad reads from the associated device to the number of bytes set in pad-size(). Mostly used on HP-UX where /dev/log is a named pipe and every write is padded to 2048 bytes. If pad-size() was given and the incoming message -does not fit into pad-size(), syslog-ng will not read anymore from this +does not fit into pad-size(), {{ site.product.short_name }} will not read anymore from this pipe and displays the following error message: >Padding was set, and couldn't read enough bytes diff --git a/_includes/doc/admin-guide/options/peer-verify.md b/_includes/doc/admin-guide/options/peer-verify.md index 5abb0da2..170bc2be 100644 --- a/_includes/doc/admin-guide/options/peer-verify.md +++ b/_includes/doc/admin-guide/options/peer-verify.md @@ -23,17 +23,17 @@ The remote peer has: ||required-trusted | rejected connection |rejected connection |TLS-encryption | For untrusted certificates only the existence of the certificate is -checked, but it does not have to be valid --- syslog-ng accepts the +checked, but it does not have to be valid --- {{ site.product.short_name }} accepts the certificate even if it is expired, signed by an unknown CA, or its CN and the name of the machine mismatches. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** When validating a certificate, the entire certificate chain must be valid, including the CA certificate. If any certificate of the chain is invalid, -syslog-ng OSE will reject the connection. +{{ site.product.short_name }} will reject the connection. {: .notice--warning} -Starting with syslog-ng OSE version 3.10, you can also use a simplified +Starting with {{ site.product.short_name }} version 3.10, you can also use a simplified configuration method for the peer-verify option, simply setting it to **yes** or **no**. The following table summarizes the possible options and their results depending on the certificate of the peer. diff --git a/_includes/doc/admin-guide/options/persist-name.md b/_includes/doc/admin-guide/options/persist-name.md index 2aec018c..8fd20cee 100644 --- a/_includes/doc/admin-guide/options/persist-name.md +++ b/_includes/doc/admin-guide/options/persist-name.md @@ -4,7 +4,7 @@ |Default:| N/A| *Description:* If you receive the following error message during -syslog-ng OSE startup, set the persist-name() option of the duplicate +{{ site.product.short_name }} startup, set the persist-name() option of the duplicate drivers: > Error checking the uniqueness of the persist names, please override it with persist-name option. Shutting down. diff --git a/_includes/doc/admin-guide/options/port-destport.md b/_includes/doc/admin-guide/options/port-destport.md index 955259db..71a734ea 100644 --- a/_includes/doc/admin-guide/options/port-destport.md +++ b/_includes/doc/admin-guide/options/port-destport.md @@ -4,6 +4,6 @@ |Default:| {{ page.destport | default: '601'}}| *Description:* The port number to connect to. Note that the default port -numbers used by syslog-ng do not comply with the latest RFC which was -published after the release of syslog-ng 3.0.2, therefore the default +numbers used by {{ site.product.short_name }} do not comply with the latest RFC which was +published after the release of {{ site.product.short_name }} 3.0.2, therefore the default port numbers will change in the future releases. diff --git a/_includes/doc/admin-guide/options/prefix.md b/_includes/doc/admin-guide/options/prefix.md index 35d9262d..7c31b369 100644 --- a/_includes/doc/admin-guide/options/prefix.md +++ b/_includes/doc/admin-guide/options/prefix.md @@ -16,7 +16,7 @@ name-value pairs to help further processing. For example: message using the **prefix(.SDATA.my-parsed-data.)** option. Names starting with a dot (for example, .example) are reserved for use -by syslog-ng OSE. If you use such a macro name as the name of a parsed +by {{ site.product.short_name }}. If you use such a macro name as the name of a parsed value, it will attempt to replace the original value of the macro (note that only soft macros can be overwritten, see Hard versus soft macros. diff --git a/_includes/doc/admin-guide/options/response-action.md b/_includes/doc/admin-guide/options/response-action.md index dda3c355..2cd04e73 100644 --- a/_includes/doc/admin-guide/options/response-action.md +++ b/_includes/doc/admin-guide/options/response-action.md @@ -3,14 +3,14 @@ | Type:| list| |Default:| N/A (see below)| -*Description:* Specifies what syslog-ng OSE does with the log message, +*Description:* Specifies what {{ site.product.short_name }} does with the log message, based on the response code received from the HTTP server. If the server -returns a status code beginning with 2 (for example, 200), syslog-ng OSE +returns a status code beginning with 2 (for example, 200), {{ site.product.short_name }} assumes the message was successfully sent. Otherwise, the action listed in the following table is applied. For status codes not listed in the following table, if the status code begins with 2 (for example, 299), -syslog-ng OSE assumes the message was successfully sent. For other -status codes, syslog-ng OSE disconnects. The following actions are +{{ site.product.short_name }} assumes the message was successfully sent. For other +status codes, {{ site.product.short_name }} disconnects. The following actions are possible: - disconnect: Keep trying to resend the message indefinitely. diff --git a/_includes/doc/admin-guide/options/retries.md b/_includes/doc/admin-guide/options/retries.md index 5bab3574..7e60fd06 100644 --- a/_includes/doc/admin-guide/options/retries.md +++ b/_includes/doc/admin-guide/options/retries.md @@ -3,8 +3,8 @@ | Type:| number (of attempts)| |Default:| 3| -*Description:* If syslog-ng OSE cannot send a message, it will try again +*Description:* If {{ site.product.short_name }} cannot send a message, it will try again until the number of attempts reaches retries(). -If the number of attempts reaches retries(), syslog-ng OSE will wait for +If the number of attempts reaches retries(), {{ site.product.short_name }} will wait for time-reopen() time, then tries sending the message again. diff --git a/_includes/doc/admin-guide/options/send-time-zone.md b/_includes/doc/admin-guide/options/send-time-zone.md index 5b42ee65..425d9f44 100644 --- a/_includes/doc/admin-guide/options/send-time-zone.md +++ b/_includes/doc/admin-guide/options/send-time-zone.md @@ -4,7 +4,7 @@ |Default:| local timezone| *Description:* Specifies the time zone associated with the messages sent -by syslog-ng, if not specified otherwise in the message or in the +by {{ site.product.short_name }}, if not specified otherwise in the message or in the destination driver. {% include doc/admin-guide/examples/timezone.md %} diff --git a/_includes/doc/admin-guide/options/so-broadcast.md b/_includes/doc/admin-guide/options/so-broadcast.md index 1ddeece6..3417345d 100644 --- a/_includes/doc/admin-guide/options/so-broadcast.md +++ b/_includes/doc/admin-guide/options/so-broadcast.md @@ -4,5 +4,5 @@ |Default:| no| *Description:* This option controls the SO_BROADCAST socket option -required to make syslog-ng send messages to a broadcast address. For +required to make {{ site.product.short_name }} send messages to a broadcast address. For details, see the socket(7) manual page. diff --git a/_includes/doc/admin-guide/options/source-flags.md b/_includes/doc/admin-guide/options/source-flags.md index c7689a21..73665214 100644 --- a/_includes/doc/admin-guide/options/source-flags.md +++ b/_includes/doc/admin-guide/options/source-flags.md @@ -11,7 +11,7 @@ message, use the **validate-utf8** flag. - *empty-lines*: Use the **empty-lines** flag to keep the empty lines - of the messages. By default, syslog-ng OSE removes empty lines + of the messages. By default, {{ site.product.short_name }} removes empty lines automatically. - *expect-hostname*: If the expect-hostname flag is enabled, syslog-ng @@ -27,14 +27,14 @@ - *kernel*: The kernel flag makes the source default to the LOG_KERN | LOG_NOTICE priority if not specified otherwise. -- *no-header*: The no-header flag triggers syslog-ng OSE to parse only +- *no-header*: The no-header flag triggers {{ site.product.short_name }} to parse only the PRI field of incoming messages, and put the rest of the message contents into ${MSG}. Its functionality is similar to that of the no-parse flag, except the no-header flag does not skip the PRI field. - **NOTE:** Essentially, the no-header flag signals syslog-ng OSE that the + **NOTE:** Essentially, the no-header flag signals {{ site.product.short_name }} that the syslog header is not present (or does not adhere to the conventions / RFCs), so the entire message (except from the PRI field) is put into ${MSG}. @@ -54,7 +54,7 @@ ``` - *no-hostname*: Enable the no-hostname flag if the log message does - not include the hostname of the sender host. That way syslog-ng OSE + not include the hostname of the sender host. That way {{ site.product.short_name }} assumes that the first part of the message header is ${PROGRAM} instead of ${HOST}. For example: @@ -73,10 +73,10 @@ supports multi-line messages. Currently the file() and pipe() drivers support multi-line messages. -- *no-parse*: By default, syslog-ng OSE parses incoming messages as +- *no-parse*: By default, {{ site.product.short_name }} parses incoming messages as syslog messages. The no-parse flag completely disables syslog message parsing and processes the complete line as the message part - of a syslog message. The syslog-ng OSE application will generate a + of a syslog message. The {{ site.product.short_name }} application will generate a new syslog header (timestamp, host, and so on) automatically and put the entire incoming message into the MESSAGE part of the syslog message (available using the ${MESSAGE} macro). This flag is useful @@ -85,25 +85,25 @@ If you are using the flags(no-parse) option, then syslog message parsing is completely disabled, and the entire incoming message is treated as the ${MESSAGE} part of a syslog message. In this case, - syslog-ng OSE generates a new syslog header (timestamp, host, and so + {{ site.product.short_name }} generates a new syslog header (timestamp, host, and so on) automatically. Note that even though flags(no-parse) disables message parsing, some flags can still be used, for example, the no-multi-line flag. -- *dont-store-legacy-msghdr*: By default, syslog-ng stores the +- *dont-store-legacy-msghdr*: By default, {{ site.product.short_name }} stores the original incoming header of the log message. This is useful if the original format of a non-syslog-compliant message must be retained - (syslog-ng automatically corrects minor header errors, for example, + ({{ site.product.short_name }} automatically corrects minor header errors, for example, adds a whitespace before msg in the following message: Jan 22 10:06:11 host program:msg). If you do not want to store the original header of the message, enable the **dont-store-legacy-msghdr** flag. -- *sanitize-utf8*: When using the sanitize-utf8 flag, syslog-ng OSE +- *sanitize-utf8*: When using the sanitize-utf8 flag, {{ site.product.short_name }} converts non-UTF-8 input to an escaped form, which is valid UTF-8. - *store-raw-message*: Save the original message as received from the client in the ${RAWMSG} macro. You can forward this raw message in - its original form to another syslog-ng node using the + its original form to another {{ site.product.short_name }} node using the [[syslog-ng() destination|adm-dest-syslogng]], or to a SIEM system, ensuring that the SIEM can process it. Available only in 3.16 and later. @@ -118,7 +118,7 @@ IETF syslog standard (for details, see IETF-syslog messages. If the BOM[^1] character is missing, but the message is otherwise UTF-8 - compliant, syslog-ng automatically adds the BOM character to the + compliant, {{ site.product.short_name }} automatically adds the BOM character to the message. [^1]: The byte order mark (BOM) is a Unicode character used to signal the byte-order of the message text. diff --git a/_includes/doc/admin-guide/options/source-normalize-hostnames.md b/_includes/doc/admin-guide/options/source-normalize-hostnames.md index a5f43afc..578df9f3 100644 --- a/_includes/doc/admin-guide/options/source-normalize-hostnames.md +++ b/_includes/doc/admin-guide/options/source-normalize-hostnames.md @@ -3,7 +3,7 @@ | Accepted values: | yes \| no| |Default: |no| -*Description:* If enabled (**normalize-hostnames(yes)**), syslog-ng OSE +*Description:* If enabled (**normalize-hostnames(yes)**), {{ site.product.short_name }} converts the hostnames to lowercase. **NOTE:** This setting applies only to hostnames resolved from DNS. It has diff --git a/_includes/doc/admin-guide/options/source-transport.md b/_includes/doc/admin-guide/options/source-transport.md index 9a77eaa1..680d70e3 100644 --- a/_includes/doc/admin-guide/options/source-transport.md +++ b/_includes/doc/admin-guide/options/source-transport.md @@ -6,16 +6,16 @@ *Description:* Specifies the protocol used to receive messages from the source. -For detailed information about how syslog-ng OSE supports the +For detailed information about how {{ site.product.short_name }} supports the proxied-tcp, the proxied-tls, and the proxied-tls-passthrough parameters, see Proxy Protocol support. text-with-nuls: Allows embedded **NUL** characters in the message from a -TCP source, that is, syslog-ng OSE will not delimiter the incoming +TCP source, that is, {{ site.product.short_name }} will not delimiter the incoming messages on **NUL** characters, only on **newline** characters (contrary to tcp transport, which splits the incoming log on **newline** characters and **NUL** characters). -**NOTE:** The syslog-ng OSE application does not support embedded **NUL** +**NOTE:** The {{ site.product.short_name }} application does not support embedded **NUL** characters everywhere, so it is recommended that you also use flags(no-multi-line) that causes **NUL** characters to be replaced by space. diff --git a/_includes/doc/admin-guide/options/spoof-source.md b/_includes/doc/admin-guide/options/spoof-source.md index dd3ea765..0f11aa32 100644 --- a/_includes/doc/admin-guide/options/spoof-source.md +++ b/_includes/doc/admin-guide/options/spoof-source.md @@ -4,13 +4,13 @@ |Default:| no| *Description:* Enables source address spoofing. This means that the host -running syslog-ng generates UDP packets with the source IP address +running {{ site.product.short_name }} generates UDP packets with the source IP address matching the original sender of the message. It is useful when you want -to perform some kind of preprocessing using syslog-ng then forward +to perform some kind of preprocessing using {{ site.product.short_name }} then forward messages to your central log management solution with the source address of the original sender. This option only works for UDP destinations though the original message can be received by TCP as well. This option -is only available if syslog-ng was compiled using the +is only available if {{ site.product.short_name }} was compiled using the --enable-spoof-source configuration option. The maximum size of spoofed datagrams in udp() destinations is set to diff --git a/_includes/doc/admin-guide/options/suppress.md b/_includes/doc/admin-guide/options/suppress.md index a8b670f3..d803f482 100644 --- a/_includes/doc/admin-guide/options/suppress.md +++ b/_includes/doc/admin-guide/options/suppress.md @@ -6,7 +6,7 @@ *Description:* If several identical log messages would be sent to the destination without any other messages between the identical messages (for example, an application repeated an error message ten times), -syslog-ng can suppress the repeated messages and send the message only +{{ site.product.short_name }} can suppress the repeated messages and send the message only once, followed by the Last message repeated n times. message. The -parameter of this option specifies the number of seconds syslog-ng waits +parameter of this option specifies the number of seconds {{ site.product.short_name }} waits for identical messages. diff --git a/_includes/doc/admin-guide/options/tags.md b/_includes/doc/admin-guide/options/tags.md index 810fb3c1..7b4ba759 100644 --- a/_includes/doc/admin-guide/options/tags.md +++ b/_includes/doc/admin-guide/options/tags.md @@ -7,4 +7,4 @@ tags. Tags must be unique, and enclosed between double quotes. When adding multiple tags, separate them with comma, for example, **tags("dmz", "router")**. This option is available only in -syslog-ng 3.1 and later. +{{ site.product.short_name }} 3.1 and later. diff --git a/_includes/doc/admin-guide/options/template-escape.md b/_includes/doc/admin-guide/options/template-escape.md index 31c3187c..af5daee1 100644 --- a/_includes/doc/admin-guide/options/template-escape.md +++ b/_includes/doc/admin-guide/options/template-escape.md @@ -8,5 +8,5 @@ characters in templated output files. This is useful for generating SQL statements and quoting string contents so that parts of the log message are not interpreted as commands to the SQL server. -**NOTE:** In syslog-ng OSE 4.5 and later versions `template-escape(yes)` escapes the top-level template function in case of nested template functions. +**NOTE:** In {{ site.product.short_name }} 4.5 and later versions `template-escape(yes)` escapes the top-level template function in case of nested template functions. {: .notice--info} diff --git a/_includes/doc/admin-guide/options/template-logformat.md b/_includes/doc/admin-guide/options/template-logformat.md index 49c4b5fb..ed53e7f0 100644 --- a/_includes/doc/admin-guide/options/template-logformat.md +++ b/_includes/doc/admin-guide/options/template-logformat.md @@ -5,7 +5,7 @@ *Description:* Specifies a template defining the logformat to be used in the destination. Macros are described in -Macros of syslog-ng OSE. Please note that for network destinations it might not be appropriate to change the template as it changes the on-wire format of the syslog protocol which +Macros of {{ site.product.short_name }}. Please note that for network destinations it might not be appropriate to change the template as it changes the on-wire format of the syslog protocol which might not be tolerated by stock syslog receivers (like syslogd or -syslog-ng itself). For network destinations make sure the receiver can +{{ site.product.short_name }} itself). For network destinations make sure the receiver can cope with the custom format defined. diff --git a/_includes/doc/admin-guide/options/trim-large-messages.md b/_includes/doc/admin-guide/options/trim-large-messages.md index ce075d4c..14f7637e 100644 --- a/_includes/doc/admin-guide/options/trim-large-messages.md +++ b/_includes/doc/admin-guide/options/trim-large-messages.md @@ -3,14 +3,14 @@ |Accepted values:| yes \| no| |Default:| {{ page.trim_default | default: 'Use the global trim-large-messages() option, which defaults to no.' }}| -*Description:* Determines what syslog-ng OSE does with incoming log +*Description:* Determines what {{ site.product.short_name }} does with incoming log messages that are received using the IETF-syslog protocol using the syslog() driver, and are longer than the value of log-msg-size(). Other drivers ignore the trim-large-messages() option. -- If set to **no**, syslog-ng OSE drops the incoming log message. +- If set to **no**, {{ site.product.short_name }} drops the incoming log message. -- If set to **yes**, syslog-ng OSE trims the incoming log message to +- If set to **yes**, {{ site.product.short_name }} trims the incoming log message to the size set in log-msg-size(), and adds the trimmed tag to the message. The rest of the message is dropped. You can use the tag to filter on such messages. @@ -21,13 +21,13 @@ drivers ignore the trim-large-messages() option. }; ``` - If syslog-ng OSE trims a log message, it sends a debug-level log + If {{ site.product.short_name }} trims a log message, it sends a debug-level log message to its internal() source. As a result of trimming, a parser could fail to parse the trimmed message. For example, a trimmed JSON or XML message will not be valid JSON or XML. -Available in syslog-ng OSE version 3.21 and later. +Available in {{ site.product.short_name }} version 3.21 and later. Uses the value of the global option if not specified. diff --git a/_includes/doc/admin-guide/options/use-dns.md b/_includes/doc/admin-guide/options/use-dns.md index b02fc449..739c1fe7 100644 --- a/_includes/doc/admin-guide/options/use-dns.md +++ b/_includes/doc/admin-guide/options/use-dns.md @@ -5,10 +5,10 @@ *Description:* Enable or disable DNS usage. The persist_only option attempts to resolve hostnames locally from file (for example, from -/etc/hosts). The syslog-ng OSE application blocks on DNS queries, so +/etc/hosts). The {{ site.product.short_name }} application blocks on DNS queries, so enabling DNS may lead to a Denial of Service attack. To prevent DoS, -protect your syslog-ng network endpoint with firewall rules, and make -sure that all hosts which may get to syslog-ng are resolvable. This +protect your {{ site.product.short_name }} network endpoint with firewall rules, and make +sure that all hosts which may get to {{ site.product.short_name }} are resolvable. This option can be specified globally, and per-source as well. The local setting of the source overrides the global option if available. diff --git a/_includes/doc/admin-guide/options/value-pairs.md b/_includes/doc/admin-guide/options/value-pairs.md index b21edebf..8f2c8317 100644 --- a/_includes/doc/admin-guide/options/value-pairs.md +++ b/_includes/doc/admin-guide/options/value-pairs.md @@ -92,7 +92,7 @@ value-pairs( | Type: | flag | | Default: | N/A | -*Description:* If this option is specified, syslog-ng OSE does not include value-pairs with empty values in the output. +*Description:* If this option is specified, {{ site.product.short_name }} does not include value-pairs with empty values in the output. For example: @@ -107,7 +107,7 @@ value-pairs( ) ``` -Available in syslog-ng OSE version 3.21 and later. +Available in {{ site.product.short_name }} version 3.21 and later. #### pair() @@ -145,7 +145,7 @@ The following transformations are available: - replace-prefix(\"\\", \"\\") Replaces a substring at the beginning of the key with another string. Only prefixes can be replaced. For example, replace-prefix(\".class\",\".patterndb\") changes the beginning tag .class to .patterndb. - This option was called replace() in syslog-ng OSE version 3.4. + This option was called replace() in {{ site.product.short_name }} version 3.4. - shift(\"\\") @@ -190,9 +190,9 @@ The rekey() option can be used with the format-json template-function as well, u *Description:* This option selects predefined groups of macros. The following groups are available: -- *nv-pairs*: Every soft macro (name-value pair) associated with the message, except the ones that start with a dot (.) character. Macros starting with a dot character are generated within syslog-ng OSE and are not originally part of the message, therefore are not included in this group. +- *nv-pairs*: Every soft macro (name-value pair) associated with the message, except the ones that start with a dot (.) character. Macros starting with a dot character are generated within {{ site.product.short_name }} and are not originally part of the message, therefore are not included in this group. -- *dot-nv-pairs*: Every soft macro (name-value pair) associated with the message which starts with a dot (.) character. For example, .classifier.rule\_id and .sdata.\*. Macros starting with a dot character are generated within syslog-ng OSE and are not originally part of the message. +- *dot-nv-pairs*: Every soft macro (name-value pair) associated with the message which starts with a dot (.) character. For example, .classifier.rule\_id and .sdata.\*. Macros starting with a dot character are generated within {{ site.product.short_name }} and are not originally part of the message. - *all-nv-pairs*: Include every soft macro (name-value pair). Equivalent to using both nv-pairs and dot-nv-pairs. diff --git a/_includes/doc/admin-guide/options/workers.md b/_includes/doc/admin-guide/options/workers.md index bc714375..e9c705cc 100644 --- a/_includes/doc/admin-guide/options/workers.md +++ b/_includes/doc/admin-guide/options/workers.md @@ -4,12 +4,12 @@ |Default:| {{ page.workers | default: '1' }}| *Description:* Specifies the number of worker threads (at least 1) that -syslog-ng OSE uses to send messages to the server. Increasing the number +{{ site.product.short_name }} uses to send messages to the server. Increasing the number of worker threads can drastically improve the performance of the destination. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -Hazard of data loss! When you use more than one worker threads together with disk-based buffering, syslog-ng OSE creates a separate disk buffer for each worker thread. This means that decreasing the number of workers can result in losing data currently stored in the disk buffer files. Do not decrease the number of workers when the disk buffer files are in use. +Hazard of data loss! When you use more than one worker threads together with disk-based buffering, {{ site.product.short_name }} creates a separate disk buffer for each worker thread. This means that decreasing the number of workers can result in losing data currently stored in the disk buffer files. Do not decrease the number of workers when the disk buffer files are in use. {: .notice--danger} If you are using load-balancing (that is, you have configured multiple diff --git a/_includes/doc/admin-guide/parser-intro.md b/_includes/doc/admin-guide/parser-intro.md index 81650a94..9623f425 100644 --- a/_includes/doc/admin-guide/parser-intro.md +++ b/_includes/doc/admin-guide/parser-intro.md @@ -1,6 +1,6 @@ The messages of these devices often do not completely comply with the syslog RFCs, making them difficult to parse. The {{ page.parser }}-parser() of -syslog-ng OSE solves this problem, and can separate these log messages +{{ site.product.short_name }} solves this problem, and can separate these log messages to name-value pairs, extracting also the Cisco-specific values, for -example, the mnemonic. For details on using value-pairs in syslog-ng OSE +example, the mnemonic. For details on using value-pairs in {{ site.product.short_name }} see Structuring macros, metadata, and other value-pairs. diff --git a/_includes/doc/admin-guide/python-blocks-generic.md b/_includes/doc/admin-guide/python-blocks-generic.md index 107f0a61..e639d096 100644 --- a/_includes/doc/admin-guide/python-blocks-generic.md +++ b/_includes/doc/admin-guide/python-blocks-generic.md @@ -1,59 +1,59 @@ -The following points apply to using Python blocks in syslog-ng OSE in +The following points apply to using Python blocks in {{ site.product.short_name }} in general: -- Python parsers and template functions are available in syslog-ng OSE +- Python parsers and template functions are available in {{ site.product.short_name }} version 3.10 and later. - Python destinations and sources are available in syslog-ng OSE + Python destinations and sources are available in {{ site.product.short_name }} version 3.18 and later. - Supported Python versions: 2.7 and 3.4+ (if you are using pre-built binaries, check the dependencies of the package to find out which Python version it was compiled with). -- The Python block must be a top-level block in the syslog-ng OSE +- The Python block must be a top-level block in the {{ site.product.short_name }} configuration file. - If you store the Python code in a separate Python file and only - include it in the syslog-ng OSE configuration file, make sure that + include it in the {{ site.product.short_name }} configuration file, make sure that the PYTHON_PATH environment variable includes the path to the Python file, and export the PYTHON_PATH environment variable. For - example, if you start syslog-ng OSE manually from a terminal and you + example, if you start {{ site.product.short_name }} manually from a terminal and you store your Python files in the /opt/syslog-ng/etc directory, use the following command: **export PYTHONPATH=/opt/syslog-ng/etc**. - In production, when syslog-ng OSE starts on boot, you must configure + In production, when {{ site.product.short_name }} starts on boot, you must configure your startup script to include the Python path. The exact method depends on your operating system. For recent Red Hat Enterprise Linux, Fedora, and CentOS distributions that use systemd, the systemctl command sources the /etc/sysconfig/syslog-ng file before - starting syslog-ng OSE. (On openSUSE and SLES, /etc/sysconfig/syslog + starting {{ site.product.short_name }}. (On openSUSE and SLES, /etc/sysconfig/syslog file.) Append the following line to the end of this file: **PYTHONPATH="\"**, for example, **PYTHONPATH="/opt/syslog-ng/etc"**. -- The Python object is initiated every time when syslog-ng OSE is +- The Python object is initiated every time when {{ site.product.short_name }} is started or reloaded. {% include doc/admin-guide/warnings/python-reload.md %} - The Python block can contain multiple Python functions. -- Using Python code in syslog-ng OSE can significantly decrease the - performance of syslog-ng OSE, especially if the Python code is slow. - In general, the features of syslog-ng OSE are implemented in C, and +- Using Python code in {{ site.product.short_name }} can significantly decrease the + performance of {{ site.product.short_name }}, especially if the Python code is slow. + In general, the features of {{ site.product.short_name }} are implemented in C, and are faster than implementations of the same or similar features in Python. -- Validate and lint the Python code before using it. The syslog-ng OSE +- Validate and lint the Python code before using it. The {{ site.product.short_name }} application does not do any of this. - Python error messages are available in the internal() source of - syslog-ng OSE. + {{ site.product.short_name }}. -- You can access the name-value pairs of syslog-ng OSE directly +- You can access the name-value pairs of {{ site.product.short_name }} directly through a message object or a dictionary. - To help debugging and troubleshooting your Python code, you can send - log messages to the internal() source of syslog-ng OSE. For details, + log messages to the internal() source of {{ site.product.short_name }}. For details, see Logging from your Python code. diff --git a/_includes/doc/admin-guide/python-deinit.md b/_includes/doc/admin-guide/python-deinit.md index a66d890d..05b09f61 100644 --- a/_includes/doc/admin-guide/python-deinit.md +++ b/_includes/doc/admin-guide/python-deinit.md @@ -1,6 +1,6 @@ ### The deinit(self) method (optional) -This method is executed when syslog-ng OSE is stopped or reloaded. This +This method is executed when {{ site.product.short_name }} is stopped or reloaded. This method does not return a value. {% include doc/admin-guide/warnings/python-reload.md %} diff --git a/_includes/doc/admin-guide/python-init.md b/_includes/doc/admin-guide/python-init.md index 3843c0c5..c28f0b9a 100644 --- a/_includes/doc/admin-guide/python-init.md +++ b/_includes/doc/admin-guide/python-init.md @@ -1,16 +1,16 @@ ### init(self, options) method (optional) -The syslog-ng OSE application initializes Python objects every time when +The {{ site.product.short_name }} application initializes Python objects every time when it is started or reloaded. The init method is executed as part of the initialization. You can perform any initialization steps that are necessary for your source to work. {% include doc/admin-guide/warnings/python-reload.md %} -When this method returns with False, syslog-ng OSE does not start. It +When this method returns with False, {{ site.product.short_name }} does not start. It can be used to check options and return False when they prevent the successful start of the source. options: This optional argument contains the contents of the options() -parameter of the syslog-ng OSE configuration object as a Python +parameter of the {{ site.product.short_name }} configuration object as a Python dictionary. diff --git a/_includes/doc/admin-guide/warnings/macro-overwrite.md b/_includes/doc/admin-guide/warnings/macro-overwrite.md index 1e07f086..9f96b944 100644 --- a/_includes/doc/admin-guide/warnings/macro-overwrite.md +++ b/_includes/doc/admin-guide/warnings/macro-overwrite.md @@ -1,7 +1,7 @@ ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** If the names of keys in the {{ page.message | default: 'message' }} is the same as the names of -syslog-ng OSE soft macros, the value from the parsed message +{{ site.product.short_name }} soft macros, the value from the parsed message will overwrite the value of the macro. For example, the {{ page.macro_content | default: 'PROGRAM=value1, MESSAGE=value2' }} content will overwrite the ${PROGRAM} and ${MESSAGE} macros. To avoid overwriting such diff --git a/_includes/doc/admin-guide/warnings/python-reload.md b/_includes/doc/admin-guide/warnings/python-reload.md index 3435018a..c85c49d7 100644 --- a/_includes/doc/admin-guide/warnings/python-reload.md +++ b/_includes/doc/admin-guide/warnings/python-reload.md @@ -1,5 +1,5 @@ ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -If you reload syslog-ng OSE, existing Python objects are destroyed, therefore +If you reload {{ site.product.short_name }}, existing Python objects are destroyed, therefore the context and state information of Python blocks is lost. Log rotation and -updating the configuration of syslog-ng OSE typically involves a reload. +updating the configuration of {{ site.product.short_name }} typically involves a reload. {: .notice--warning} diff --git a/_includes/doc/admin-guide/warnings/tcp-keepalive-options.md b/_includes/doc/admin-guide/warnings/tcp-keepalive-options.md index fc52b678..e3939533 100644 --- a/_includes/doc/admin-guide/warnings/tcp-keepalive-options.md +++ b/_includes/doc/admin-guide/warnings/tcp-keepalive-options.md @@ -6,10 +6,10 @@ has no traffic is closed after tcp-keepalive-time() + tcp-keepalive-intvl() \* tcp-keepalive-probes() seconds. {: .notice--warning} -Available in syslog-ng OSE version 3.4 and later. +Available in {{ site.product.short_name }} version 3.4 and later. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -Prior to syslog-ng OSE 3.29, Syslog-ng uses the kernel default +Prior to {{ site.product.short_name }} 3.29, {{ site.product.short_name }} uses the kernel default values for the following socket options: TCP_KEEPCNT, TCP_KEEPIDLE, and TCP_KEEPINTVL (Only applies to systems, where those options are supported.) Unfortunately those default values are not optimal for a typical logging application. diff --git a/_includes/doc/admin-guide/warnings/udp-buffer.md b/_includes/doc/admin-guide/warnings/udp-buffer.md index 5d33278e..ea10f00b 100644 --- a/_includes/doc/admin-guide/warnings/udp-buffer.md +++ b/_includes/doc/admin-guide/warnings/udp-buffer.md @@ -1,7 +1,7 @@ >![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** >When receiving messages using the UDP protocol, increase the >size of the UDP receive buffer on the receiver host ->(that is, the syslog-ng OSE server or relay receiving the messages). +>(that is, the {{ site.product.short_name }} server or relay receiving the messages). > >Note that on certain platforms, for example, on Red Hat Enterprise >Linux 5, even low message load (\~200 messages per second) can diff --git a/doc/README.md b/doc/README.md index a08291b6..63029e75 100644 --- a/doc/README.md +++ b/doc/README.md @@ -1,8 +1,8 @@ --- title: Introduction description: >- - Welcome to the syslog-ng documentation center.
- Here you can browse, search and contribute to most of the syslog-ng documentation. + Welcome to the {{ site.product.short_name }} documentation center.
+ Here you can browse, search and contribute to most of the {{ site.product.short_name }} documentation. permalink: / id: doc-center --- @@ -15,7 +15,7 @@ If you would like to help us to make our documentation better, here you can find ## {% include markdown_link id="adm-guide" title="Administration guide" outOfFrame=true %} -If you are an active user of syslog-ng, start here to {% include markdown_link id="adm-guide" title="learn" outOfFrame=true withTooltip=true %} about installation, configuration, and fine tuning syslog-ng. +If you are an active user of {{ site.product.short_name }}, start here to {% include markdown_link id="adm-guide" title="learn" outOfFrame=true withTooltip=true %} about installation, configuration, and fine tuning syslog-ng. ## {% include markdown_link id="dev-guide" title="Developer guide" outOfFrame=true %} @@ -26,7 +26,7 @@ Want to add your idea, bug-fix to the fabolous syslog-ng? Take a look at our {% In case you have any question, comment, or feedback, you can: * first check out our {% include markdown_link id="doc-guide#how-to-contribute-to-the-documentation" title="contribution guide" outOfFrame=true withTooltip=true %} -* post your question on the syslog-ng mailing list +* post your question on the {{ site.product.short_name }} mailing list * use our github to track all of the [[documentation issues|gh-syslog-ng-doc-issue-tracker]] {% include doc/admin-guide/copyright.md %} diff --git a/doc/_admin-guide/010_Introduction_to_syslog-ng/000_What_syslog-ng_is.md b/doc/_admin-guide/010_Introduction_to_syslog-ng/000_What_syslog-ng_is.md index f7603363..61920699 100644 --- a/doc/_admin-guide/010_Introduction_to_syslog-ng/000_What_syslog-ng_is.md +++ b/doc/_admin-guide/010_Introduction_to_syslog-ng/000_What_syslog-ng_is.md @@ -1,17 +1,17 @@ --- -title: What syslog-ng is +title: What {{ site.product.short_name }} is id: adm-intro-what description: >- - The syslog-ng Open Source Edition (syslog-ng OSE) application is a + The {{ site.product.short_name }} application is a flexible and highly scalable system logging application that is ideal for creating centralized and trusted logging solutions. --- -Among others, syslog-ng OSE allows you the following. +Among others, {{ site.product.short_name }} allows you the following. ## Secure and reliable log transfer -The syslog-ng OSE application enables you to send the log messages of +The {{ site.product.short_name }} application enables you to send the log messages of your hosts to remote servers using the latest protocol standards. You can collect and store your log data centrally on dedicated log servers. Transfer log messages using the TCP protocol ensures that no messages @@ -19,18 +19,18 @@ are lost. ## Disk-based message buffering -To minimize the risk of losing important log messages, the syslog-ng OSE +To minimize the risk of losing important log messages, the {{ site.product.short_name }} application can store messages on the local hard disk if the central log server or the network connection becomes unavailable. The syslog-ng application automatically sends the stored messages to the server when the connection is reestablished, in the same order the messages were received. The disk buffer is persistent -- no messages are lost even if -syslog-ng is restarted. +{{ site.product.short_name }} is restarted. ## Secure logging using TLS Log messages may contain sensitive information that should not be -accessed by third parties. Therefore, syslog-ng OSE supports the +accessed by third parties. Therefore, {{ site.product.short_name }} supports the Transport Layer Security (TLS) protocol to encrypt the communication. TLS also allows you to authenticate your clients and the logserver using X.509 certificates. @@ -38,13 +38,13 @@ X.509 certificates. ## Flexible data extraction and processing Most log messages are inherently unstructured, which makes them -difficult to process. To overcome this problem, syslog-ng OSE comes with +difficult to process. To overcome this problem, {{ site.product.short_name }} comes with a set of built-in parsers, which you can combine to build very complex things. ## Filter and classify -The syslog-ng OSE application can sort the incoming log messages based +The {{ site.product.short_name }} application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. You can create directories, files, and database tables dynamically using macros. Complex filtering using @@ -54,11 +54,11 @@ destinations. ## Parse and rewrite -The syslog-ng OSE application can segment log messages to named fields +The {{ site.product.short_name }} application can segment log messages to named fields or columns, and also modify the values of these fields. You can process JSON messages, key-value pairs, and more. -To get the most information out of your log data, syslog-ng OSE allows +To get the most information out of your log data, {{ site.product.short_name }} allows you to correlate log messages and aggregate the extracted information into a single message. You can also use external information to enrich your log data. @@ -67,13 +67,13 @@ your log data. The log data that your organization has to process, store, and review increases daily, so many organizations use big data solutions for their -logs. To accomodate this huge amount of data, syslog-ng OSE natively +logs. To accomodate this huge amount of data, {{ site.product.short_name }} natively supports storing log messages in HDFS files and Elasticsearch clusters. ## Message queue support Large organizations increasingly rely on queuing infrastructure to -transfer their data. For that purpose, syslog-ng OSE supports Apache +transfer their data. For that purpose, {{ site.product.short_name }} supports Apache Kafka , the Advanced Message Queuing Protocol (AMQP), and the Simple Text Oriented Messaging Protocol (STOMP). @@ -81,10 +81,10 @@ Text Oriented Messaging Protocol (STOMP). Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analyzing applications. The -syslog-ng application supports the following databases: MongoDB, MSSQL, +{{ site.product.short_name }} application supports the following databases: MongoDB, MSSQL, MySQL, Oracle, PostgreSQL, and SQLite. -syslog-ng OSE also allows you to extract the information you need from +{{ site.product.short_name }} also allows you to extract the information you need from your log data, and directly send it to your Graphite, Redis, or Riemann monitoring system. @@ -92,19 +92,19 @@ monitoring system. ## syslog protocol standards -syslog-ng not only supports legacy BSD syslog (RFC-3164) and the enhanced +{{ site.product.short_name }} not only supports legacy BSD syslog (RFC-3164) and the enhanced RFC-5424 protocols but also JavaScript Object Notation (JSON) and journald message formats. ## Heterogeneous environments -The syslog-ng OSE application is the ideal choice to collect logs in +The {{ site.product.short_name }} application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Unix, BSD, Sun Solaris, HP-UX, and AIX. ## IPv4 and IPv6 support -The syslog-ng application can operate in both IPv4 and IPv6 network +The {{ site.product.short_name }} application can operate in both IPv4 and IPv6 network environments, and can receive and send messages to both types of networks. diff --git a/doc/_admin-guide/010_Introduction_to_syslog-ng/001_What_syslog-ng_is_not.md b/doc/_admin-guide/010_Introduction_to_syslog-ng/001_What_syslog-ng_is_not.md index 26716135..798c1033 100644 --- a/doc/_admin-guide/010_Introduction_to_syslog-ng/001_What_syslog-ng_is_not.md +++ b/doc/_admin-guide/010_Introduction_to_syslog-ng/001_What_syslog-ng_is_not.md @@ -1,11 +1,11 @@ --- -title: What syslog-ng is not +title: What {{ site.product.short_name }} is not id: adm-intro-whatnot --- -The syslog-ng application is not log analysis software. It can filter +The {{ site.product.short_name }} application is not log analysis software. It can filter log messages and select only the ones matching certain criteria. It can even convert the messages and restructure them to a predefined format, or parse the messages and segment them into different fields. But -syslog-ng cannot interpret and analyze the meaning behind the messages, +{{ site.product.short_name }} cannot interpret and analyze the meaning behind the messages, or recognize patterns in the occurrence of different messages. diff --git a/doc/_admin-guide/010_Introduction_to_syslog-ng/002_Why_is_syslog-ng_needed.md b/doc/_admin-guide/010_Introduction_to_syslog-ng/002_Why_is_syslog-ng_needed.md index 49085b70..3cc48822 100644 --- a/doc/_admin-guide/010_Introduction_to_syslog-ng/002_Why_is_syslog-ng_needed.md +++ b/doc/_admin-guide/010_Introduction_to_syslog-ng/002_Why_is_syslog-ng_needed.md @@ -1,5 +1,5 @@ --- -title: Why is syslog-ng needed? +title: Why is {{ site.product.short_name }} needed? id: adm-intro-why description: >- Log messages contain information about the events happening on the @@ -12,7 +12,7 @@ the message and the facility sending the message. These two parameters alone are often inadequate to consistently classify messages, as many applications might use the same facility, and the facility itself is not even included in the log message. To make things worse, many log -messages contain unimportant information. The syslog-ng application +messages contain unimportant information. The {{ site.product.short_name }} application helps you to select only the really interesting messages, and forward them to a central server. diff --git a/doc/_admin-guide/010_Introduction_to_syslog-ng/003_Who_uses_syslog-ng.md b/doc/_admin-guide/010_Introduction_to_syslog-ng/003_Who_uses_syslog-ng.md index c3d3dec3..e01b60f6 100644 --- a/doc/_admin-guide/010_Introduction_to_syslog-ng/003_Who_uses_syslog-ng.md +++ b/doc/_admin-guide/010_Introduction_to_syslog-ng/003_Who_uses_syslog-ng.md @@ -1,11 +1,11 @@ --- -title: Who uses syslog-ng? +title: Who uses {{ site.product.short_name }}? id: adm-intro-who --- -The syslog-ng application is used worldwide by companies and +The {{ site.product.short_name }} application is used worldwide by companies and institutions who collect and manage the logs of several hosts, and want -to store them in a centralized, organized way. Using syslog-ng is +to store them in a centralized, organized way. Using {{ site.product.short_name }} is particularly advantageous for: - Internet Service Providers diff --git a/doc/_admin-guide/010_Introduction_to_syslog-ng/004_Supported_platforms.md b/doc/_admin-guide/010_Introduction_to_syslog-ng/004_Supported_platforms.md index c75388d3..b29e9f09 100644 --- a/doc/_admin-guide/010_Introduction_to_syslog-ng/004_Supported_platforms.md +++ b/doc/_admin-guide/010_Introduction_to_syslog-ng/004_Supported_platforms.md @@ -3,12 +3,12 @@ title: Supported platforms id: adm-intro-supp --- -The syslog-ng Open Source Edition (syslog-ng OSE) application is highly +The {{ site.product.short_name }} application is highly portable and is known to run on a wide range of hardware architectures (x86, x86_64, SUN Sparc, PowerPC 32 and 64, Alpha, ARM64) and operating systems, including Linux, BSD, Solaris, IBM AIX, HP-UX, macOS, Cygwin, and others. -- The [[source code|gh-syslog-ng]] of syslog-ng Open Source Edition is released under the GPLv2 license +- The [[source code|gh-syslog-ng]] of {{ site.product.name }} is released under the GPLv2 license -- For the available binary installation packages, see syslog-ng Open Source Edition installation packages. +- For the available binary installation packages, see {{ site.product.name }} installation packages. diff --git a/doc/_admin-guide/010_Introduction_to_syslog-ng/README.md b/doc/_admin-guide/010_Introduction_to_syslog-ng/README.md index a2c606c1..4ce98a81 100644 --- a/doc/_admin-guide/010_Introduction_to_syslog-ng/README.md +++ b/doc/_admin-guide/010_Introduction_to_syslog-ng/README.md @@ -3,6 +3,6 @@ title: Introduction to syslog-ng id: adm-intro --- -This chapter introduces the syslog-ng Open Source Edition application in +This chapter introduces the {{ site.product.name }} application in a non-technical manner, discussing how and why is it useful, and the benefits it offers to an existing IT infrastructure. diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/000_The_philosophy_of_syslog-ng.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/000_The_philosophy_of_syslog-ng.md index a43031b7..1f559f6c 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/000_The_philosophy_of_syslog-ng.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/000_The_philosophy_of_syslog-ng.md @@ -2,12 +2,12 @@ title: The philosophy of syslog-ng id: adm-conc-phil description: >- - Typically, syslog-ng is used to manage log messages and implement + Typically, {{ site.product.short_name }} is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server. --- -The different devices --- called syslog-ng clients --- all run syslog-ng, +The different devices --- called {{ site.product.short_name }} clients --- all run {{ site.product.short_name }}, and collect the log messages from the various applications, files, and other *sources*. The clients send all important log messages to the -remote syslog-ng server, which sorts and stores them. +remote {{ site.product.short_name }} server, which sorts and stores them. diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/001_Logging_with_syslog-ng.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/001_Logging_with_syslog-ng.md index 450cfafb..c576f90c 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/001_Logging_with_syslog-ng.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/001_Logging_with_syslog-ng.md @@ -2,19 +2,19 @@ title: Logging with syslog-ng id: adm-conc-log description: >- - The syslog-ng application reads incoming messages and forwards them to - the selected destinations. The syslog-ng application can receive + The {{ site.product.short_name }} application reads incoming messages and forwards them to + the selected destinations. The {{ site.product.short_name }} application can receive messages from files, remote hosts, and other sources. --- -Log messages enter syslog-ng in one of the defined *sources*, and are sent +Log messages enter {{ site.product.short_name }} in one of the defined *sources*, and are sent to one or more *destinations*. Sources and destinations are independent objects, *log paths* define -what syslog-ng does with a message, connecting the sources to the +what {{ site.product.short_name }} does with a message, connecting the sources to the destinations. A log path consists of one or more sources and one or more destinations: messages arriving from a source are sent to every -destination listed in the log path. A log path defined in syslog-ng is +destination listed in the log path. A log path defined in {{ site.product.short_name }} is called a *log statement*. Optionally, log paths can include *filters*. Filters are rules that @@ -33,8 +33,8 @@ adding, replacing, or removing parts of the messages. ### Purpose The following procedure illustrates the route of a log message from its -source on the syslog-ng client to its final destination on the central -syslog-ng server. +source on the {{ site.product.short_name }} client to its final destination on the central +{{ site.product.short_name }} server. ### Figure 1: The route of a log message @@ -43,28 +43,28 @@ syslog-ng server. ### Steps 1. A device or application sends a log message to a source on the - syslog-ng client. For example, an Apache web server running on Linux + {{ site.product.short_name }} client. For example, an Apache web server running on Linux enters a message into the /var/log/apache file. -2. The syslog-ng client running on the web server reads the message +2. The {{ site.product.short_name }} client running on the web server reads the message from its /var/log/apache source. -3. The syslog-ng client processes the first log statement that includes +3. The {{ site.product.short_name }} client processes the first log statement that includes the /var/log/apache source. -4. The syslog-ng client performs optional operations (message +4. The {{ site.product.short_name }} client performs optional operations (message filtering, parsing, and rewriting) on the message, for example, it compares the message to the filters of the log statement (if any). - If the message complies with all filter rules, syslog-ng sends the + If the message complies with all filter rules, {{ site.product.short_name }} sends the message to the destinations set in the log statement, for example, - to the remote syslog-ng server. + to the remote {{ site.product.short_name }} server. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Message filtering, parsing, and rewriting is performed in the order that the operations appear in the log statement. {: .notice--warning} - **NOTE:** The syslog-ng client sends a message to *all* matching + **NOTE:** The {{ site.product.short_name }} client sends a message to *all* matching destinations by default. As a result, a message may be sent to a destination more than once, if the destination is used in multiple log statements. To prevent such situations, use the **final** flag @@ -72,19 +72,19 @@ syslog-ng server. Log path flags. {: .notice--info} -5. The syslog-ng client processes the next log statement that includes +5. The {{ site.product.short_name }} client processes the next log statement that includes the /var/log/apache source, repeating [[steps 3-4|adm-conc-log#steps]]. -6. The message sent by the syslog-ng client arrives from a source set - in the syslog-ng server. +6. The message sent by the {{ site.product.short_name }} client arrives from a source set + in the {{ site.product.short_name }} server. -7. The syslog-ng server reads the message from its source and processes +7. The {{ site.product.short_name }} server reads the message from its source and processes the first log statement that includes that source. -8. The syslog-ng server performs optional operations (message +8. The {{ site.product.short_name }} server performs optional operations (message filtering, parsing, and rewriting) on the message, for example, it compares the message to the filters of the log statement (if any). - If the message complies with all filter rules, syslog-ng sends the + If the message complies with all filter rules, {{ site.product.short_name }} sends the message to the destinations set in the log statement. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Message filtering, @@ -92,10 +92,10 @@ syslog-ng server. in the log statement. {: .notice--warning} -9. The syslog-ng server processes the next log statement, repeating +9. The {{ site.product.short_name }} server processes the next log statement, repeating [[steps 7-9|adm-conc-log#steps]]. - **NOTE:** The syslog-ng application can stop reading messages from its + **NOTE:** The {{ site.product.short_name }} application can stop reading messages from its sources if the destinations cannot process the sent messages. This feature is called flow-control and is detailed in Managing incoming and outgoing messages with flow-control. diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/002_Modes_of_operation.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/002_Modes_of_operation.md index 081dedcd..4578b8cd 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/002_Modes_of_operation.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/002_Modes_of_operation.md @@ -2,7 +2,7 @@ title: Modes of operation id: adm-conc-mode description: >- - The syslog-ng Open Source Edition application has three typical + The {{ site.product.name }} application has three typical operation scenarios: Client, Server, and Relay. --- @@ -12,7 +12,7 @@ description: >- ![]({{ adm_img_folder | append: 'fig-client_mode01.png'}}) -In client mode, syslog-ng collects the local logs generated by the host +In client mode, {{ site.product.short_name }} collects the local logs generated by the host and forwards them through a network connection to the central syslog-ng server or to a relay. Clients often also log the messages locally into files. @@ -23,11 +23,11 @@ files. ![]({{ adm_img_folder | append: 'fig-relay_mode01.png'}}) -In relay mode, syslog-ng receives logs through the network from -syslog-ng clients and forwards them to the central syslog-ng server +In relay mode, {{ site.product.short_name }} receives logs through the network from +{{ site.product.short_name }} clients and forwards them to the central {{ site.product.short_name }} server using a network connection. Relays also log the messages from the relay host into a local file, or forward these messages to the central -syslog-ng server. +{{ site.product.short_name }} server. ## Example relay use cases @@ -47,7 +47,7 @@ To ensure at least a best effort level of reliability, One Identity recommends that you deploy a relay on the network, close to the source devices. With the most reliable hops between the source and the relay, you can minimize the risk of losing UDP packets. Once the packet arrives -at the relay, syslog-ng OSE ensures that the messages are delivered to +at the relay, {{ site.product.short_name }} ensures that the messages are delivered to the central server in a reliable manner, based on TCP/TLS. ### Too many source devices @@ -95,7 +95,7 @@ for all the messages of the remote site, which has several benefits: - **Reliability**: You can set up a main disk-buffer on the relay. The main disk-buffer is only responsible for buffering all the logs of - the remote site if the central syslog-ng OSE server is temporarily + the remote site if the central {{ site.product.short_name }} server is temporarily unavailable. It is easier to maintain this single main disk-buffer instead of setting disk-buffers on individual client machines. @@ -103,8 +103,8 @@ for all the messages of the remote site, which has several benefits: Most Linux applications have their own human readable, but difficult to handle, log messages. Without parsing and normalization it is difficult -to alert and report on these log messages. Many syslog-ng users use the -message parsing tools of syslog-ng to normalize their different log +to alert and report on these log messages. Many {{ site.product.short_name }} users use the +message parsing tools of {{ site.product.short_name }} to normalize their different log messages. Just like normalization, filtering can also be resource-heavy, depending on what the filtering is based on. In this case, it might be inefficient to perform all the message processing tasks on the server as @@ -135,7 +135,7 @@ also used to serve N+1 redundant relay deployments. In this case, switching from one relay to another relay is done when there is an outage but also for real load balancing purposes. -### What syslog-ng relays are not good for +### What {{ site.product.short_name }} relays are not good for The purpose of the relay is to buffer the logs for short term, for example, a few minutes or a few hours long outages (depending on the log @@ -145,7 +145,7 @@ days long. If you expect extended outages, One Identity recommends that you deploy servers instead of relays. There are many deployments where long term -storage and archiving are performed on the central syslog-ng server, but +storage and archiving are performed on the central {{ site.product.short_name }} server, but relays also do short-term log storage. ## Server mode @@ -154,7 +154,7 @@ relays also do short-term log storage. ![]({{ adm_img_folder | append: 'fig-server_mode01.png'}}) -In server mode, syslog-ng acts as a central log-collecting server. It -receives messages from syslog-ng clients and relays over the network, +In server mode, {{ site.product.short_name }} acts as a central log-collecting server. It +receives messages from {{ site.product.short_name }} clients and relays over the network, and stores them locally in files, or passes them to other applications, for example, log analyzers. diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/003_Global_objects.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/003_Global_objects.md index e73805b8..4c64419d 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/003_Global_objects.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/003_Global_objects.md @@ -5,7 +5,7 @@ id: adm-conc-glob ## Source driver -A communication method used to receive log messages. For example, syslog-ng can +A communication method used to receive log messages. For example, {{ site.product.short_name }} can receive messages from a remote host via TCP/IP, or read the messages of a local application from a file. @@ -17,7 +17,7 @@ A named collection of configured source drivers. ## Destination driver -A communication method used to send log messages. For example, syslog-ng can +A communication method used to send log messages. For example, {{ site.product.short_name }} can send messages to a remote host via TCP /IP, or write the messages into a file or database. @@ -63,7 +63,7 @@ For details, see Modifying messages using rewrite rules. ## Log paths A combination of sources, destinations, and other objects like filters, parsers, -and rewrite rules. The syslog-ng application sends messages arriving from the +and rewrite rules. The {{ site.product.short_name }} application sends messages arriving from the sources of the log paths to the defined destinations, and performs filtering, parsing, and rewriting of the messages. Log paths are also called log statements. Log statements can include other (embedded) log statements and junctions to @@ -82,8 +82,8 @@ For details, see Customize message format using macros and templates. ## Option -Options set global parameters of syslog-ng, like the parameters of name +Options set global parameters of {{ site.product.short_name }}, like the parameters of name resolution and timezone handling. -For details, see Global options of syslog-ng OSE. +For details, see Global options of {{ site.product.short_name }}. For details on the above objects, see The configuration syntax in detail. diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/004_Timezones_and_daylight_saving.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/004_Timezones_and_daylight_saving.md index 61661224..1e530a12 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/004_Timezones_and_daylight_saving.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/004_Timezones_and_daylight_saving.md @@ -2,25 +2,25 @@ title: Timezones and daylight saving id: adm-conc-tz description: >- - The syslog-ng application receives the timezone and daylight saving + The {{ site.product.short_name }} application receives the timezone and daylight saving information from the operating system it is installed on. If the operating system handles daylight saving correctly, so does syslog-ng. --- -The syslog-ng application supports messages originating from different -timezones. The original syslog protocol (RFC-3164) does not include -timezone information, but syslog-ng provides a solution by extending the +The {{ site.product.short_name }} application supports messages originating from different +timezones. The original syslog protocol (RFC3-3164) does not include +timezone information, but {{ site.product.short_name }} provides a solution by extending the syslog protocol to include the timezone in the log messages. The -syslog-ng application also enables administrators to supply timezone +{{ site.product.short_name }} application also enables administrators to supply timezone information for legacy devices which do not support the protocol extension. -## How syslog-ng OSE assigns timezone to the message +## How {{ site.product.short_name }} assigns timezone to the message -When syslog-ng OSE receives a message, it assigns timezone information +When {{ site.product.short_name }} receives a message, it assigns timezone information to the message using the following algorithm. -1. The sender application (for example, the syslog-ng client) or host +1. The sender application (for example, the {{ site.product.short_name }} client) or host specifies the timezone of the messages. If the incoming message includes a timezone it is associated with the message. Otherwise, the local timezone is assumed. @@ -32,11 +32,11 @@ to the message using the following algorithm. recv-time-zone() global option. It is not possible to override only the timezone information of the incoming message, but setting the keep-timestamp() option to **no** - allows syslog-ng OSE to replace the full timestamp (timezone + allows {{ site.product.short_name }} to replace the full timestamp (timezone included) with the time the message was received. **NOTE:** When processing a message that does not contain timezone - information, the syslog-ng OSE application will use the timezone and + information, the {{ site.product.short_name }} application will use the timezone and daylight-saving that was effective when the timestamp was generated. {: .notice--info} For example, the current time is 2011-03-11 (March 11, 2011) in the @@ -51,7 +51,7 @@ to the message using the following algorithm. 3. Specify the timezone in the destination driver using the time-zone() parameter. Each destination driver might have an associated timezone - value: syslog-ng converts message timestamps to this timezone before + value: {{ site.product.short_name }} converts message timestamps to this timezone before sending the message to its destination (file or network socket). Each destination defaults to the value of the send-time-zone() global option. @@ -65,7 +65,7 @@ to the message using the following algorithm. OSE sends the message is to the destination using the legacy-syslog protocol (RFC-3164) which does not support timezone information in its timestamps, the timezone information cannot be encapsulated into the sent timestamp, - so syslog-ng OSE will convert the hour:min values based on the explicitly + so {{ site.product.short_name }} will convert the hour:min values based on the explicitly specified timezone. {: .notice--warning} @@ -73,7 +73,7 @@ to the message using the following algorithm. 5. When macro expansions are used in the destination filenames, the local timezone is used. (Also, if the timestamp of the received - message does not contain the year of the message, syslog-ng OSE uses + message does not contain the year of the message, {{ site.product.short_name }} uses the local year.) **NOTE:** You can modify the timezone of the message using timezone-specific @@ -83,11 +83,11 @@ to the message using the following algorithm. ## A note on timezones and timestamps -If the clients run syslog-ng, then use the ISO timestamp, because it +If the clients run {{ site.product.short_name }}, then use the ISO timestamp, because it includes timezone information. That way you do not need to adjust the recv-time-zone() parameter of syslog-ng. -If you want syslog-ng to output timestamps in Unix (POSIX) time format, +If you want {{ site.product.short_name }} to output timestamps in Unix (POSIX) time format, use the `S_UNIXTIME` and `R_UNIXTIME` macros. You do not need to change any of the timezone related parameters, because the timestamp information of incoming messages is converted to Unix time internally, diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/005_Licensing.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/005_Licensing.md index 035df299..1a296249 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/005_Licensing.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/005_Licensing.md @@ -2,8 +2,8 @@ title: Product licensing id: adm-conc-lic description: >- - Starting with version 3.2, the syslog-ng Open Source Edition application - is licensed under a combined LGPL+GPL license. The core of syslog-ng OSE + Starting with version 3.2, the {{ site.product.name }} application + is licensed under a combined LGPL+GPL license. The core of {{ site.product.short_name }} is licensed under the GNU Lesser General Public License Version 2.1 license, while the rest of the codebase is licensed under the GNU General Public License Version 2 license. @@ -18,4 +18,4 @@ GNU Lesser General Public License and GNU General Public License, respectively. For clarity, the Documentation is licensed separately. -For details, see The syslog-ng Open Source Edition Documentation License. +For details, see The {{ site.product.name }} Documentation License. diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/006_High_availability.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/006_High_availability.md index 2879101e..957d6707 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/006_High_availability.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/006_High_availability.md @@ -2,10 +2,9 @@ title: High availability support id: adm-conc-ha description: >- - Multiple syslog-ng servers can be run in fail-over mode. The syslog-ng - application does not include any internal support for this, as + Multiple {{ site.product.short_name }} servers can be run in fail-over mode. The {{ site.product.short_name }} application does not include any internal support for this, as clustering support must be implemented on the operating system level. --- A tool that can be used to create UNIX clusters is Heartbeat (for details, -see the archived page of Linux-HA. +see the archived page of Linux-HA). diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/000_BSD_syslog_messages.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/000_BSD_syslog_messages.md index 7fba818d..e2c9901c 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/000_BSD_syslog_messages.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/000_BSD_syslog_messages.md @@ -25,7 +25,7 @@ The message corresponds to the following format: The different parts of the message are explained in the following sections. -**NOTE:** The syslog-ng Open Source Edition (syslog-ng OSE) application +**NOTE:** The {{ site.product.short_name }} application supports longer messages as well. For details, see the log-msg-size() option in Global options. However, it is not recommended to enable messages larger than the packet @@ -89,7 +89,7 @@ the local time in the *Mmm dd hh:mm:ss* format, where: 24-hour format. Valid entries are between 00 and 23, inclusive. The minute (mm) and second (ss) entries are between 00 and 59 inclusive. -**NOTE:** The syslog-ng Open Source Edition (syslog-ng OSE) application +**NOTE:** The {{ site.product.short_name }} application supports other timestamp formats as well, like ISO, or the PIX extended format. For details, see the ts-format() option in Global options. {: .notice--info} diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/001_IETF_syslog_messages.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/001_IETF_syslog_messages.md index ca12a189..5accff1e 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/001_IETF_syslog_messages.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/001_IETF_syslog_messages.md @@ -81,13 +81,13 @@ The HEADER part contains the following elements: - *MESSAGEID*: The ID number of the message. -**NOTE:** The syslog-ng application supports other timestamp formats as +**NOTE:** The {{ site.product.short_name }} application supports other timestamp formats as well, like ISO, or the PIX extended format. The timestamp used in the IETF-syslog protocol is derived from RFC-3339, which is based on ISO8601. For details, see the ts-format() option in Global options. {: .notice--info} -The syslog-ng OSE application will truncate the following fields: +The {{ site.product.short_name }} application will truncate the following fields: - If *APP-NAME* is longer than 48 characters it will be truncated to 48 characters. @@ -107,9 +107,9 @@ The STRUCTURED-DATA message part may contain meta- information about the syslog message, or application-specific information such as traffic counters or IP addresses. STRUCTURED-DATA consists of data blocks enclosed in brackets (*\[\]*). Every block includes the ID of the block, -and one or more *name=value* pairs. The syslog-ng application +and one or more *name=value* pairs. The {{ site.product.short_name }} application automatically parses the STRUCTURED-DATA part of syslog messages, which -can be referenced in macros (for details, see Macros of syslog-ng OSE. +can be referenced in macros (for details, see Macros of {{ site.product.short_name }}. An example STRUCTURED-DATA block looks like: diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/002_EWMM_messages.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/002_EWMM_messages.md index 77a9a9f1..33e675f2 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/002_EWMM_messages.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/002_EWMM_messages.md @@ -7,12 +7,12 @@ description: >- --- The Enterprise-wide message model or EWMM allows you to deliver -structured messages from the initial receiving syslog-ng component right +structured messages from the initial receiving {{ site.product.short_name }} component right up to the central log server, through any number of hops. It does not matter if you parse the messages on the client, on a relay, or on the central server, their structured results will be available where you store the messages. Optionally, you can also forward the original raw -message as the first syslog-ng component in your infrastructure has +message as the first {{ site.product.short_name }} component in your infrastructure has received it, which is important if you want to forward a message for example, to a SIEM system. To make use of the enterprise-wide message model, you have to use the [[syslog-ng() destination|adm-dest-syslogng]] @@ -32,10 +32,10 @@ The message has the following parts: where the PROGRAM field is set to @syslog-ng, and the SDATA field is empty. - The MESSAGE part is in JSON format, and contains the actual message, - as well as any name-value pairs that syslog-ng OSE has attached to + as well as any name-value pairs that {{ site.product.short_name }} has attached to or extracted from the message. The ${.\_TAGS} field contains the - identifier of the syslog-ng source that has originally received the - message on the first syslog-ng node. + identifier of the {{ site.product.short_name }} source that has originally received the + message on the first {{ site.product.short_name }} node. To send a message in EWMM format, you can use the [[syslog-ng() destination driver|adm-dest-syslogng]], diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/README.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/README.md index a16dbdd4..16734a3a 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/README.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/007_The_structure_of_a_log_message/README.md @@ -15,8 +15,8 @@ Currently there are two standard syslog message formats: protocol): see IETF-syslog messages. - The Enterprise-wide message model or EWMM allows you to deliver - structured messages between syslog-ng nodes: see + structured messages between {{ site.product.short_name }} nodes: see Enterprise-wide message model (EWMM). -- How messages are represented in syslog-ng OSE: see - Message representation in syslog-ng OSE. +- How messages are represented in {{ site.product.short_name }}: see + Message representation in {{ site.product.short_name }}. diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/008_Message_representation.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/008_Message_representation.md index 3954552c..4ec9e5f6 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/008_Message_representation.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/008_Message_representation.md @@ -1,11 +1,11 @@ --- -title: Message representation in syslog-ng OSE +title: Message representation in {{ site.product.short_name }} id: adm-conc-msg description: >- - When the syslog-ng OSE application receives a message, it automatically - parses the message. The syslog-ng OSE application can automatically + When the {{ site.product.short_name }} application receives a message, it automatically + parses the message. The {{ site.product.short_name }} application can automatically parse log messages that conform to the RFC-3164 (BSD or legacy-syslog) or - the RFC-5424 (IETF-syslog) message formats. If syslog-ng OSE cannot parse + the RFC-5424 (IETF-syslog) message formats. If {{ site.product.short_name }} cannot parse a message, it results in an error. --- @@ -16,7 +16,7 @@ macro in the destination definition. {: .notice--info} To parse non-syslog messages, for example, JSON, CSV, or other messages, -you can use the built-in parsers of syslog-ng OSE. For details, see +you can use the built-in parsers of {{ site.product.short_name }}. For details, see [[parser: Parse and segment structured messages]]. A parsed syslog message has the following parts: @@ -25,7 +25,7 @@ A parsed syslog message has the following parts: Two timestamps are associated with every message: one is the timestamp contained within the message (that is, when the sender -sent the message), the other is the time when syslog-ng OSE has +sent the message), the other is the time when {{ site.product.short_name }} has actually received the message. ## Severity @@ -41,7 +41,7 @@ The facility that sent the message. Custom text labels added to the message that are mainly used for filtering. None of the current message transport protocols adds tags to the log messages. Tags can be added to the log message only -within syslog-ng OSE. The syslog-ng OSE application automatically +within {{ site.product.short_name }}. The {{ site.product.short_name }} application automatically adds the id of the source as a tag to the incoming messages. Other tags can be added to the message by the pattern database, or using the tags() option of the source. @@ -50,7 +50,7 @@ the tags() option of the source. The IP address of the host that sent the message. Note that the IP address of the sender is a hard macro and cannot be modified within -syslog-ng OSE but the associated hostname can be modified, for +{{ site.product.short_name }} but the associated hostname can be modified, for example, using rewrite rules. ## Hard macros @@ -66,10 +66,10 @@ rules or other means. Soft macros (sometimes also called name-value pairs) are either built-in macros automatically generated from the log message (for example, ${HOST}), or custom user-created macros generated by using -the syslog-ng pattern database or a CSV-parser. The SDATA fields of +the {{ site.product.short_name }} pattern database or a CSV-parser. The SDATA fields of RFC-5424 formatted log messages become soft macros as well. In contrast with hard macros, soft macros are writable and can be -modified within syslog-ng OSE, for example, using rewrite rules. +modified within {{ site.product.short_name }}, for example, using rewrite rules. **NOTE:** It is also possible to set the value of built-in soft macros using parsers, for example, to set the ${HOST} macro from the @@ -85,14 +85,14 @@ Hard versus soft macros. ## Message size and encoding -Internally, syslog-ng OSE represents every message as UTF-8. The maximal +Internally, {{ site.product.short_name }} represents every message as UTF-8. The maximal length of the log messages is limited by the log-msg-size() option: if a -message is longer than this value, syslog-ng OSE truncates the message +message is longer than this value, {{ site.product.short_name }} truncates the message at the location it reaches the log-msg-size() value, and discards the rest of the message. When encoding is set in a source (using the encoding() option) and the message is longer (in bytes) than log-msg-size() in UTF-8 -representation, syslog-ng OSE splits the message at an undefined +representation, {{ site.product.short_name }} splits the message at an undefined location (because the conversion between different encodings is not trivial). diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/009_Structuring_macros/000_Specifying_data_types.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/009_Structuring_macros/000_Specifying_data_types.md index 0e080a02..c31b854f 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/009_Structuring_macros/000_Specifying_data_types.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/009_Structuring_macros/000_Specifying_data_types.md @@ -2,25 +2,25 @@ title: Specifying data types in value-pairs id: adm-spec-value-pairs description: >- - By default, syslog-ng OSE handles every data as strings. However, + By default, {{ site.product.short_name }} handles every data as strings. However, certain destinations and data formats (for example, SQL, MongoDB, JSON , AMQP) support other types of data as well, for example, numbers or - dates. The syslog-ng OSE application allows you to specify the data type + dates. The {{ site.product.short_name }} application allows you to specify the data type in templates (this is also called type-hinting). If the destination driver supports data types, it converts the incoming data to the specified data type. For example, this allows you to store integer numbers as numbers in MongoDB, instead of strings. --- -From syslog-ng OSE version 4.0 onwards, name-value pairs are now +From {{ site.product.short_name }} version 4.0 onwards, name-value pairs are now triplets (name, type, value). Typing support is available for several other components, for example, json-parser() and the $(format-json) template function. For more information, see Components supported by data types. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Hazard of data loss! -If syslog-ng OSE cannot convert the data into the specified type, an error occurs, -and syslog-ng OSE drops the message by default. To change how syslog-ng OSE handles +If {{ site.product.short_name }} cannot convert the data into the specified type, an error occurs, +and {{ site.product.short_name }} drops the message by default. To change how {{ site.product.short_name }} handles data-conversion errors, see on-error(). {: .notice--danger} @@ -56,7 +56,7 @@ Use the following example to format the MESSAGE field as a JSON list. `$$(format-json message=list(${MESSAGE}))` -The syslog-ng OSE application currently supports the following data-types. +The {{ site.product.short_name }} application currently supports the following data-types. - boolean: Converts the data to a boolean value. Anything that begins with a t or 1 is converted to true, anything that begins with an f @@ -85,7 +85,7 @@ The syslog-ng OSE application currently supports the following data-types. ## Components supported by data types -The following components support data types from syslog-ng OSE 4.0 and +The following components support data types from {{ site.product.short_name }} 4.0 and onwards: **NOTE:** Component types not listed below process data as string. @@ -99,9 +99,9 @@ onwards: ### json-parser() and the format-json template function For more information, see JSON parser and -Template functions of syslog-ng OSE. +Template functions of {{ site.product.short_name }}. -syslog-ng OSE converts all elements in a JSON object to name-value +{{ site.product.short_name }} converts all elements in a JSON object to name-value pairs, when using json-parser(). Any type related data present in the original JSON is retained. This data is propagated automatically to any other component that supports type, for example a @@ -109,7 +109,7 @@ destination. Elements without type data are handled as strings. -JSON lists (arrays) are converted to syslog-ng OSE lists, and can be +JSON lists (arrays) are converted to {{ site.product.short_name }} lists, and can be manipulated using the $(list-append) template functions. ### set() and groupset() rewrite rules @@ -161,10 +161,10 @@ functions) support all data types, except for json(). ### On-disk serialized formats (that is, disk buffer) -syslog-ng OSE Version 4.0 and newer versions are backwards +{{ site.product.short_name }} Version 4.0 and newer versions are backwards compatible with messages serialized with earlier versions, and the format is compatible for downgrades. Therefore, even if a newer -version of syslog-ng OSE serialized a message, older versions and +version of {{ site.product.short_name }} serialized a message, older versions and associated tools are able to read it, however, in this case the type information is lost. diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/009_Structuring_macros/README.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/009_Structuring_macros/README.md index 864c334a..556d6e59 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/009_Structuring_macros/README.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/009_Structuring_macros/README.md @@ -2,9 +2,9 @@ title: Structuring macros, metadata, and other value-pairs id: adm-structuring-macros description: >- - Available in syslog-ng OSE 3.3 and later. + Available in {{ site.product.short_name }} 3.3 and later. - The syslog-ng OSE application allows you to select and construct + The {{ site.product.short_name }} application allows you to select and construct name-value pairs from any information already available about the log message, or extracted from the message itself. --- diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/010_Things_to_consider.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/010_Things_to_consider.md index 93a5d279..b4923eb8 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/010_Things_to_consider.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/010_Things_to_consider.md @@ -1,22 +1,22 @@ --- -title: Things to consider when forwarding messages between syslog-ng OSE hosts +title: Things to consider when forwarding messages between {{ site.product.short_name }} hosts id: adm-conc-cons description: >- - When you send your log messages from a syslog-ng OSE client through the - network to a syslog-ng OSE server, you can use different protocols and + When you send your log messages from a {{ site.product.short_name }} client through the + network to a {{ site.product.short_name }} server, you can use different protocols and options. Every combination has its advantages and disadvantages. The most important thing is to use matching protocols and options, so the server handles the incoming log messages properly. --- -In syslog-ng OSE you can change many aspects of the network +In {{ site.product.short_name }} you can change many aspects of the network communication. First of all, there is the structure of the messages -itself. Currently, syslog-ng OSE supports two standard syslog protocols: +itself. Currently, {{ site.product.short_name }} supports two standard syslog protocols: the BSD (RFC-3164) and the syslog (RFC-5424) message format. These RFCs describe the format and the structure of the log message, and add a (lightweight) framing around the messages. You can set this -framing/structure by selecting the appropriate driver in syslog-ng OSE. +framing/structure by selecting the appropriate driver in {{ site.product.short_name }}. There are two drivers you can use: the **network()** driver and the **syslog()** driver. The syslog() driver is for the syslog (RFC-5424) protocol and the network() driver is for the BSD (RFC-3164) protocol. @@ -67,7 +67,7 @@ the following drivers and options as sources and as destinations: 15. network(transport(rltp(tls-required(yes)) flag(syslog-protocol)) If you use the same driver and options in the destination of your -syslog-ng OSE client and the source of your syslog-ng OSE server, +{{ site.product.short_name }} client and the source of your {{ site.product.short_name }} server, everything should work as expected. Unfortunately there are some other combinations, that seem to work, but result in losing parts of the messages. The following table shows the combinations: diff --git a/doc/_admin-guide/020_The_concepts_of_syslog-ng/011_Commercial_version.md b/doc/_admin-guide/020_The_concepts_of_syslog-ng/011_Commercial_version.md index 75de7185..60a69362 100644 --- a/doc/_admin-guide/020_The_concepts_of_syslog-ng/011_Commercial_version.md +++ b/doc/_admin-guide/020_The_concepts_of_syslog-ng/011_Commercial_version.md @@ -81,7 +81,7 @@ SSB provides a number of features that can add value for your use cases: - Configuring SSB is done through the user interface. All of the flexible filtering, classification and routing features in the - syslog-ng Open Source Edition and syslog-ng Premium Edition can + {{ site.product.name }} and syslog-ng Premium Edition can be configured with it. Access and authentication policies can be set to integrate with Microsoft Active Directory, LDAP and Radius servers. The web interface is accessible through a @@ -94,7 +94,7 @@ SSB provides a number of features that can add value for your use cases: For further details about syslog-ng Store Box, see The syslog-ng Store Box Administration Guide. -## Upgrading from syslog-ng OSE to syslog-ng PE +## Upgrading from {{ site.product.short_name }} to syslog-ng PE -If you wish to upgrade from syslog-ng OSE to syslog-ng PE, read the blog -post Upgrading from syslog-ng OSE to syslog-ng PE for instructions and tips. +If you wish to upgrade from {{ site.product.short_name }} to syslog-ng PE, read the blog +post Upgrading from {{ site.product.short_name }} to syslog-ng PE for instructions and tips. diff --git a/doc/_admin-guide/030_Installing_syslog-ng/000_Compiling_syslog-ng_from_source.md b/doc/_admin-guide/030_Installing_syslog-ng/000_Compiling_syslog-ng_from_source.md index 0d05cda1..5232771b 100644 --- a/doc/_admin-guide/030_Installing_syslog-ng/000_Compiling_syslog-ng_from_source.md +++ b/doc/_admin-guide/030_Installing_syslog-ng/000_Compiling_syslog-ng_from_source.md @@ -1,18 +1,18 @@ --- -title: Compiling syslog-ng from source +title: Compiling {{ site.product.short_name }} from source id: adm-inst-comp description: >- - To compile syslog-ng Open Source Edition (OSE) from the source code, + To compile {{ site.product.name }} (OSE) from the source code, complete the following steps. Alternatively, you can use precompiled binary packages on several platforms. --- For a list of third-party packages available for various Linux, UNIX, -and other platforms, see syslog-ng Open Source Edition installation packages. +and other platforms, see {{ site.product.name }} installation packages. ## Steps -1. Download the latest version of syslog-ng OSE source code from GitHub. The source code +1. Download the latest version of {{ site.product.short_name }} source code from GitHub. The source code is available as a tar.gz archive file. 2. Install the following packages that are required to compile @@ -30,12 +30,12 @@ and other platforms, see syslog-ng Open Source Edition installation packages. - The development files of the Autoconf Archive package - - The syslog-ng OSE application now uses PCRE-type regular + - The {{ site.product.short_name }} application now uses PCRE-type regular expressions by default. It requires the libpcre library package. - - If you want to use the Java-based modules of syslog-ng OSE (for + - If you want to use the Java-based modules of {{ site.product.short_name }} (for example, the Elasticsearch, HDFS, or Kafka destinations), you - must compile syslog-ng OSE with Java support. + must compile {{ site.product.short_name }} with Java support. - Download and install the Java Runtime Environment (JRE), 1.7 (or newer). You can use OpenJDK or Oracle JDK, other @@ -49,7 +49,7 @@ and other platforms, see syslog-ng Open Source Edition installation packages. Note that many platforms have a simplified links for Java libraries. Use the simplified path if available. If you use - a startup script to start syslog-ng OSE set + a startup script to start {{ site.product.short_name }} set **LD_LIBRARY_PATH** in the script as well. - If you are behind an HTTP proxy, create a gradle.properties @@ -62,7 +62,7 @@ and other platforms, see syslog-ng Open Source Edition installation packages. option. Alternatively, you can use a Java-based implementation of the HTTP destination. -4. If you want to use the spoof-source function of syslog-ng, install +4. If you want to use the spoof-source function of {{ site.product.short_name }}, install the development files of the libnet library. 5. If you want to send emails using the smtp() destination, install the @@ -89,7 +89,7 @@ and other platforms, see syslog-ng Open Source Edition installation packages. ``` -9. Uncompress the syslog-ng archive using the +9. Uncompress the {{ site.product.short_name }} archive using the ```bash tar xvfz syslog-ng-x.xx.tar.gz @@ -112,19 +112,19 @@ and other platforms, see syslog-ng Open Source Edition installation packages. make install ``` - These commands will build syslog-ng using its default options. + These commands will build {{ site.product.short_name }} using its default options. >**NOTE:** When using the make command, consider the following: > >- On Solaris, use **gmake** (GNU make) instead of **make**. - >- To build syslog-ng OSE with less verbose output, use the **make + >- To build {{ site.product.short_name }} with less verbose output, use the **make > V=0** command. This results in shorter, less verbose output, > making warnings and other anomalies easier to notice. Note that > silent-rules support is only available in recent automake > versions. {: .notice--info} -11. If needed, use the following options to change how syslog-ng is +11. If needed, use the following options to change how {{ site.product.short_name }} is compiled using the following command syntax: ```bash @@ -135,11 +135,11 @@ and other platforms, see syslog-ng Open Source Edition installation packages. feature and override autodetection. For example, to disable the TCP-wrapper support, use the *\--disable-tcp-wrapper* option. For the list of available compiling options, see - Compiling options of syslog-ng OSE. + Compiling options of {{ site.product.short_name }}. {: .notice--info} ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -The default linking mode of syslog-ng is dynamic. This means that syslog-ng +The default linking mode of {{ site.product.short_name }} is dynamic. This means that syslog-ng might not be able to start up if the /usr directory is on NFS. On platforms -where syslog-ng is used as a system logger, the \--enable-mixed-linking is preferred. +where {{ site.product.short_name }} is used as a system logger, the \--enable-mixed-linking is preferred. {: .notice--warning} diff --git a/doc/_admin-guide/030_Installing_syslog-ng/001_Compiling_options.md b/doc/_admin-guide/030_Installing_syslog-ng/001_Compiling_options.md index b66f98d2..35078a4d 100644 --- a/doc/_admin-guide/030_Installing_syslog-ng/001_Compiling_options.md +++ b/doc/_admin-guide/030_Installing_syslog-ng/001_Compiling_options.md @@ -1,9 +1,9 @@ --- -title: Compiling options of syslog-ng OSE +title: Compiling options of {{ site.product.short_name }} id: adm-inst-compopt --- -When compiling syslog-ng OSE from source, you can use the following +When compiling {{ site.product.short_name }} from source, you can use the following compiling options. - *\--enable-all-modules* This option will turn on or off all modules @@ -35,14 +35,14 @@ compiling options. - *\--enable-amqp* Enable the amqp destination (enabled by default). The source of the RabbitMQ client is included in the source code - package of syslog-ng OSE. To use an external client instead, use the + package of {{ site.product.short_name }}. To use an external client instead, use the **\--with-librabbitmq-client=system** compiling option. For details on using this destination, see [[amqp: Publishing messages using AMQP]]. - *\--enable-debug* Include debug information. -- *\--enable-dynamic-linking* Compile syslog-ng as a completely - dynamic binary. If not specified syslog-ng uses mixed linking +- *\--enable-dynamic-linking* Compile {{ site.product.short_name }} as a completely + dynamic binary. If not specified {{ site.product.short_name }} uses mixed linking (\--enable-mixed-linking): it links dynamically to system libraries and statically to everything else. @@ -66,7 +66,7 @@ compiling options. and format-json template functions. - *\--enable-linux-caps* Enable support for capabilities on Linux. For details, - see The syslog-ng manual page. + see The {{ site.product.short_name }} manual page. - *\--enable-mongodb* Enable the mongodb destination (enabled by default). To use mongodb(), an external MongoDB client is needed. @@ -124,7 +124,7 @@ compiling options. - *\--with-ivykis* Specifies which ivykis implementation to use (default value: internal). The source of ivykis is included in the - source code package of syslog-ng OSE and is used by default. To use + source code package of {{ site.product.short_name }} and is used by default. To use an external implementation instead, use the **\--with-ivykis=system** compiling option. @@ -138,21 +138,21 @@ compiling options. - *\--with-librabbitmq-client* Specifies which RabbitMQ client to use (default value: internal). The source of the rabbitmq client is - included in the source code package of syslog-ng OSE and is used by + included in the source code package of {{ site.product.short_name }} and is used by default. To use an external client instead, use the **\--with-librabbitmq-client=system** compiling option. For details on using this destination, see [[amqp: Publishing messages using AMQP]]. - *\--with-module-dir* Specifies a single directory where the - syslog-ng OSE Makefile will install the modules. + {{ site.product.short_name }} Makefile will install the modules. -- *\--module-install-dir* Specifies syslog-ng OSE\'s module +- *\--module-install-dir* Specifies {{ site.product.short_name }}\'s module installation directory (normally $prefix/lib/syslog-ng). All Java-based SCLs use this option. - *\--with-module-path* Specifies a colon-separated (:) list of - directories, where the syslog-ng OSE binary will search for modules. + directories, where the {{ site.product.short_name }} binary will search for modules. - *\--with-net-snmp* Specifies the path to the libsnmp-dev library, required for the snmp() destination. @@ -160,7 +160,7 @@ compiling options. - *\--with-python* Specifies which Python version to use, for example, **\--with-python=2.7** -- *\--with-timezone-dir* Specifies the directory where syslog-ng looks +- *\--with-timezone-dir* Specifies the directory where {{ site.product.short_name }} looks for the timezone files to resolve the time-zone() and local-time-zone() options. If not specified, the /opt/syslog-ng/share/zoneinfo/ and /usr/share/zoneinfo/ directories diff --git a/doc/_admin-guide/030_Installing_syslog-ng/002_Uninstalling_syslog-ng.md b/doc/_admin-guide/030_Installing_syslog-ng/002_Uninstalling_syslog-ng.md index 69c36a10..0912d02a 100644 --- a/doc/_admin-guide/030_Installing_syslog-ng/002_Uninstalling_syslog-ng.md +++ b/doc/_admin-guide/030_Installing_syslog-ng/002_Uninstalling_syslog-ng.md @@ -1,23 +1,23 @@ --- -title: Uninstalling syslog-ng OSE +title: Uninstalling {{ site.product.short_name }} id: adm-inst-uninst --- -If you need to uninstall syslog-ng OSE for some reason, you have the +If you need to uninstall {{ site.product.short_name }} for some reason, you have the following options: -- *If you have installed syslog-ng OSE from a .deb package*: Execute - the **dpkg -r syslog-ng** command to remove syslog-ng, or the **dpkg - -P syslog-ng** command to remove syslog-ng OSE and the configuration - files as well. Note that removing syslog-ng OSE does not restore the +- *If you have installed {{ site.product.short_name }} from a .deb package*: Execute + the **dpkg -r syslog-ng** command to remove {{ site.product.short_name }}, or the **dpkg + -P syslog-ng** command to remove {{ site.product.short_name }} and the configuration + files as well. Note that removing {{ site.product.short_name }} does not restore the syslog daemon used before syslog-ng. -- *If you have installed syslog-ng OSE from an .rpm package*: Execute - the **rpm -e syslog-ng** command to remove syslog-ng OSE. Note that - removing syslog-ng OSE does not restore the syslog daemon used - before syslog-ng OSE. +- *If you have installed {{ site.product.short_name }} from an .rpm package*: Execute + the **rpm -e syslog-ng** command to remove {{ site.product.short_name }}. Note that + removing {{ site.product.short_name }} does not restore the syslog daemon used + before {{ site.product.short_name }}. -- *If you have compiled syslog-ng OSE from source*: Execute the **sudo - make uninstall** command to remove syslog-ng OSE. Note that removing - syslog-ng OSE does not restore the syslog daemon used before - syslog-ng OSE. +- *If you have compiled {{ site.product.short_name }} from source*: Execute the **sudo + make uninstall** command to remove {{ site.product.short_name }}. Note that removing + {{ site.product.short_name }} does not restore the syslog daemon used before + {{ site.product.short_name }}. diff --git a/doc/_admin-guide/030_Installing_syslog-ng/README.md b/doc/_admin-guide/030_Installing_syslog-ng/README.md index 96bf8a0e..133a9e1a 100644 --- a/doc/_admin-guide/030_Installing_syslog-ng/README.md +++ b/doc/_admin-guide/030_Installing_syslog-ng/README.md @@ -2,19 +2,19 @@ title: Installing syslog-ng id: adm-install description: >- - This chapter explains how to install syslog-ng Open Source Edition on + This chapter explains how to install {{ site.product.name }} on various platforms. --- -- You can install syslog-ng OSE on many platforms using the package +- You can install {{ site.product.short_name }} on many platforms using the package manager and official repositories of the platform. For a list of third-party packages available for various Linux, UNIX, and other - platforms, see syslog-ng Open Source Edition installation packages. + platforms, see {{ site.product.name }} installation packages. -- For instructions on compiling syslog-ng Open Source Edition from the - source code, see Compiling syslog-ng from source +- For instructions on compiling {{ site.product.name }} from the + source code, see Compiling {{ site.product.short_name }} from source -- You can use a syslog-ng docker image. +- You can use a {{ site.product.short_name }} docker image. For detailed information on how to run your central log server in Docker and - other Docker-related syslog-ng use cases, see the Logging in Docker using syslog-ng white paper. + other Docker-related {{ site.product.short_name }} use cases, see the Logging in Docker using syslog-ng white paper. diff --git a/doc/_admin-guide/040_Quick-start_guide/000_Configuring_syslog-ng_on_client_hosts.md b/doc/_admin-guide/040_Quick-start_guide/000_Configuring_syslog-ng_on_client_hosts.md index 88f04a82..81548299 100644 --- a/doc/_admin-guide/040_Quick-start_guide/000_Configuring_syslog-ng_on_client_hosts.md +++ b/doc/_admin-guide/040_Quick-start_guide/000_Configuring_syslog-ng_on_client_hosts.md @@ -1,25 +1,25 @@ --- -title: Configuring syslog-ng on client hosts +title: Configuring {{ site.product.short_name }} on client hosts id: adm-qs-client-conf description: >- - To configure syslog-ng on a client host, complete the following steps. + To configure {{ site.product.short_name }} on a client host, complete the following steps. --- ## Steps -1. Install the syslog-ng application on the host. For details - installing syslog-ng on specific operating systems, see +1. Install the {{ site.product.short_name }} application on the host. For details + installing {{ site.product.short_name }} on specific operating systems, see Installing syslog-ng. 2. Configure the local sources to collect the log messages of the host. - Starting with version 3.2, syslog-ng OSE automatically collects the + Starting with version 3.2, {{ site.product.short_name }} automatically collects the log messages that use the native system logging method of the platform, for example, messages from /dev/log on Linux, or /dev/klog on FreeBSD. For a complete list of messages that are collected automatically, see [[system: Collecting the system-specific log messages of a platform]]. - To configure syslog-ng OSE, edit the syslog-ng.conf file with any + To configure {{ site.product.short_name }}, edit the syslog-ng.conf file with any regular text editor application. The location of the configuration - file depends on how you installed syslog-ng OSE. Native packages of + file depends on how you installed {{ site.product.short_name }}. Native packages of a platform (like the ones downloaded from Linux repositories) typically place the configuration file under the /etc/syslog-ng/ directory. @@ -42,9 +42,9 @@ description: >- it is recommended to reconfigure the application that way. {: .notice--info} - **NOTE:** The default configuration file of syslog-ng OSE collects + **NOTE:** The default configuration file of {{ site.product.short_name }} collects platform-specific log messages and the internal log messages of - syslog-ng OSE. + {{ site.product.short_name }}. {: .notice--info} ```config @@ -85,7 +85,7 @@ description: >- 5. If the logs will also be stored locally on the host, create local file destinations. - **NOTE:** The default configuration of syslog-ng OSE places the + **NOTE:** The default configuration of {{ site.product.short_name }} places the collected messages into the /var/log/messages file: {: .notice--info} @@ -98,7 +98,7 @@ description: >- 6. Create a log statement connecting the local sources to the file destination. - **NOTE:** The default configuration of syslog-ng OSE has only one log + **NOTE:** The default configuration of {{ site.product.short_name }} has only one log statement: {: .notice--info} @@ -111,11 +111,11 @@ description: >- 7. Set filters, macros and other features and options (for example, TLS encryption) as necessary. - Example: The default configuration file of syslog-ng OSE + Example: The default configuration file of {{ site.product.short_name }} The following is the default configuration file of syslog-ng OSE3.38. It collects local log messages and the log messages of - syslog-ng OSE and saves them in the /var/log/messages file. + {{ site.product.short_name }} and saves them in the /var/log/messages file. ```config @version: 3.38 diff --git a/doc/_admin-guide/040_Quick-start_guide/001_Configuring_syslog-ng_on_server_hosts.md b/doc/_admin-guide/040_Quick-start_guide/001_Configuring_syslog-ng_on_server_hosts.md index 9b8131f5..1f288277 100644 --- a/doc/_admin-guide/040_Quick-start_guide/001_Configuring_syslog-ng_on_server_hosts.md +++ b/doc/_admin-guide/040_Quick-start_guide/001_Configuring_syslog-ng_on_server_hosts.md @@ -1,24 +1,24 @@ --- -title: Configuring syslog-ng on server hosts +title: Configuring {{ site.product.short_name }} on server hosts id: adm-qs-server-conf description: >- - To configure syslog-ng on a server host, complete the following steps. + To configure {{ site.product.short_name }} on a server host, complete the following steps. --- ## Steps -1. Install the syslog-ng application on the host. For details - installing syslog-ng on specific operating systems, see +1. Install the {{ site.product.short_name }} application on the host. For details + installing {{ site.product.short_name }} on specific operating systems, see Installing syslog-ng. -2. Starting with version 3.2, syslog-ng OSE automatically collects the +2. Starting with version 3.2, {{ site.product.short_name }} automatically collects the log messages that use the native system logging method of the platform, for example, messages from /dev/log on Linux, or /dev/klog on FreeBSD. For a complete list of messages that are collected automatically, see [[system: Collecting the system-specific log messages of a platform]]. -3. To configure syslog-ng OSE, edit the syslog-ng.conf file with any +3. To configure {{ site.product.short_name }}, edit the syslog-ng.conf file with any regular text editor application. The location of the configuration - file depends on how you installed syslog-ng OSE. Native packages of + file depends on how you installed {{ site.product.short_name }}. Native packages of a platform (like the ones downloaded from Linux repositories) typically place the configuration file under the /etc/syslog-ng/ directory. @@ -46,14 +46,13 @@ description: >- For other options, see syslog: Collecting messages using the IETF syslog protocol (syslog() driver and tcp, tcp6, udp, udp6: Collecting messages from remote hosts using the BSD syslog protocol --- OBSOLETE. - **NOTE:** Starting with syslog-ng OSE version 3.2, the syslog() source - driver can handle both BSD-syslog (RFC-3164) and IETF-syslog (RFC - 5424-26) messages. + **NOTE:** Starting with {{ site.product.short_name }} version 3.2, the syslog() source + driver can handle both BSD-syslog (RFC-3164) and IETF-syslog (RFC-5424, RFC-5425, RFC-5426) messages. {: .notice--info} 4. Create local destinations that will store the log messages, for example, file- or program destinations. The default configuration of - syslog-ng OSE places the collected messages into the + {{ site.product.short_name }} places the collected messages into the /var/log/messages file: ```config @@ -86,11 +85,11 @@ description: >- 6. Set filters, options (for example, TLS encryption) and other advanced features as necessary. - **NOTE:** By default, the syslog-ng server will treat the relayed + **NOTE:** By default, the {{ site.product.short_name }} server will treat the relayed messages as if they were created by the relay host, not the host that originally sent them to the relay. In order to use the original - hostname on the syslog-ng server, use the **keep-hostname(yes)** - option both on the syslog-ng relay and the syslog-ng server. This + hostname on the {{ site.product.short_name }} server, use the **keep-hostname(yes)** + option both on the {{ site.product.short_name }} relay and the {{ site.product.short_name }} server. This option can be set individually for every source if needed. {: .notice--info} @@ -99,7 +98,7 @@ description: >- Example: A simple configuration for servers - The following is a simple configuration file for syslog-ng Open + The following is a simple configuration file for {{ site.product.short_name }} Open Source Edition that collects incoming log messages and stores them in a text file. diff --git a/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/000_Configuring_syslog-ng_on_relay_hosts.md b/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/000_Configuring_syslog-ng_on_relay_hosts.md index bbe00554..f1bc8b0d 100644 --- a/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/000_Configuring_syslog-ng_on_relay_hosts.md +++ b/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/000_Configuring_syslog-ng_on_relay_hosts.md @@ -1,20 +1,20 @@ --- -title: Configuring syslog-ng on relay hosts +title: Configuring {{ site.product.short_name }} on relay hosts id: adm-qs-relay-conf --- -To configure syslog-ng on a relay host, complete the following steps: +To configure {{ site.product.short_name }} on a relay host, complete the following steps: -1. Install the syslog-ng application on the host. For details on - installing syslog-ng on specific operating systems, see +1. Install the {{ site.product.short_name }} application on the host. For details on + installing {{ site.product.short_name }} on specific operating systems, see Installing syslog-ng. 2. Configure the network sources that collect the log messages sent by the clients. -3. Create a network destination that points to the syslog-ng server. +3. Create a network destination that points to the {{ site.product.short_name }} server. 4. Create a log statement connecting the network sources to the - syslog-ng server. + {{ site.product.short_name }} server. 5. Configure the local sources that collect the log messages of the relay host. @@ -26,17 +26,17 @@ To configure syslog-ng on a relay host, complete the following steps: options. (For details on how these options work, see chain-hostnames() - **NOTE:** It is recommended to use these options on your syslog-ng OSE + **NOTE:** It is recommended to use these options on your {{ site.product.short_name }} server as well. {: .notice--info} 8. Set filters and options (for example, TLS encryption) as necessary. - **NOTE:** By default, the syslog-ng server will treat the relayed + **NOTE:** By default, the {{ site.product.short_name }} server will treat the relayed messages as if they were created by the relay host, not the host that originally sent them to the relay. In order to use the original - hostname on the syslog-ng server, use the **keep-hostname(yes)** - option both on the syslog-ng relay and the syslog-ng server. This + hostname on the {{ site.product.short_name }} server, use the **keep-hostname(yes)** + option both on the {{ site.product.short_name }} relay and the {{ site.product.short_name }} server. This option can be set individually for every source if needed. {: .notice--info} diff --git a/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/001_How_relaying_works.md b/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/001_How_relaying_works.md index d071ecf4..64372d00 100644 --- a/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/001_How_relaying_works.md +++ b/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/001_How_relaying_works.md @@ -3,7 +3,7 @@ title: How relaying log messages works id: adm-qs-relay description: >- Depending on your exact needs about relaying log messages, there are - many scenarios and syslog-ng OSE options that influence how the log + many scenarios and {{ site.product.short_name }} options that influence how the log message will look like on the logserver. --- @@ -29,7 +29,7 @@ Depending on the settings of syslog-ng-relay, the following can happen. syslog-ng-relay using a DNS server, use the **keep-hostname(no)** and **use-dns(yes)** options. If the DNS server is properly configured and reverse DNS lookup is available for the 192.168.1.2 - address, syslog-ng OSE will rewrite the HOST field of the log + address, {{ site.product.short_name }} will rewrite the HOST field of the log message to client-host. **NOTE:** It is also possible to resolve IP addresses locally, without @@ -37,11 +37,11 @@ Depending on the settings of syslog-ng-relay, the following can happen. Resolving hostnames locally. {: .notice--info} -- The above points apply to the syslog-ng OSE server +- The above points apply to the {{ site.product.short_name }} server (syslog-ng-server) as well, so if syslog-ng-relay is configured properly, use the **keep-hostname(yes)** option on syslog-ng-server to retain the proper HOST field. Setting **keep-hostname(no)** on - syslog-ng-server would result in syslog-ng OSE rewriting the HOST + syslog-ng-server would result in {{ site.product.short_name }} rewriting the HOST field to the address of the host that sent the message to syslog-ng-server, which is syslog-ng-relay in this case. @@ -52,7 +52,7 @@ Depending on the settings of syslog-ng-relay, the following can happen. syslog-ng-relay. However, spoof-source() works only under the following conditions: - - The syslog-ng OSE binary has been compiled with the + - The {{ site.product.short_name }} binary has been compiled with the \--enable-spoof-source option. - The log messages are sent using the highly unreliable UDP diff --git a/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/README.md b/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/README.md index 2c2164b2..ffc422b3 100644 --- a/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/README.md +++ b/doc/_admin-guide/040_Quick-start_guide/002_Configuring_syslog-ng_relays/README.md @@ -1,6 +1,6 @@ --- -title: Configuring syslog-ng relays +title: Configuring {{ site.product.short_name }} relays id: adm-qs-conf description: >- - This section describes how to configure syslog-ng OSE as a relay. + This section describes how to configure {{ site.product.short_name }} as a relay. --- diff --git a/doc/_admin-guide/040_Quick-start_guide/003_Managing_and_checking_syslog-ng_OSE_service_on_Linux.md b/doc/_admin-guide/040_Quick-start_guide/003_Managing_and_checking_syslog-ng_OSE_service_on_Linux.md index 70d9f2d3..6a9380dd 100644 --- a/doc/_admin-guide/040_Quick-start_guide/003_Managing_and_checking_syslog-ng_OSE_service_on_Linux.md +++ b/doc/_admin-guide/040_Quick-start_guide/003_Managing_and_checking_syslog-ng_OSE_service_on_Linux.md @@ -1,14 +1,14 @@ --- -title: Managing and checking syslog-ng OSE service on Linux +title: Managing and checking {{ site.product.short_name }} service on Linux id: adm-qs-service description: >- This section describes how to start, stop and check the status of - syslog-ng Open Source Edition (syslog-ng OSE) service on Linux. + {{ site.product.short_name }} service on Linux. --- -## Starting syslog-ng OSE +## Starting {{ site.product.short_name }} -To start syslog-ng OSE, execute the following command as root. +To start {{ site.product.short_name }}, execute the following command as root. ```bash systemctl start syslog-ng @@ -16,16 +16,16 @@ systemctl start syslog-ng If the service starts successfully, no output will be displayed. -The following message indicates that syslog-ng OSE can not start (see -Checking syslog-ng OSE status): +The following message indicates that {{ site.product.short_name }} can not start (see +Checking {{ site.product.short_name }} status): Job for syslog-ng.service failed because the control process exited with error code. See **systemctl status syslog-ng.service** and **journalctl -xe** for details. -## Stopping syslog-ng OSE +## Stopping {{ site.product.short_name }} -To stop syslog-ng OSE +To stop {{ site.product.short_name }} 1. Execute the following command as root. @@ -33,33 +33,33 @@ To stop syslog-ng OSE systemctl stop syslog-ng ``` -2. Check the status of syslog-ng OSE service (see Checking syslog-ng OSE status). +2. Check the status of {{ site.product.short_name }} service (see Checking {{ site.product.short_name }} status). -## Restarting syslog-ng OSE +## Restarting {{ site.product.short_name }} -To restart syslog-ng OSE, execute the following command as root. +To restart {{ site.product.short_name }}, execute the following command as root. ```bash systemctl restart syslog-ng ``` -## Reloading configuration file without restarting syslog-ng OSE +## Reloading configuration file without restarting {{ site.product.short_name }} -To reload the configuration file without restarting syslog-ng OSE, +To reload the configuration file without restarting {{ site.product.short_name }}, execute the following command as root. ```bash systemctl reload syslog-ng ``` -## Checking syslog-ng OSE status +## Checking {{ site.product.short_name }} status To check the following status-related components, observe the suggestions below. -### Checking the status of syslog-ng OSE service +### Checking the status of {{ site.product.short_name }} service -To check the status of syslog-ng OSE service +To check the status of {{ site.product.short_name }} service 1. Execute the following command as root. @@ -67,11 +67,11 @@ To check the status of syslog-ng OSE service systemctl --no-pager status syslog-ng ``` -2. Check the Active: field, which shows the status of syslog-ng OSE service. The following statuses are possible: +2. Check the Active: field, which shows the status of {{ site.product.short_name }} service. The following statuses are possible: -- **active (running)** - syslog-ng OSE service is up and running +- **active (running)** - {{ site.product.short_name }} service is up and running - Example: syslog-ng OSE service active + Example: {{ site.product.short_name }} service active > syslog-ng.service - System Logger Daemon > Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) @@ -85,7 +85,7 @@ To check the status of syslog-ng OSE service - **inactive (dead)** - syslog-ng service is stopped - Example: syslog-ng OSE status inactive + Example: {{ site.product.short_name }} status inactive > syslog-ng.service - System Logger Daemon > Loaded: loaded (/lib/systemd/system/syslog-ng.service; enabled; vendor preset: enabled) @@ -95,9 +95,9 @@ To check the status of syslog-ng OSE service > Status: "Shutting down... Tue Jun 25 09:14:16 2019" > Jun 25 09:14:31 as-syslog-srv systemd: Stopped System Logger Daemon. -### Checking the process of syslog-ng OSE +### Checking the process of {{ site.product.short_name }} -To check the process of syslog-ng OSE, execute one of the following commands. +To check the process of {{ site.product.short_name }}, execute one of the following commands. ```bash ps u `pidof syslog-ng` @@ -119,17 +119,17 @@ Expected output example: > syslogng 6709 0.0 0.6 308680 13432 ? Ss 09:17 0:00 > /opt/syslog-ng/libexec/syslog-ng -F --no-caps --enable-core -### Checking the internal logs of syslog-ng OSE** +### Checking the internal logs of {{ site.product.short_name }}** -The internal logs of syslog-ng OSE contains informal, warning and error messages. +The internal logs of {{ site.product.short_name }} contains informal, warning and error messages. -By default, syslog-ng OSE log messages (generated on the internal() source) are written to **/var/log/messages**. +By default, {{ site.product.short_name }} log messages (generated on the internal() source) are written to **/var/log/messages**. -Check the internal logs of syslog-ng OSE for any issue. +Check the internal logs of {{ site.product.short_name }} for any issue. ### Message processing -The syslog-ng OSE application collects statistics about the number of processed messages on the different sources and destinations. +The {{ site.product.short_name }} application collects statistics about the number of processed messages on the different sources and destinations. **NOTE:** When using syslog-ng-ctl stats, consider that while the output is generally consistent, there is no explicit ordering behind the @@ -142,7 +142,7 @@ example, `| sort`. ### Central statistics -To check the central statistics, execute the following command to see the number of received and queued (sent) messages by syslog-ng OSE. +To check the central statistics, execute the following command to see the number of received and queued (sent) messages by {{ site.product.short_name }}. ```bash watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^center" @@ -150,7 +150,7 @@ watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^center" The output will be updated in every 2 seconds. -If the numbers are changing, syslog-ng OSE is processing the messages. +If the numbers are changing, {{ site.product.short_name }} is processing the messages. Example: output example @@ -169,7 +169,7 @@ watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^source" The output will be updated in every 2 seconds. -If the numbers are changing, syslog-ng OSE is receiving messages on the sources. +If the numbers are changing, {{ site.product.short_name }} is receiving messages on the sources. Example: output example @@ -189,7 +189,7 @@ watch "/opt/syslog-ng/sbin/syslog-ng-ctl stats | grep ^destination" The output will be updated in every 2 seconds. -If the numbers are changing, syslog-ng OSE is receiving messages on the sources. +If the numbers are changing, {{ site.product.short_name }} is receiving messages on the sources. Example: output example @@ -201,7 +201,7 @@ Example: output example > destination;d_null;;a;processed;0 **NOTE:** If you find error messages in the internal logs, messages are not -processed by syslog-ng OSE or you encounter any issue, you have the +processed by {{ site.product.short_name }} or you encounter any issue, you have the following options: {: .notice--info} diff --git a/doc/_admin-guide/040_Quick-start_guide/README.md b/doc/_admin-guide/040_Quick-start_guide/README.md index b478df0a..7d75dbf0 100644 --- a/doc/_admin-guide/040_Quick-start_guide/README.md +++ b/doc/_admin-guide/040_Quick-start_guide/README.md @@ -1,23 +1,23 @@ --- -title: The syslog-ng OSE quick-start guide +title: The {{ site.product.short_name }} quick-start guide short_title: Quick-start guide id: adm-quick description: >- This chapter provides a very brief introduction into configuring the - syslog-ng OSE application. For details on the format of the + {{ site.product.short_name }} application. For details on the format of the configuration file and how to configure sources, destinations, and other features, refer to the subsequent chapters. --- -- To configure syslog-ng OSE as a client that sends log messages to a - central logserver, see Configuring syslog-ng on client hosts. +- To configure {{ site.product.short_name }} as a client that sends log messages to a + central logserver, see Configuring {{ site.product.short_name }} on client hosts. -- To configure syslog-ng OSE as a server that receives log messages - from client hosts, see Configuring syslog-ng on server hosts. +- To configure {{ site.product.short_name }} as a server that receives log messages + from client hosts, see Configuring {{ site.product.short_name }} on server hosts. -- To configure syslog-ng OSE as a relay that receives log messages +- To configure {{ site.product.short_name }} as a relay that receives log messages from client hosts and forwards them to a central logserver, see - Configuring syslog-ng on server hosts. -- For information about managing and checking syslog-ng Open Source - Edition (syslog-ng OSE) services on Linux, see - Managing and checking syslog-ng OSE service on Linux. + Configuring {{ site.product.short_name }} on server hosts. +- For information about managing and checking {{ site.product.short_name }} Open Source + Edition ({{ site.product.short_name }}) services on Linux, see + Managing and checking {{ site.product.short_name }} service on Linux. diff --git a/doc/_admin-guide/050_The_configuration_file/000_Location_of_the_config_file.md b/doc/_admin-guide/050_The_configuration_file/000_Location_of_the_config_file.md index baf7943f..2e1899ca 100644 --- a/doc/_admin-guide/050_The_configuration_file/000_Location_of_the_config_file.md +++ b/doc/_admin-guide/050_The_configuration_file/000_Location_of_the_config_file.md @@ -1,12 +1,12 @@ --- -title: Location of the syslog-ng configuration file +title: Location of the {{ site.product.short_name }} configuration file id: adm-conf-loc description: >- - To configure syslog-ng OSE, edit the syslog-ng.conf file with any + To configure {{ site.product.short_name }}, edit the syslog-ng.conf file with any regular text editor application. --- The location of the configuration file depends on how you installed -syslog-ng OSE. Native packages of a platform (like the ones downloaded +{{ site.product.short_name }}. Native packages of a platform (like the ones downloaded from Linux repositories) typically place the configuration file under the **/etc/syslog-ng/** directory. diff --git a/doc/_admin-guide/050_The_configuration_file/001_Configuration_syntax.md b/doc/_admin-guide/050_The_configuration_file/001_Configuration_syntax.md index 000a24bc..8bfbe533 100644 --- a/doc/_admin-guide/050_The_configuration_file/001_Configuration_syntax.md +++ b/doc/_admin-guide/050_The_configuration_file/001_Configuration_syntax.md @@ -3,17 +3,17 @@ title: The configuration syntax in detail id: adm-conf-syn --- -Every syslog-ng configuration file must begin with a line containing the -version information of syslog-ng. For syslog-ng version 3.38, this line +Every {{ site.product.short_name }} configuration file must begin with a line containing the +version information of syslog-ng. For {{ site.product.short_name }} version 3.38, this line looks like: ```config @version: 3.38 ``` -Versioning the configuration file was introduced in syslog-ng 3.0. If +Versioning the configuration file was introduced in {{ site.product.short_name }} 3.0. If the configuration file does not contain the version information, -syslog-ng assumes that the file is for syslog-ng version 2.x. In this +{{ site.product.short_name }} assumes that the file is for {{ site.product.short_name }} version 2.x. In this case it interprets the configuration and sends warnings about the parts of the configuration that should be updated. Version 3.0 and later will correctly operate with configuration files of version 2.x, but the @@ -22,7 +22,7 @@ default values of certain parameters have changed since 3.0. ## Example: A simple configuration file The following is a very simple configuration file for syslog-ng: it -collects the internal messages of syslog-ng and the messages from +collects the internal messages of {{ site.product.short_name }} and the messages from /dev/log into the /var/log/messages_syslog-ng.log file. ```config @@ -41,7 +41,7 @@ log { }; ``` -As a syslog-ng user described on a Gentoo mailing list: +As a {{ site.product.short_name }} user described on a Gentoo mailing list: > Alan McKinnon > @@ -55,7 +55,7 @@ As a syslog-ng user described on a Gentoo mailing list: definitions: sources, destinations, logpaths define which log message are received and where they are sent. All identifiers, option names and attributes, and any other strings used in the - syslog-ng configuration file are case sensitive. Object definitions + {{ site.product.short_name }} configuration file are case sensitive. Object definitions (also called statements) have the following syntax: `type-of-the-object identifier-of-the-object {};` @@ -66,7 +66,7 @@ As a syslog-ng user described on a Gentoo mailing list: - *Identifier of the object*: A unique name identifying the object. When using a reserved word as an identifier, enclose the dentifier in quotation marks. All identifiers, attributes, and any other strings used in the - syslog-ng configuration file are case sensitive. + {{ site.product.short_name }} configuration file are case sensitive. > **TIP:** Use identifiers that refer to the type of the object they > identify. For example, prefix source objects with **s_**, @@ -145,9 +145,9 @@ As a syslog-ng user described on a Gentoo mailing list: ``` - Some options are global options, or can be set globally, for - example, whether syslog-ng OSE should use DNS resolution to resolve + example, whether {{ site.product.short_name }} should use DNS resolution to resolve IP addresses. Global options are detailed in - Global options of syslog-ng OSE. + Global options of {{ site.product.short_name }}. ```config options { diff --git a/doc/_admin-guide/050_The_configuration_file/002_Syntax_notes.md b/doc/_admin-guide/050_The_configuration_file/002_Syntax_notes.md index f2ac67f8..7c45db43 100644 --- a/doc/_admin-guide/050_The_configuration_file/002_Syntax_notes.md +++ b/doc/_admin-guide/050_The_configuration_file/002_Syntax_notes.md @@ -3,7 +3,7 @@ title: Notes about the configuration syntax id: adm-conf-syn-notes --- -When you are editing the syslog-ng configuration file, note the +When you are editing the {{ site.product.short_name }} configuration file, note the following points: - The configuration file can contain a maximum of 6665 source / @@ -18,7 +18,7 @@ following points: values. Numbers beginning with zero (0) or 0x are treated as octal or hexadecimal numbers, respectively. - Starting with syslog-ng OSE version 3.5, you can use suffixes for + Starting with {{ site.product.short_name }} version 3.5, you can use suffixes for kilo-, mega-, and gigabytes. Use the Kb, Mb, or Gb suffixes for the base-10 version, and Kib, Mib, or Gib for the base-2 version. That is, 2MB means 2000000, while 2MiB means 2097152. For example, to set @@ -26,7 +26,7 @@ following points: **log-msg-size(2Mb)**. - You can use commas (,) to separate options or other parameters for - readability, syslog-ng completely ignores them. The following + readability, {{ site.product.short_name }} completely ignores them. The following declarations are equivalent: ```config diff --git a/doc/_admin-guide/050_The_configuration_file/003_Defining_configuration_objects_inline.md b/doc/_admin-guide/050_The_configuration_file/003_Defining_configuration_objects_inline.md index 795ad479..e498257c 100644 --- a/doc/_admin-guide/050_The_configuration_file/003_Defining_configuration_objects_inline.md +++ b/doc/_admin-guide/050_The_configuration_file/003_Defining_configuration_objects_inline.md @@ -2,7 +2,7 @@ title: Defining configuration objects inline id: adm-conf-inline description: >- - Starting with syslog-ng OSE 3.4, you can define configuration objects + Starting with {{ site.product.short_name }} 3.4, you can define configuration objects inline, where they are actually used, without having to define them in a separate placement. This is useful if you need an object only once, for example, a filter or a rewrite rule. Every object can be defined inline: diff --git a/doc/_admin-guide/050_The_configuration_file/004_Using_channels_in_configuration_objects.md b/doc/_admin-guide/050_The_configuration_file/004_Using_channels_in_configuration_objects.md index 6af12921..43046d9c 100644 --- a/doc/_admin-guide/050_The_configuration_file/004_Using_channels_in_configuration_objects.md +++ b/doc/_admin-guide/050_The_configuration_file/004_Using_channels_in_configuration_objects.md @@ -2,7 +2,7 @@ title: Using channels in configuration objects id: adm-conf-chan description: >- - Starting with syslog-ng OSE 3.4, every configuration object is a log + Starting with {{ site.product.short_name }} 3.4, every configuration object is a log expression. Every configuration object is essentially a configuration block, and can include multiple objects. To reference the block, only the top-level object must be referenced. That way you can use embedded diff --git a/doc/_admin-guide/050_The_configuration_file/005_Global_and_environmental_variables.md b/doc/_admin-guide/050_The_configuration_file/005_Global_and_environmental_variables.md index ed8bf62b..fa730bad 100644 --- a/doc/_admin-guide/050_The_configuration_file/005_Global_and_environmental_variables.md +++ b/doc/_admin-guide/050_The_configuration_file/005_Global_and_environmental_variables.md @@ -3,7 +3,7 @@ title: Global and environmental variables id: adm-conf-global description: >- You can define global variables in the configuration file. Global - variables are actually name-value pairs. When syslog-ng processes the + variables are actually name-value pairs. When {{ site.product.short_name }} processes the configuration file during startup, it automatically replaces name with value. --- @@ -37,7 +37,7 @@ following methods: and can be used as global variables. {: .notice--info} -In syslog-ng OSE 3.24 and later, the location of the syslog-ng +In {{ site.product.short_name }} 3.24 and later, the location of the syslog-ng configuration file is available as the `syslog-ng-sysconfdir` variable. @@ -63,7 +63,7 @@ source s_myapp_3 { }; ``` -The syslog-ng OSE application will interpret this as: +The {{ site.product.short_name }} application will interpret this as: ```config @define mypath "/opt/myapp/logs" diff --git a/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/000_Loading_modules.md b/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/000_Loading_modules.md index 65245d8a..cac97541 100644 --- a/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/000_Loading_modules.md +++ b/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/000_Loading_modules.md @@ -2,12 +2,12 @@ title: Loading modules id: adm-mod-loading description: >- - The syslog-ng Open Source Edition application loads every available + The {{ site.product.name }} application loads every available module during startup. --- To load a module that is not loaded automatically, include the following -statement in the syslog-ng OSE configuration file: +statement in the {{ site.product.short_name }} configuration file: ```config @module @@ -40,7 +40,7 @@ Note the following points about the @module statement: ## Use the @requires statement to ensure that the specified module is loaded To ensure that a module is loaded, include the following statement in -the syslog-ng OSE configuration file or the external files included in +the {{ site.product.short_name }} configuration file or the external files included in the configuration file: ```config @@ -49,11 +49,11 @@ the configuration file: >**NOTE:** If you include the @requires statement in the: > ->- syslog-ng OSE configuration file, syslog-ng OSE attempts to load the -> required module. If it fails to load the module, syslog-ng OSE stops +>- {{ site.product.short_name }} configuration file, {{ site.product.short_name }} attempts to load the +> required module. If it fails to load the module, {{ site.product.short_name }} stops > and an error message is displayed. > ->- external files included in the configuration file, syslog-ng OSE +>- external files included in the configuration file, {{ site.product.short_name }} > attempts to load the required module. If it fails to load the > module, only the external file is not processed. > diff --git a/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/001_Listing_configuration_options.md b/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/001_Listing_configuration_options.md index b1e150c0..d060013b 100644 --- a/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/001_Listing_configuration_options.md +++ b/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/001_Listing_configuration_options.md @@ -2,7 +2,7 @@ title: Listing configuration options id: adm-mod-list description: >- - Starting with syslog-ng OSE 3.25, you can use the syslog-ng-cfg-db.py + Starting with {{ site.product.short_name }} 3.25, you can use the syslog-ng-cfg-db.py utility to list the available options of configuration objects. For example, you can list all the options that can be set in the file source, and so on. diff --git a/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/002_Visualize_the_configuration.md b/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/002_Visualize_the_configuration.md index b305b87e..97051608 100644 --- a/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/002_Visualize_the_configuration.md +++ b/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/002_Visualize_the_configuration.md @@ -2,8 +2,8 @@ title: Visualize the configuration id: adm-mod-vis description: >- - Starting with syslog-ng OSE 3.25, you can visualize the configuration of - a running syslog-ng OSE instance using the syslog-ng-ctl + Starting with {{ site.product.short_name }} 3.25, you can visualize the configuration of + a running {{ site.product.short_name }} instance using the syslog-ng-ctl --export-config-graph command. The command walks through the effective configuration, and exports it as a graph into a JSON structure. --- diff --git a/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/README.md b/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/README.md index 78b2f40f..b72e5dea 100644 --- a/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/README.md +++ b/doc/_admin-guide/050_The_configuration_file/006_Modules_in_syslog-ng/README.md @@ -1,33 +1,33 @@ --- -title: Modules in syslog-ng Open Source Edition +title: Modules in {{ site.product.name }} short_title: Modules in syslog-ng id: adm-modules description: >- To increase its flexibility and simplify the development of additional - modules, the syslog-ng OSE application is modular. + modules, the {{ site.product.short_name }} application is modular. --- -The majority of syslog-ng OSE's functionality is in separate modules. +The majority of {{ site.product.short_name }}'s functionality is in separate modules. As a result, it is also possible to fine-tune the resource requirements -of syslog-ng OSE (for example, by loading only the modules that are actually +of {{ site.product.short_name }} (for example, by loading only the modules that are actually used in the configuration, or simply omitting modules that are not used but require large amount of memory). Each module contains one or more plugins that add some functionality to -syslog-ng OSE (for example, a destination or a source driver). +{{ site.product.short_name }} (for example, a destination or a source driver). - To display the list of available modules, run the **syslog-ng --version** command. - To display the description of the available modules, run the **syslog-ng --module-registry** command. -- To customize which modules syslog-ng OSE automatically loads when - syslog-ng OSE starts, use the **--default-modules** command-line - option of syslog-ng OSE. +- To customize which modules {{ site.product.short_name }} automatically loads when + {{ site.product.short_name }} starts, use the **--default-modules** command-line + option of {{ site.product.short_name }}. -- To request loading a module from the syslog-ng OSE configuration +- To request loading a module from the {{ site.product.short_name }} configuration file, see Loading modules. -For details on the command-line parameters of syslog-ng OSE mentioned in -the previous list, see the syslog-ng OSE man page at -The syslog-ng manual page. +For details on the command-line parameters of {{ site.product.short_name }} mentioned in +the previous list, see the {{ site.product.short_name }} man page at +The {{ site.product.short_name }} manual page. diff --git a/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/000_Including_config_files.md b/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/000_Including_config_files.md index 44a71797..70a35e3b 100644 --- a/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/000_Including_config_files.md +++ b/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/000_Including_config_files.md @@ -2,7 +2,7 @@ title: Including configuration files id: adm-conf-incl description: >- - The syslog-ng application supports including external files in its + The {{ site.product.short_name }} application supports including external files in its configuration file, so parts of its configuration can be managed separately. --- @@ -14,17 +14,17 @@ configuration, use the following syntax: @include "" ``` -This imports the entire file into the configuration of syslog-ng OSE, at +This imports the entire file into the configuration of {{ site.product.short_name }}, at the location of the include statement. The `` can be one of the following: - A filename, optionally with full path. The filename (not the path) can include UNIX-style wildcard characters (*, ?). When using - wildcard characters, syslog-ng OSE will include every matching file. + wildcard characters, {{ site.product.short_name }} will include every matching file. For details on using wildcard characters, see Options of regular expressions. -- A directory. When including a directory, syslog-ng OSE will try to +- A directory. When including a directory, {{ site.product.short_name }} will try to include every file from the directory, except files beginning with a ~ (tilde) or a . (dot) character. Including a directory is not recursive. The files are included in alphabetic order, first files @@ -35,8 +35,8 @@ the following: ## When including configuration files, consider the following points -- The default path where syslog-ng OSE looks for the file depends on - where syslog-ng OSE is installed. The `syslog-ng --version` command +- The default path where {{ site.product.short_name }} looks for the file depends on + where {{ site.product.short_name }} is installed. The `{{ site.product.short_name }} --version` command displays this path as **Include-Path**. - Defining an object twice is not allowed, unless you use the @define @@ -75,7 +75,7 @@ the following: ``` ![]({{ site.baseurl}}/assets/images/caution.png) - **CAUTION:** The syslog-ng application will not start if it cannot find a + **CAUTION:** The {{ site.product.short_name }} application will not start if it cannot find a file that is to be included in its configuration. Always double-check the filenames, paths, and access rights when including configuration files, and use the **--syntax-only** command-line option to check your configuration. diff --git a/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/001_Reusing_config_blocks.md b/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/001_Reusing_config_blocks.md index afd26167..5f3e8f87 100644 --- a/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/001_Reusing_config_blocks.md +++ b/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/001_Reusing_config_blocks.md @@ -9,7 +9,7 @@ description: >- (Such reusable blocks are sometimes called a Source Configuration Library, or SCL.) -Any syslog-ng object can be a block. Use the following syntax to define +Any {{ site.product.short_name }} object can be a block. Use the following syntax to define a block: ```config @@ -50,7 +50,7 @@ To use a block in your configuration file, you have to do two things: example. The contents of the block will be inserted into the configuration when -syslog-ng OSE is started or reloaded. +{{ site.product.short_name }} is started or reloaded. ## Example: Reusing configuration blocks @@ -67,7 +67,7 @@ block source myappsource() { }; ``` -Include this file in your main syslog-ng configuration file, reference +Include this file in your main {{ site.product.short_name }} configuration file, reference the block, and use it in a logpath: ```config @@ -81,7 +81,7 @@ log { source(s_myappsource); destination(...); }; To define a block that defines more than one object, use **root** as the type of the block, and reference the block from the main part of the -syslog-ng OSE configuration file. +{{ site.product.short_name }} configuration file. ## Example: Defining blocks with multiple elements @@ -104,10 +104,10 @@ block root mylogs() { }; ``` -**TIP:** Since the block is inserted into the syslog-ng OSE configuration -when syslog-ng OSE is started, the block can be generated dynamically +**TIP:** Since the block is inserted into the {{ site.product.short_name }} configuration +when {{ site.product.short_name }} is started, the block can be generated dynamically using an external script if needed. This is useful when you are running -syslog-ng OSE on different hosts and you want to keep the main +{{ site.product.short_name }} on different hosts and you want to keep the main configuration identical. {: .notice--info} @@ -130,7 +130,7 @@ quote marks inside the empty brackets: **("")** ### Example: Mandatory parameters The following example defines a TCP source that can receive the -following parameters: the port where syslog-ng OSE listens (localport), +following parameters: the port where {{ site.product.short_name }} listens (localport), and optionally source flags (flags). ```config @@ -194,7 +194,7 @@ of optional arguments in your block. This can be useful when passing arguments to a template, or optional arguments to an underlying driver. The three dots (...) at the end of the argument list refer to any -additional parameters. It tells syslog-ng OSE that this macro accepts +additional parameters. It tells {{ site.product.short_name }} that this macro accepts `` `__VARARGS__` ``, therefore any name-value pair can be passed without validation. To reference this argument-list, insert `` `__VARARGS__` `` to the place in the block where you want to diff --git a/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/002_Generating_config_blocks.md b/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/002_Generating_config_blocks.md index 31735ae6..63459c29 100644 --- a/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/002_Generating_config_blocks.md +++ b/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/002_Generating_config_blocks.md @@ -2,23 +2,23 @@ title: Generating configuration blocks from a script id: adm-conf-gen description: >- - The syslog-ng OSE application can automatically execute scripts when it + The {{ site.product.short_name }} application can automatically execute scripts when it is started, and can include the output of such script in the configuration file. To create and use a script that generates a part of - the syslog-ng OSE configuration file (actually, a configuration block), + the {{ site.product.short_name }} configuration file (actually, a configuration block), complete the following steps. --- The steps include examples for collecting Apache access log files (access.log) from subdirectories, but you can create any script that creates a -valid syslog-ng OSE configuration snippet. +valid {{ site.product.short_name }} configuration snippet. ## Steps -1. Navigate to the directory where you have installed syslog-ng OSE +1. Navigate to the directory where you have installed {{ site.product.short_name }} (for example, /opt/syslog-ng/share/include/scl/), and create a new directory, for example, apache-access-logs. The name of the - directory will be used in the syslog-ng OSE configuration file as + directory will be used in the {{ site.product.short_name }} configuration file as well, so use a descriptive name. 2. Create a file called plugin.conf in this new directory. @@ -32,7 +32,7 @@ valid syslog-ng OSE configuration snippet. Replace `` with the name of the directory (for example, apache-access-logs), and `` with the filename of your script (for example, apache-access-logs.sh). You can reference - the script in your syslog-ng OSE configuration file as a + the script in your {{ site.product.short_name }} configuration file as a configuration block using the value name option. The context option determines the type of the configuration snippet @@ -50,7 +50,7 @@ valid syslog-ng OSE configuration snippet. environment variable. 4. Write a script that generates the output you need, and formats it to - a configuration snippet that syslog-ng OSE can use. The filename of + a configuration snippet that {{ site.product.short_name }} can use. The filename of the script must match with the filename used in plugin.conf, for example, apache-access-logs.sh. @@ -104,7 +104,7 @@ valid syslog-ng OSE configuration snippet. ... ``` -7. Check if your modified syslog-ng OSE configuration file is +7. Check if your modified {{ site.product.short_name }} configuration file is syntactically correct using the **syslog-ng --syntax-only** command. diff --git a/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/README.md b/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/README.md index 78814265..58b4d9b3 100644 --- a/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/README.md +++ b/doc/_admin-guide/050_The_configuration_file/007_Managing_complex_syslog-ng_configurations/README.md @@ -1,8 +1,8 @@ --- -title: Managing complex syslog-ng configurations +title: Managing complex {{ site.product.short_name }} configurations short_title: Managing complex configurations id: adm-complex-conf description: >- The following sections describe some methods that can be useful to - simplify the management of large-scale syslog-ng installations. + simplify the management of large-scale {{ site.product.short_name }} installations. --- diff --git a/doc/_admin-guide/050_The_configuration_file/008_Python_code_in_external_files.md b/doc/_admin-guide/050_The_configuration_file/008_Python_code_in_external_files.md index 33a8fe77..b0e68458 100644 --- a/doc/_admin-guide/050_The_configuration_file/008_Python_code_in_external_files.md +++ b/doc/_admin-guide/050_The_configuration_file/008_Python_code_in_external_files.md @@ -2,18 +2,18 @@ title: Python code in external files id: adm-conf-python description: >- - You can extend and customize syslog-ng OSE easily by writing destinations + You can extend and customize {{ site.product.short_name }} easily by writing destinations parsers, template functions, and sources in Python. --- -Instead of writing Python code into your syslog-ng OSE configuration +Instead of writing Python code into your {{ site.product.short_name }} configuration file, you can store the Python code for your Python object in an external file. That way, it is easier to write, maintain, and debug the code. You can store the Python code in any directory in your system, but make sure to include it in your Python path. When referencing a Python class from an external file in the class() -option of a Python block in the syslog-ng OSE configuration file, the +option of a Python block in the {{ site.product.short_name }} configuration file, the class name must include the name of the Python file containing the class, without the path and the .py extension. For example, if the MyDestination class is available in the @@ -36,23 +36,23 @@ class("pythonexample.MyDestination"): {% include doc/admin-guide/notes/python-persist.md %} If you store the Python code in a separate Python file and only include -it in the syslog-ng OSE configuration file, make sure that the +it in the {{ site.product.short_name }} configuration file, make sure that the PYTHON_PATH environment variable includes the path to the Python file, and export the PYTHON\_PATH environment variable. For example, if you -start syslog-ng OSE manually from a terminal and you store your Python +start {{ site.product.short_name }} manually from a terminal and you store your Python files in the /opt/syslog-ng/etc directory, use the following command: `export PYTHONPATH=/opt/syslog-ng/etc`. -In production, when syslog-ng OSE starts on boot, you must configure +In production, when {{ site.product.short_name }} starts on boot, you must configure your startup script to include the Python path. The exact method depends on your operating system. For recent Red Hat Enterprise Linux, Fedora, and CentOS distributions that use systemd, the systemctl command sources -the /etc/sysconfig/syslog-ng file before starting syslog-ng OSE. (On +the /etc/sysconfig/syslog-ng file before starting {{ site.product.short_name }}. (On openSUSE and SLES, /etc/sysconfig/syslog file.) Append the following line to the end of this file: `PYTHONPATH=""`, for example, `PYTHONPATH="/opt/syslog-ng/etc"`. To help debugging and troubleshooting your Python code, you can send log -messages to the internal() source of syslog-ng OSE. For details, see +messages to the internal() source of {{ site.product.short_name }}. For details, see Logging from your Python code. diff --git a/doc/_admin-guide/050_The_configuration_file/009_Logging_from_your_Python_code.md b/doc/_admin-guide/050_The_configuration_file/009_Logging_from_your_Python_code.md index 4eec4b1e..d549998c 100644 --- a/doc/_admin-guide/050_The_configuration_file/009_Logging_from_your_Python_code.md +++ b/doc/_admin-guide/050_The_configuration_file/009_Logging_from_your_Python_code.md @@ -2,25 +2,25 @@ title: Logging from your Python code id: adm-conf-python-log description: >- - You can extend and customize syslog-ng OSE easily by writing destinations, parsers, + You can extend and customize {{ site.product.short_name }} easily by writing destinations, parsers, template functions, and sources in Python. --- -To debug and troubleshoot your Python code, syslog-ng OSE allows you to +To debug and troubleshoot your Python code, {{ site.product.short_name }} allows you to use the logger() method to send log messages to the -[[internal() source|adm-src-int]] of syslog-ng OSE. +[[internal() source|adm-src-int]] of {{ site.product.short_name }}. That way the diagnostic messages of your Python code are treated -the same way as other such log messages of syslog-ng OSE. This has the +the same way as other such log messages of {{ site.product.short_name }}. This has the following benefits: - The logger() method respects the log level settings of syslog-ng OSE. You can write error, warning, info, debug, and trace level messages. -- You can follow what your Python code is doing even if syslog-ng OSE +- You can follow what your Python code is doing even if {{ site.product.short_name }} is running as a daemon in the background. -Logging to the internal() source is available in syslog-ng OSE version +Logging to the internal() source is available in {{ site.product.short_name }} version 3.20 and later. To send log messages to the internal() source from Python @@ -46,7 +46,7 @@ To send log messages to the internal() source from Python You can use the following log levels: logger.error, logger.warning, logger.info, logger.debug, logger.trace -4. Make sure that your syslog-ng OSE configuration includes the +4. Make sure that your {{ site.product.short_name }} configuration includes the internal() source, for example: ```config diff --git a/doc/_admin-guide/050_The_configuration_file/README.md b/doc/_admin-guide/050_The_configuration_file/README.md index 31a876fd..40885af1 100644 --- a/doc/_admin-guide/050_The_configuration_file/README.md +++ b/doc/_admin-guide/050_The_configuration_file/README.md @@ -1,5 +1,5 @@ --- -title: The syslog-ng OSE configuration file +title: The {{ site.product.short_name }} configuration file short_title: The configuration file id: adm-conf-file --- diff --git a/doc/_admin-guide/060_Sources/000_Default-network-drivers/README.md b/doc/_admin-guide/060_Sources/000_Default-network-drivers/README.md index 892079e7..4a19484b 100644 --- a/doc/_admin-guide/060_Sources/000_Default-network-drivers/README.md +++ b/doc/_admin-guide/060_Sources/000_Default-network-drivers/README.md @@ -9,14 +9,14 @@ description: >- --- To use the default-network-drivers() source, the scl.conf file must be -included in your syslog-ng OSE configuration: +included in your {{ site.product.short_name }} configuration: ```config @include "scl.conf" ``` Also, make sure that your SELinux, AppArmor, and firewall settings -permit syslog-ng Open Source Edition to access the ports where you want +permit {{ site.product.name }} to access the ports where you want to receive messages, and that no other application is using these ports. By default, the default-network-drivers() source accepts messages on the following ports: @@ -34,7 +34,7 @@ application that sent the log message. Currently it uses the following procedures. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** If you do not -configure the TLS keys to dislay to the clients, syslog-ng OSE cannot accept +configure the TLS keys to dislay to the clients, {{ site.product.short_name }} cannot accept encrypted connections. The application starts and listens on TCP:6514, and can receive messages on other ports, but will display a warning messages about missing keys. @@ -44,13 +44,13 @@ missing keys. For RFC-3164 formatted messages (that is, messages received on the ports set in options udp-port() and tcp-port() which default to port 514), -syslog-ng OSE attempts to use the following parsers. If a parser cannot +{{ site.product.short_name }} attempts to use the following parsers. If a parser cannot parse the message, it passes the original message to the next parser. 1. Parse the incoming raw message as a [[message from a Cisco device|adm-parser-cisco]]. 2. Parse the incoming message as an [[RFC-3164 formatted message|adm-struct-bsd]]. - - If the incoming message was sent by a syslog-ng OSE client using + - If the incoming message was sent by a {{ site.product.short_name }} client using the [[syslog-ng() destination|adm-dest-syslogng]], parse its fields as a [[syslog-ng() message|adm-struct-ietf]]. @@ -60,7 +60,7 @@ parse the message, it passes the original message to the next parser. hops. It does not matter if you parse the messages on the client, on a relay, or on the central server, their structured results will be available where you store the messages. Optionally, you can also - forward the original raw message as the first syslog-ng component in your + forward the original raw message as the first {{ site.product.short_name }} component in your infrastructure has received it, which is important if you want to forward a message for example, to a SIEM system. To make use of the enterprise-wide message model, you have to use the @@ -69,17 +69,16 @@ parse the message, it passes the original message to the next parser. - Otherwise, apply the application adapters if the message was sent from an application that already has a specific parser in - syslog-ng OSE (for example, Splunk Common Information Model + {{ site.product.short_name }} (for example, Splunk Common Information Model (CIM), [[iptables|adm-parser-iptables]], or [[sudo|adm-parser-sudo]]). ## Parsing RFC-5424 formatted messages For RFC-5424 formatted messages (that is, messages received on the ports set in options rfc5424-tls-port() and rfc5424-tcp-port(), which default -to port 601 and 6514), syslog-ng OSE parses the message according to +to port 601 and 6514), {{ site.product.short_name }} parses the message according to RFC-5424, then attempts apply the application adapters if the message was -sent from an application that already has a specific parser in syslog-ng -OSE (for example, Splunk Common Information Model (CIM), +sent from an application that already has a specific parser in {{ site.product.short_name }} (for example, Splunk Common Information Model (CIM), [[iptables|adm-parser-iptables]], or [[sudo|adm-parser-sudo]]). ### Example: Using the default-network-drivers() driver diff --git a/doc/_admin-guide/060_Sources/010_Internal/README.md b/doc/_admin-guide/060_Sources/010_Internal/README.md index e43a4c1a..69788346 100644 --- a/doc/_admin-guide/060_Sources/010_Internal/README.md +++ b/doc/_admin-guide/060_Sources/010_Internal/README.md @@ -3,17 +3,17 @@ title: 'internal: Collecting internal messages' short_title: internal id: adm-src-int description: >- - All messages generated internally by syslog-ng use this special source. + All messages generated internally by {{ site.product.short_name }} use this special source. --- -To collect warnings, errors and notices from syslog-ng itself, include +To collect warnings, errors and notices from {{ site.product.short_name }} itself, include this source in one of your source statements. ```config internal() ``` -The syslog-ng application will issue a warning upon startup if none of +The {{ site.product.short_name }} application will issue a warning upon startup if none of the defined log paths reference this driver. ## Example: Using the internal() driver @@ -24,7 +24,7 @@ source s_local { internal(); }; ## Message types -The syslog-ng OSE application sends the following message types from the internal() source +The {{ site.product.short_name }} application sends the following message types from the internal() source - *fatal*: Priority value: critical (2), Facility value: syslog (5) diff --git a/doc/_admin-guide/060_Sources/020_File/000_Notes_on_reading_kernel_messages.md b/doc/_admin-guide/060_Sources/020_File/000_Notes_on_reading_kernel_messages.md index ea3aba76..50d7892a 100644 --- a/doc/_admin-guide/060_Sources/020_File/000_Notes_on_reading_kernel_messages.md +++ b/doc/_admin-guide/060_Sources/020_File/000_Notes_on_reading_kernel_messages.md @@ -8,19 +8,19 @@ platforms. - The kernel usually sends log messages to a special file (/dev/kmsg on BSDs, /proc/kmsg on Linux). The file() driver reads log messages - from such files. The syslog-ng application can periodically check + from such files. The {{ site.product.short_name }} application can periodically check the file for new log messages if the follow-freq() option is set. -- On Linux, the klogd daemon can be used in addition to syslog-ng to +- On Linux, the klogd daemon can be used in addition to {{ site.product.short_name }} to read kernel messages and forward them to syslog-ng. klogd used to preprocess kernel messages to resolve symbols and so on, but as this is deprecated by ksymoops there is really no point in running both - klogd and syslog-ng in parallel. Also note that running two + klogd and {{ site.product.short_name }} in parallel. Also note that running two processes reading /proc/kmsg at the same time might result in dead-locks. -- When using syslog-ng to read messages from the /proc/kmsg file, - syslog-ng automatically disables the follow-freq() parameter to +- When using {{ site.product.short_name }} to read messages from the /proc/kmsg file, + {{ site.product.short_name }} automatically disables the follow-freq() parameter to avoid blocking the file. - To read the kernel messages on HP-UX platforms, use the following diff --git a/doc/_admin-guide/060_Sources/020_File/README.md b/doc/_admin-guide/060_Sources/020_File/README.md index 009e205a..71161cd5 100644 --- a/doc/_admin-guide/060_Sources/020_File/README.md +++ b/doc/_admin-guide/060_Sources/020_File/README.md @@ -7,9 +7,9 @@ description: >- an Apache webserver. If you want to use wildcards in the filename, use the [[wildcard-file() source|adm-src-wild]]. --- -The syslog-ng application notices if a file is renamed or replaced with +The {{ site.product.short_name }} application notices if a file is renamed or replaced with a new file, so it can correctly follow the file even if logrotation is -used. When syslog-ng is restarted, it records the position of the last +used. When {{ site.product.short_name }} is restarted, it records the position of the last sent log message in the /var/lib/syslog-ng/syslog-ng.persist file, and continues to send messages from this position after the restart. diff --git a/doc/_admin-guide/060_Sources/025_Arr_logs/README.md b/doc/_admin-guide/060_Sources/025_Arr_logs/README.md index 1979e67c..9c2aee09 100644 --- a/doc/_admin-guide/060_Sources/025_Arr_logs/README.md +++ b/doc/_admin-guide/060_Sources/025_Arr_logs/README.md @@ -3,7 +3,7 @@ title: Arr log source short_title: Arr logs id: adm-src-arr description: >- - In syslog-ng OSE 4.7 and later versions it is possible to collect logs of the Lidarr, Prowlarr, Radarr, Readarr, and Sonarr (referred to as “*Arr” or “*Arrs”) applications. + In {{ site.product.short_name }} 4.7 and later versions it is possible to collect logs of the Lidarr, Prowlarr, Radarr, Readarr, and Sonarr (referred to as “*Arr” or “*Arrs”) applications. --- The new arr() sources are the following: diff --git a/doc/_admin-guide/060_Sources/030_Wildcard-file/000_Wildcard-file_options.md b/doc/_admin-guide/060_Sources/030_Wildcard-file/000_Wildcard-file_options.md index f59ae6d1..21e19944 100644 --- a/doc/_admin-guide/060_Sources/030_Wildcard-file/000_Wildcard-file_options.md +++ b/doc/_admin-guide/060_Sources/030_Wildcard-file/000_Wildcard-file_options.md @@ -94,15 +94,15 @@ source s_files { *Description:* Limits the number of files that the wildcard-file source monitors. -When using wildcards, syslog-ng OSE monitors every matching file (up to +When using wildcards, {{ site.product.short_name }} monitors every matching file (up to the limit set in the max-files() option), and can receive new log messages from any of the files. However, monitoring (polling) many files (that is, more than ten) has a significant overhead and may affect performance. On Linux this overhead is not so significant, because -syslog-ng OSE uses the inotify feature of the kernel. Set the +{{ site.product.short_name }} uses the inotify feature of the kernel. Set the **max-files()** option at least to the number of files you want to monitor. If the wildcard-file source matches more files than the value -of the max-files() option, it is random which files will syslog-ng OSE +of the max-files() option, it is random which files will {{ site.product.short_name }} actually monitor. The default value of max-files() is 100. ## monitor-method() @@ -110,10 +110,10 @@ actually monitor. The default value of max-files() is 100. |Accepted values:| auto \| inotify \| poll| |Default:| auto| -*Description:* If the platform supports inotify, syslog-ng OSE uses it +*Description:* If the platform supports inotify, {{ site.product.short_name }} uses it automatically to detect changes to the source files. If inotify is not -available, syslog-ng OSE polls the files as set in the follow-freq() -option. To force syslog-ng OSE poll the files even if inotify is +available, {{ site.product.short_name }} polls the files as set in the follow-freq() +option. To force {{ site.product.short_name }} poll the files even if inotify is available, set this option to **poll**. {% include doc/admin-guide/options/multi-line-garbage.md %} @@ -133,7 +133,7 @@ available, set this option to **poll**. |Accepted values:| yes \| no | |Default: | no| -*Description:* When enabled, syslog-ng OSE monitors every subdirectory +*Description:* When enabled, {{ site.product.short_name }} monitors every subdirectory of the path set in the base-dir() option, and reads log messages from files with matching filenames. The recursive option can be used together with wildcards in the filename. diff --git a/doc/_admin-guide/060_Sources/030_Wildcard-file/README.md b/doc/_admin-guide/060_Sources/030_Wildcard-file/README.md index 501b7e46..d7a86c6c 100644 --- a/doc/_admin-guide/060_Sources/030_Wildcard-file/README.md +++ b/doc/_admin-guide/060_Sources/030_Wildcard-file/README.md @@ -5,15 +5,15 @@ id: adm-src-wild description: >- The wildcard-file() source collects log messages from multiple plain-text files from multiple directories. The wildcard-file() source - is available in syslog-ng OSE version 3.10 and later. + is available in {{ site.product.short_name }} version 3.10 and later. --- -The syslog-ng OSE application notices if a file is renamed or replaced +The {{ site.product.short_name }} application notices if a file is renamed or replaced with a new file, so it can correctly follow the file even if logrotation -is used. When syslog-ng OSE is restarted, it records the position of the +is used. When {{ site.product.short_name }} is restarted, it records the position of the last sent log message in the persist file, and continues to send messages from this position after the restart. The location of the -persist file depends on the package you installed syslog-ng OSE from, +persist file depends on the package you installed {{ site.product.short_name }} from, typically it is /var/lib/syslog-ng/syslog-ng.persist or /var/lib/syslog-ng/syslog-ng.persist. @@ -34,24 +34,24 @@ Note the following important points: {% include doc/admin-guide/warnings/multiple-wildcards.md %} -- When using wildcards, syslog-ng OSE monitors every matching file (up +- When using wildcards, {{ site.product.short_name }} monitors every matching file (up to the limit set in the max-files() option), and can receive new log messages from any of the files. However, monitoring (polling) many files (that is, more than ten) has a significant overhead and may affect performance. On Linux this overhead is not so significant, - because syslog-ng OSE uses the inotify feature of the kernel. Set + because {{ site.product.short_name }} uses the inotify feature of the kernel. Set the **max-files()** option at least to the number of files you want to monitor. If the wildcard-file source matches more files than the value of the max-files() option, it is random which files will - syslog-ng OSE actually monitor. The default value of max-files() + {{ site.product.short_name }} actually monitor. The default value of max-files() is 100. -- If the message does not have a proper syslog header, syslog-ng OSE +- If the message does not have a proper syslog header, {{ site.product.short_name }} treats messages received from files as sent by the user facility. Use the **default-facility()** and **default-priority()** options in the source definition to assign a different facility if needed. -- For every message that syslog-ng OSE reads from the source files, +- For every message that {{ site.product.short_name }} reads from the source files, the path and name of the file is available in the `${FILE_NAME} macro`. diff --git a/doc/_admin-guide/060_Sources/035_Jellyfin/README.md b/doc/_admin-guide/060_Sources/035_Jellyfin/README.md index de4f9c90..124080ad 100644 --- a/doc/_admin-guide/060_Sources/035_Jellyfin/README.md +++ b/doc/_admin-guide/060_Sources/035_Jellyfin/README.md @@ -3,7 +3,7 @@ title: Jellyfin log source short_title: Jellyfin id: adm-src-jfin description: >- - In syslog-ng OSE 4.7 and later versions it is possible to use the `jellyfin()` source to read Jellyfin logs from its log file output. + In {{ site.product.short_name }} 4.7 and later versions it is possible to use the `jellyfin()` source to read Jellyfin logs from its log file output. --- ### Example: minimal configuration of jellyfin() diff --git a/doc/_admin-guide/060_Sources/040_Kubernetes/README.md b/doc/_admin-guide/060_Sources/040_Kubernetes/README.md index 876e7ba1..f1477cf2 100644 --- a/doc/_admin-guide/060_Sources/040_Kubernetes/README.md +++ b/doc/_admin-guide/060_Sources/040_Kubernetes/README.md @@ -4,7 +4,7 @@ short_title: kubernetes id: adm-src-k8s description: >- The kubernetes() source collects container logs managed by the Kubelet. - The kubernetes() source is available in syslog-ng OSE version 3.37 and + The kubernetes() source is available in {{ site.product.short_name }} version 3.37 and later. --- diff --git a/doc/_admin-guide/060_Sources/050_Linux-audit/README.md b/doc/_admin-guide/060_Sources/050_Linux-audit/README.md index b8c8beb4..43bdf2f5 100644 --- a/doc/_admin-guide/060_Sources/050_Linux-audit/README.md +++ b/doc/_admin-guide/060_Sources/050_Linux-audit/README.md @@ -13,7 +13,7 @@ description: >- (SELinux) or AppArmor as a security measure. If enabled, these technologies might disable access to the Linux Audit log file by default. Consult their manuals to enable Linux Audit log access for -syslog-ng OSE. +{{ site.product.short_name }}. {: .notice--info} **Declaration** diff --git a/doc/_admin-guide/060_Sources/060_mqtt/001_mqtt_source_limitations.md b/doc/_admin-guide/060_Sources/060_mqtt/001_mqtt_source_limitations.md index 83123b5e..8565eb77 100644 --- a/doc/_admin-guide/060_Sources/060_mqtt/001_mqtt_source_limitations.md +++ b/doc/_admin-guide/060_Sources/060_mqtt/001_mqtt_source_limitations.md @@ -3,9 +3,9 @@ title: Limitations to using the mqtt() source id: adm-src-mqtt-lim --- -Using the mqtt() source of syslog-ng OSE has the following limitations: +Using the mqtt() source of {{ site.product.short_name }} has the following limitations: -- You can only use the mqtt() source with syslog-ng OSE version 3.35 +- You can only use the mqtt() source with {{ site.product.short_name }} version 3.35 or higher. - You cannot use the mqtt() source without installing the the diff --git a/doc/_admin-guide/060_Sources/060_mqtt/002_mqtt_source_options.md b/doc/_admin-guide/060_Sources/060_mqtt/002_mqtt_source_options.md index 49ac6a16..c0420736 100644 --- a/doc/_admin-guide/060_Sources/060_mqtt/002_mqtt_source_options.md +++ b/doc/_admin-guide/060_Sources/060_mqtt/002_mqtt_source_options.md @@ -15,7 +15,7 @@ Required options: address(), fallback-topic(), and topic(). |Required: | yes| *Description:* Specifies the hostname or IP address, and the port number -of the MQTT broker from which syslog-ng OSE will receive the log messages. +of the MQTT broker from which {{ site.product.short_name }} will receive the log messages. Syntax: \://\:\ diff --git a/doc/_admin-guide/060_Sources/060_mqtt/README.md b/doc/_admin-guide/060_Sources/060_mqtt/README.md index 856accf8..fe94f71a 100644 --- a/doc/_admin-guide/060_Sources/060_mqtt/README.md +++ b/doc/_admin-guide/060_Sources/060_mqtt/README.md @@ -3,7 +3,7 @@ title: 'mqtt: Receiving messages from an MQTT broker' short_title: mqtt id: adm-src-mqtt description: >- - From syslog-ng OSE version 3.35, you can use the mqtt() source to fetch + From {{ site.product.short_name }} version 3.35, you can use the mqtt() source to fetch messages from MQTT brokers. --- diff --git a/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/000_Proxy_protocol_working_mechanism.md b/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/000_Proxy_protocol_working_mechanism.md index f569c846..7d11c585 100644 --- a/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/000_Proxy_protocol_working_mechanism.md +++ b/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/000_Proxy_protocol_working_mechanism.md @@ -2,13 +2,13 @@ title: The working mechanism behind the Proxy Protocol id: adm-src-netw-proxy-mech description: >- - This section describes how syslog-ng Open Source Edition (syslog-ng OSE) + This section describes how {{ site.product.short_name }} supports the Proxy Protocol. --- ## The working mechanism behind the Proxy Protocol -When using the Proxy Protocol during load balancing, syslog-ng OSE +When using the Proxy Protocol during load balancing, {{ site.product.short_name }} detects the information behind connections connected to the load balancer, then parses the injected information and adds the following macros to every message the comes through the connection later on: @@ -25,7 +25,7 @@ macros to every message the comes through the connection later on: > >- When the proxy protocol header is PROXY UNKNOWN, no additional macros are added. > ->- When syslog-ng OSE cannot parse a proxy protocol header, the connection is closed: +>- When {{ site.product.short_name }} cannot parse a proxy protocol header, the connection is closed: > > [2020-11-20T17:33:22.189458] PROXY protocol header received; line='PROXYdsfj' > [2020-11-20T17:33:22.189475] Error parsing PROXY protocol header; diff --git a/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/001_Proxy_protocol_configuration.md b/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/001_Proxy_protocol_configuration.md index 3d3e0dba..fe582c70 100644 --- a/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/001_Proxy_protocol_configuration.md +++ b/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/001_Proxy_protocol_configuration.md @@ -5,7 +5,7 @@ description: >- This section provides information about enabling Proxy Protocol support in your network() source options, and an example configuration and output to illustrate how the Proxy Protocol method works in syslog-ng - Open Source Edition (syslog-ng OSE). + Open Source Edition ({{ site.product.short_name }}). --- For more information about the working mechanism of the Proxy Protocol, @@ -14,7 +14,7 @@ see The working mechanism behind the Proxy Protocol. ## Enabling Proxy Protocol support for your network() source options Unless you enable Proxy Protocol support for your network() source, -syslog-ng OSE identifies every connection that is connected to the load +{{ site.product.short_name }} identifies every connection that is connected to the load balancers identically by default, regardless of the source IP or the source protocol. @@ -28,13 +28,13 @@ configurations, where the proxy header is sent encrypted within the same TLS session as the proxied messages. When you enable Proxy Protocol support for your network() source, you -can use the following configuration example with your syslog-ng OSE +can use the following configuration example with your {{ site.product.short_name }} application. ## Configuration The following code sample illustrates how you can use the Proxy Protocol -in your syslog-ng OSE configuration (using the transport() parameter set +in your {{ site.product.short_name }} configuration (using the transport() parameter set to proxied-tls-passthrough). ```config @@ -81,4 +81,4 @@ output looks like this: >"PROGRAM":"TestMsg","MESSAGE":"","LEGACY_MSGHDR":"TestMsg", >"HOST_FROM":"localhost","HOST":"localhost"} -Note that the macros that syslog-ng OSE adds to the message appear in the output. +Note that the macros that {{ site.product.short_name }} adds to the message appear in the output. diff --git a/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/README.md b/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/README.md index c13ef234..e1223639 100644 --- a/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/README.md +++ b/doc/_admin-guide/060_Sources/070_Network/001_Proxy_protocol_support/README.md @@ -2,8 +2,8 @@ title: Proxy Protocol support id: adm-src-netw-proxy description: >- - If you connect load balancers to your syslog-ng OSE application, - syslog-ng OSE identifies every connection that is connected to the load + If you connect load balancers to your {{ site.product.short_name }} application, + {{ site.product.short_name }} identifies every connection that is connected to the load balancers identically by default, regardless of the source IP or the source protocol. --- @@ -13,8 +13,8 @@ unless you enable Proxy Protocol support for your proxy TLS transport() to inject information about the original connection into the forwarded TCP session. -In syslog-ng OSE version 4.1 and later versions, PROXY protocol v2 (transport(proxied-tcp)) is supported. This protocol is used by network load balancers, such as Amazon Elastic Load Balancer and HAProxy, to carry original source/destination address information, as described in the Proxy protocol description. +In {{ site.product.short_name }} version 4.1 and later versions, PROXY protocol v2 (transport(proxied-tcp)) is supported. This protocol is used by network load balancers, such as Amazon Elastic Load Balancer and HAProxy, to carry original source/destination address information, as described in the Proxy protocol description. For further details about the working mechanism behind the Proxy -Protocol support on syslog-ng OSE and the configuration details, see the +Protocol support on {{ site.product.short_name }} and the configuration details, see the following sections. diff --git a/doc/_admin-guide/060_Sources/070_Network/README.md b/doc/_admin-guide/060_Sources/070_Network/README.md index 2f652ef0..e07477d2 100644 --- a/doc/_admin-guide/060_Sources/070_Network/README.md +++ b/doc/_admin-guide/060_Sources/070_Network/README.md @@ -22,7 +22,7 @@ description: >- is broken, messages that the client has sent but were not yet received on the server are lost. -- The syslog-ng application supports TLS (Transport Layer Security, +- The {{ site.product.short_name }} application supports TLS (Transport Layer Security, also known as SSL) over TCP. For details, see Encrypting log messages with TLS. diff --git a/doc/_admin-guide/060_Sources/080_nodejs/README.md b/doc/_admin-guide/060_Sources/080_nodejs/README.md index 35d12f5b..3ea73bc1 100644 --- a/doc/_admin-guide/060_Sources/080_nodejs/README.md +++ b/doc/_admin-guide/060_Sources/080_nodejs/README.md @@ -3,15 +3,15 @@ title: 'nodejs: Receiving JSON messages from nodejs applications' short_title: nodejs id: adm-src-nodejs description: >- - Using the nodejs() driver, syslog-ng OSE can receive application logs + Using the nodejs() driver, {{ site.product.short_name }} can receive application logs directly from nodejs applications that use the widespread Winston logging API. The - syslog-ng OSE application automatically adds the .nodejs.winston. prefix + {{ site.product.short_name }} application automatically adds the .nodejs.winston. prefix to the name of the fields the extracted from the message. --- To use the nodejs() driver, the scl.conf file must be included in your -syslog-ng OSE configuration: +{{ site.product.short_name }} configuration: ```config @include "scl.conf" @@ -26,7 +26,7 @@ You can find the source of the nodejs configuration snippet on GitHub. ### Example: Using the nodejs() driver The following example uses the default settings of the driver, listening -for messages on port 9003 of every IP address of the syslog-ng OSE host. +for messages on port 9003 of every IP address of the {{ site.product.short_name }} host. ```config @include "scl.conf" diff --git a/doc/_admin-guide/060_Sources/085_macOS/000_darwin_oslog_options.md b/doc/_admin-guide/060_Sources/085_macOS/000_darwin_oslog_options.md index 7bef7a4a..c25b84ad 100644 --- a/doc/_admin-guide/060_Sources/085_macOS/000_darwin_oslog_options.md +++ b/doc/_admin-guide/060_Sources/085_macOS/000_darwin_oslog_options.md @@ -2,7 +2,7 @@ title: darwin-oslog() source options id: adm-src-darw-osl-opt description: >- - The `darwin-oslog()` source is based on the native OSLog Framework to read logs from the local store of the unified logging system on darwin OSes. The syslog-ng OSE `system()` source automatically uses this new source on darwin platforms if the `darwinosl` plugin is available. This plugin is available only on macOS 10.15 Catalina and later versions. The 10.15 version is the first to support the OSLog API. + The `darwin-oslog()` source is based on the native OSLog Framework to read logs from the local store of the unified logging system on darwin OSes. The {{ site.product.short_name }} `system()` source automatically uses this new source on darwin platforms if the `darwinosl` plugin is available. This plugin is available only on macOS 10.15 Catalina and later versions. The 10.15 version is the first to support the OSLog API. --- **NOTE:** The persistent OSLog store keeps about 7 days of logs on the disk. @@ -22,14 +22,14 @@ The `darwin-oslog()` source has the following options. |Type:| boolean| |Default:| `no`| -*Description:* By default, syslog-ng OSE continues to read the logs from the last remembered position after a restart. If this option is set to `yes`, it always starts reading from the end or beginning of the available log list (depending on the setting of the `go-reverse()` option. +*Description:* By default, {{ site.product.short_name }} continues to read the logs from the last remembered position after a restart. If this option is set to `yes`, it always starts reading from the end or beginning of the available log list (depending on the setting of the `go-reverse()` option. ## fetch-delay() |Type:| integer| |Default:| `10000`| -*Description:* Sets the time syslog-ng OSE waits between reading and sending log messages. The dimension of this parameter is a fraction of a second, where `wait_time = 1 second / `, so setting `1` would result that only about 1 log is sent in each second, and `1000000` means only 1 microsecond is the delay between read/write attempts. The maximum value of this parameter is `1000000`. +*Description:* Sets the time {{ site.product.short_name }} waits between reading and sending log messages. The dimension of this parameter is a fraction of a second, where `wait_time = 1 second / `, so setting `1` would result that only about 1 log is sent in each second, and `1000000` means only 1 microsecond is the delay between read/write attempts. The maximum value of this parameter is `1000000`. **NOTE:** Increasing the value of this parameter (which lowers delay time) can increase log feed performance, but at could increase system load. {: .notice--info} @@ -40,7 +40,7 @@ The `darwin-oslog()` source has the following options. |Type:| integer| |Default:| `1`| -*Description:* Controls how many seconds syslog-ng OSE spends idle before checking for new logs, in case no new logs were read the last time. +*Description:* Controls how many seconds {{ site.product.short_name }} spends idle before checking for new logs, in case no new logs were read the last time. ## go-reverse() @@ -64,11 +64,11 @@ The `darwin-oslog()` source has the following options. |Type:| integer| |Default:| `0`(unlimited) [seconds]| -*Description:* The maximum distance in seconds that a bookmark can point backwards. That is, if syslog-ng OSE is stopped for 10 minutes (600 seconds) and `max-bookmark-distance()` is set to `60`, then syslog-ng OSE starts reading the logs from 60 seconds before the startup, missing 9 minutes (540 seconds) worth of logs. +*Description:* The maximum distance in seconds that a bookmark can point backwards. That is, if {{ site.product.short_name }} is stopped for 10 minutes (600 seconds) and `max-bookmark-distance()` is set to `60`, then {{ site.product.short_name }} starts reading the logs from 60 seconds before the startup, missing 9 minutes (540 seconds) worth of logs. ## read-old-records() |Type:| boolean| |Default:| `no`| -*Description:* If set to yes, syslog-ng OSE starts reading logs starting from the oldest available log when the system starts, or if there are no bookmarks present. +*Description:* If set to yes, {{ site.product.short_name }} starts reading logs starting from the oldest available log when the system starts, or if there are no bookmarks present. diff --git a/doc/_admin-guide/060_Sources/085_macOS/README.md b/doc/_admin-guide/060_Sources/085_macOS/README.md index 8e483354..fb8a55d0 100644 --- a/doc/_admin-guide/060_Sources/085_macOS/README.md +++ b/doc/_admin-guide/060_Sources/085_macOS/README.md @@ -3,7 +3,7 @@ title: 'MacOS sources: darwin-oslog() and darwin-oslog-stream' short_title: MacOS sources id: adm-src-macOS description: >- - In syslog-ng OSE 4.6 and later versions, it is possible to collect logs on macOS with the native OSLog framework using the `darwin-oslog()` and `darwin-oslog-stream()` source drivers. + In {{ site.product.short_name }} 4.6 and later versions, it is possible to collect logs on macOS with the native OSLog framework using the `darwin-oslog()` and `darwin-oslog-stream()` source drivers. --- * `darwin-oslog()`: This source builds on the native OSLog framework, instead of the earlier file-source based solution. diff --git a/doc/_admin-guide/060_Sources/090_mbox/README.md b/doc/_admin-guide/060_Sources/090_mbox/README.md index aa6c74db..a369391f 100644 --- a/doc/_admin-guide/060_Sources/090_mbox/README.md +++ b/doc/_admin-guide/060_Sources/090_mbox/README.md @@ -3,13 +3,13 @@ title: 'mbox: Converting local email messages to log messages' short_title: mbox id: adm-src-mbox description: >- - Using the mbox() driver, syslog-ng OSE can read email messages from + Using the mbox() driver, {{ site.product.short_name }} can read email messages from local mbox files, and convert them to multiline log messages. --- This driver has only one required option, the filename of the mbox file. To use the mbox() driver, the scl.conf file must be included in your -syslog-ng OSE configuration: +{{ site.product.short_name }} configuration: ```config @include "scl.conf" @@ -23,8 +23,7 @@ You can find the source of the mbox configuration snippet on GitHub. ### Example: Using the mbox() driver -The following example reads the emails of the root user on the syslog-ng -OSE host. +The following example reads the emails of the root user on the {{ site.product.short_name }} host. ```config @include "scl.conf" diff --git a/doc/_admin-guide/060_Sources/100_osquery/000_osquery_source_options.md b/doc/_admin-guide/060_Sources/100_osquery/000_osquery_source_options.md index 12a0f612..58d775c3 100644 --- a/doc/_admin-guide/060_Sources/100_osquery/000_osquery_source_options.md +++ b/doc/_admin-guide/060_Sources/100_osquery/000_osquery_source_options.md @@ -11,7 +11,7 @@ The osquery() driver has the following options. |Default: | /var/log/osquery/osqueryd.results.log| *Description:* The log file of osquery that stores the results of -periodic queries. The syslog-ng OSE application reads the messages from +periodic queries. The {{ site.product.short_name }} application reads the messages from this file. {% include doc/admin-guide/options/hook.md %} diff --git a/doc/_admin-guide/060_Sources/100_osquery/README.md b/doc/_admin-guide/060_Sources/100_osquery/README.md index b44c0841..0fc398e8 100644 --- a/doc/_admin-guide/060_Sources/100_osquery/README.md +++ b/doc/_admin-guide/060_Sources/100_osquery/README.md @@ -10,10 +10,10 @@ description: >- schedule them to run regularly. --- -The osquery() source of syslog-ng OSE allows you read the results of +The osquery() source of {{ site.product.short_name }} allows you read the results of periodical osquery queries (from the /var/log/osquery/osqueryd.results.log file) and automatically parse the -messages (if you want to use syslog-ng OSE to send log messages to +messages (if you want to use {{ site.product.short_name }} to send log messages to osquery, read this blogpost). For example, you can: @@ -24,24 +24,24 @@ For example, you can: multiple fields into one field, and so on). - Send the messages to a central location, for example, to - Elasticsearch, directly from syslog-ng OSE. + Elasticsearch, directly from {{ site.product.short_name }}. -The syslog-ng OSE application automatically adds the .osquery. prefix to +The {{ site.product.short_name }} application automatically adds the .osquery. prefix to the name of the fields the extracted from the message. -The osquery() source is available in syslog-ng OSE version 3.10 and +The osquery() source is available in {{ site.product.short_name }} version 3.10 and later. ## Prerequisites - To use the osquery() driver, the scl.conf file must be included in - your syslog-ng OSE configuration: + your {{ site.product.short_name }} configuration: ```config @include "scl.conf" ``` -- syslog-ng OSE must be compiled with JSON-support enabled. +- {{ site.product.short_name }} must be compiled with JSON-support enabled. The osquery() driver is actually a reusable configuration snippet configured to read the osquery log file using the file() driver, and @@ -51,7 +51,7 @@ You can find the source of the osquery configuration snippet on GitHub. ## Example: Using the osquery() driver with the default settings -The following syslog-ng OSE configuration sample uses the default +The following {{ site.product.short_name }} configuration sample uses the default settings of the driver, reading osquery result logs from the /var/log/osquery/osqueryd.results.log file, and writes the log messages generated from the traps into a file. @@ -93,7 +93,7 @@ log { ### Example: Using the osquery() driver with custom configuration -The following syslog-ng OSE configuration sample reads osquery result +The following {{ site.product.short_name }} configuration sample reads osquery result logs from the /tmp/osquery_input.log file, and writes the log messages generated from the traps into a file. Using the format-json template, the outgoing message will be a well-formed JSON message. @@ -111,7 +111,7 @@ the outgoing message will be a well-formed JSON message. >"user_time":"476","uuid":"4C4C4544-004D-3610-8043-C2C04F4D3332", >"version":"2.5.0","watcher":"19762"},"action":"added"} -#### syslog-ng OSE configuration +#### {{ site.product.short_name }} configuration ```config @version: 3.10 diff --git a/doc/_admin-guide/060_Sources/105_pi-hole-FTL/README.md b/doc/_admin-guide/060_Sources/105_pi-hole-FTL/README.md index e8f334ec..5b383e7e 100644 --- a/doc/_admin-guide/060_Sources/105_pi-hole-FTL/README.md +++ b/doc/_admin-guide/060_Sources/105_pi-hole-FTL/README.md @@ -3,7 +3,7 @@ title: Pi-hole Faster Than Light log source short_title: Pi-hole FTL id: adm-src-piftl description: >- - In syslog-ng OSE 4.6 and later versions it is possible to collect logs of the Pi-hole FTL (Faster Than Light) application. + In {{ site.product.short_name }} 4.6 and later versions it is possible to collect logs of the Pi-hole FTL (Faster Than Light) application. --- ```config diff --git a/doc/_admin-guide/060_Sources/110_Pipe/README.md b/doc/_admin-guide/060_Sources/110_Pipe/README.md index d7638936..a55af9f7 100644 --- a/doc/_admin-guide/060_Sources/110_Pipe/README.md +++ b/doc/_admin-guide/060_Sources/110_Pipe/README.md @@ -18,7 +18,7 @@ pipe() source options. pipe(filename); ``` -**NOTE:** As of syslog-ng Open Source Edition 3.0.2, pipes are created +**NOTE:** As of {{ site.product.name }} 3.0.2, pipes are created automatically. In earlier versions, you had to create the pipe using the **mkfifo(1)** command. {: .notice--info} @@ -32,8 +32,8 @@ therefore it is not recommended to be used on special files like > >- It is not recommended to use pipe() on anything else than real pipes. > ->- By default, syslog-ng OSE uses the **flags(no-hostname)** option for pipes, -> meaning that syslog-ng OSE assumes that the log messages received from the +>- By default, {{ site.product.short_name }} uses the **flags(no-hostname)** option for pipes, +> meaning that {{ site.product.short_name }} assumes that the log messages received from the > pipe do not contain the hostname field. If your messages do contain the > hostname field, use **flags(expect-hostname)**. {: .notice--warning} diff --git a/doc/_admin-guide/060_Sources/120_pacct/000_pacct_options.md b/doc/_admin-guide/060_Sources/120_pacct/000_pacct_options.md index c7b5c440..111abdee 100644 --- a/doc/_admin-guide/060_Sources/120_pacct/000_pacct_options.md +++ b/doc/_admin-guide/060_Sources/120_pacct/000_pacct_options.md @@ -11,7 +11,7 @@ The pacct() driver has the following options: | Default: | /var/log/account/pacct| *Description:* The file where the process accounting logs are stored --- -syslog-ng OSE reads accounting messages from this file. +{{ site.product.short_name }} reads accounting messages from this file. {% include doc/admin-guide/options/follow-freq.md %} diff --git a/doc/_admin-guide/060_Sources/120_pacct/README.md b/doc/_admin-guide/060_Sources/120_pacct/README.md index cbe440ad..f1a36064 100644 --- a/doc/_admin-guide/060_Sources/120_pacct/README.md +++ b/doc/_admin-guide/060_Sources/120_pacct/README.md @@ -3,7 +3,7 @@ title: 'pacct: Collecting process accounting logs on Linux' short_title: pacct id: adm-src-pacct description: >- - Starting with version 3.2, syslog-ng OSE can collect process accounting + Starting with version 3.2, {{ site.product.short_name }} can collect process accounting logs on Linux systems.Process accounting is the method of recording and summarizing commands executed on Linux, for example, the commands being run, the user who executed the command, CPU time used by the process, @@ -15,14 +15,14 @@ description: >- To use the pacct() driver, the following conditions must be met: -- The syslog-ng OSE application must be compiled with the +- The {{ site.product.short_name }} application must be compiled with the *--enable-pacct* option. Execute the `syslog-ng -V` command to check if your binary supports process accounting. -- The pacctformat plugin must be loaded. By default, syslog-ng OSE +- The pacctformat plugin must be loaded. By default, {{ site.product.short_name }} automatically loads the available modules. -- The scl.conf file must be included in your syslog-ng configuration: +- The scl.conf file must be included in your {{ site.product.short_name }} configuration: ```config @include "scl.conf" @@ -33,7 +33,7 @@ To use the pacct() driver, the following conditions must be met: The pacct() driver parses the fields of the accounting logs and transforms them into name-value pairs. The fields are defined in the -manual page of the accounting log file (man acct), syslog-ng OSE +manual page of the accounting log file (man acct), {{ site.product.short_name }} prepends every field with the .pacct. prefix. For example, the **ac_uid** field that contains the id of the user who started the process will be available under the $.pacct.ac_uid name. These can be diff --git a/doc/_admin-guide/060_Sources/140_Python/000_Server_style_Python_sources.md b/doc/_admin-guide/060_Sources/140_Python/000_Server_style_Python_sources.md index 1ec2f644..c03d8ea4 100644 --- a/doc/_admin-guide/060_Sources/140_Python/000_Server_style_Python_sources.md +++ b/doc/_admin-guide/060_Sources/140_Python/000_Server_style_Python_sources.md @@ -13,12 +13,12 @@ description: >- **Declaration** -Python sources consist of two parts. The first is a syslog-ng OSE source -object that you define in your syslog-ng OSE configuration and use in +Python sources consist of two parts. The first is a {{ site.product.short_name }} source +object that you define in your {{ site.product.short_name }} configuration and use in the log path. This object references a Python class, which is the second part of the Python source. The Python class receives or fetches the log messages, and can do virtually anything that you can code in Python. You -can either embed the Python class into your syslog-ng OSE configuration +can either embed the Python class into your {{ site.product.short_name }} configuration file, or [[store it in an external Python file|adm-conf-python]]. ```config @@ -89,12 +89,11 @@ Python LogMessage API. ### request_exit(self) method (mandatory) -The syslog-ng OSE application calls this method when syslog-ng OSE is +The {{ site.product.short_name }} application calls this method when {{ site.product.short_name }} is shut down or restarted. The request_exit method must shut down the event loop or framework, so the run method can return gracefully. If you use blocking operations within the run() method, use **request_exit()** -to interrupt those operations and set an exit flag, otherwise syslog-ng -OSE is not able to stop. Note that syslog-ng OSE calls the request_exit +to interrupt those operations and set an exit flag, otherwise {{ site.product.short_name }} is not able to stop. Note that {{ site.product.short_name }} calls the request_exit method from a thread different from the source thread. {% include doc/admin-guide/python-deinit.md %} diff --git a/doc/_admin-guide/060_Sources/140_Python/001_Python_logmessage_API.md b/doc/_admin-guide/060_Sources/140_Python/001_Python_logmessage_API.md index 48d02aa8..d0bada6a 100644 --- a/doc/_admin-guide/060_Sources/140_Python/001_Python_logmessage_API.md +++ b/doc/_admin-guide/060_Sources/140_Python/001_Python_logmessage_API.md @@ -35,16 +35,16 @@ specific methods. Note the following points when creating a log message: -- When setting the hostname, syslog-ng OSE takes the following +- When setting the hostname, {{ site.product.short_name }} takes the following hostname-related options of the configuration into account: chain-hostnames(), keep-hostname(), use-dns(), and use-fqdn(). - Python sources ignore the log-msg-size() option. -- The syslog-ng OSE application accepts only one message from every +- The {{ site.product.short_name }} application accepts only one message from every LogSource::post_message() or fetch() call, batching is currently not supported. If your Python code accepts batches of messages, you - must pass them to syslog-ng OSE one-by-one. Similarly, if you need + must pass them to {{ site.product.short_name }} one-by-one. Similarly, if you need to split messages in the source, you must do so in your Python code, and pass the messages separately. @@ -56,12 +56,11 @@ Note the following points when creating a log message: The parse() method allows you to parse incoming messages as syslog messages. By default, the parse() method attempts to parse the message as an IETF-syslog (RFC-5424) log message. If that fails, it parses the -log message as a BSD-syslog (RFC-3164) log message. Note that syslog-ng -OSE takes the parsing-related options of the configuration into account: +log message as a BSD-syslog (RFC3164) log message. Note that {{ site.product.short_name }} takes the parsing-related options of the configuration into account: flags(), keep-hostname(), recv-time-zone(). -If keep-hostname() is set to **no**, syslog-ng OSE ignores the hostname -set in the message, and uses the IP address of the syslog-ng OSE host as +If keep-hostname() is set to **no**, {{ site.product.short_name }} ignores the hostname +set in the message, and uses the IP address of the {{ site.product.short_name }} host as the hostname (to use the hostname instead of the IP address, set the use-dns() or use-fqdn() options in the Python source). @@ -90,5 +89,5 @@ msg.set_timestamp(timestamp) # datetime object, includes timezone information ``` In Python 2, timezone information cannot be attached to the datetime -instance without using an external library. The syslog-ng OSE represents +instance without using an external library. The {{ site.product.short_name }} represents naive datetime objects in UTC. diff --git a/doc/_admin-guide/060_Sources/140_Python/003_Fetcher_style_Python_sources.md b/doc/_admin-guide/060_Sources/140_Python/003_Fetcher_style_Python_sources.md index 5aa2c740..1f62ce63 100644 --- a/doc/_admin-guide/060_Sources/140_Python/003_Fetcher_style_Python_sources.md +++ b/doc/_admin-guide/060_Sources/140_Python/003_Fetcher_style_Python_sources.md @@ -11,12 +11,12 @@ description: >- **Declaration** -Python sources consist of two parts. The first is a syslog-ng OSE source -object that you define in your syslog-ng OSE configuration and use in +Python sources consist of two parts. The first is a {{ site.product.short_name }} source +object that you define in your {{ site.product.short_name }} configuration and use in the log path. This object references a Python class, which is the second part of the Python source. The Python class receives or fetches the log messages, and can do virtually anything that you can code in Python. You -can either embed the Python class into your syslog-ng OSE configuration +can either embed the Python class into your {{ site.product.short_name }} configuration file, or [[store it in an external Python file|adm-conf-python]]. ```config @@ -67,7 +67,7 @@ Fetcher-style Python sources must be inherited from the syslogng.LogFetcher class, and must implement at least the fetch method. Multiple inheritance is allowed, but only for pure Python super classes. -For fetcher-style Python sources, syslog-ng OSE handles the event loop +For fetcher-style Python sources, {{ site.product.short_name }} handles the event loop and the scheduling automatically. You can use simple blocking server/client libraries to receive or fetch logs. @@ -79,12 +79,12 @@ You can retrieve messages using the **fetch()** method. The open(self) method opens the resources required for the source, for example, it initiates a connection to the target service. It is called -after init() when syslog-ng OSE is started or reloaded. If fetch() -returns with an error, syslog-ng OSE calls the close() and open() +after init() when {{ site.product.short_name }} is started or reloaded. If fetch() +returns with an error, {{ site.product.short_name }} calls the close() and open() methods before trying to fetch a new message. If open() fails, it should return the False value. In this case, -syslog-ng OSE retries it every time-reopen() seconds. By default, this +{{ site.product.short_name }} retries it every time-reopen() seconds. By default, this is 1 second for Python sources and destinations, the value of time-reopen() is not inherited from the global option. For details, see Error handling in the python() destination. @@ -99,7 +99,7 @@ Python LogMessage API. The fetch method must return one of the following values: -- LogFetcher.FETCH_ERROR: Fetching new messages failed, syslog-ng OSE +- LogFetcher.FETCH_ERROR: Fetching new messages failed, {{ site.product.short_name }} calls the close and open methods. - LogFetcher.FETCH_NO_DATA: There was not any data available. The @@ -108,7 +108,7 @@ The fetch method must return one of the following values: setting the fetch-no-data-delay() option in the source. - LogFetcher.FETCH_NOT_CONNECTED: Could not access the source, - syslog-ng OSE calls the open method. + {{ site.product.short_name }} calls the open method. - LogFetcher.FETCH_SUCCESS, msg: Post the message returned as the second argument. @@ -121,14 +121,14 @@ The fetch method must return one of the following values: If you use blocking operations within the fetch() method, use request_exit() to interrupt those operations (for example, to shut down -a socket), otherwise syslog-ng OSE is not able to stop. Note that -syslog-ng OSE calls the request_exit method from a thread different +a socket), otherwise {{ site.product.short_name }} is not able to stop. Note that +{{ site.product.short_name }} calls the request_exit method from a thread different from the source thread. ### close(self) method (optional) Close the connection to the target service. Usually it is called right -before deinit() when stopping or reloading syslog-ng OSE. It is also +before deinit() when stopping or reloading {{ site.product.short_name }}. It is also called when fecth() fails. {% include doc/admin-guide/python-deinit.md %} diff --git a/doc/_admin-guide/060_Sources/140_Python/README.md b/doc/_admin-guide/060_Sources/140_Python/README.md index 6f4de9a5..afc03b11 100644 --- a/doc/_admin-guide/060_Sources/140_Python/README.md +++ b/doc/_admin-guide/060_Sources/140_Python/README.md @@ -6,7 +6,7 @@ description: >- The Python source allows you to write your own source in Python. You can import external Python modules to receive or fetch the messages. Since many services have a Python library, the Python source makes integrating - syslog-ng OSE very easy and quick. + {{ site.product.short_name }} very easy and quick. --- You can write two different type of sources in Python: diff --git a/doc/_admin-guide/060_Sources/145_qBittorrent/README.md b/doc/_admin-guide/060_Sources/145_qBittorrent/README.md index 5c929a6e..239054bb 100644 --- a/doc/_admin-guide/060_Sources/145_qBittorrent/README.md +++ b/doc/_admin-guide/060_Sources/145_qBittorrent/README.md @@ -3,7 +3,7 @@ title: qBittorrent log source short_title: qBittorrent id: adm-src-qbit description: >- - In syslog-ng OSE 4.6 and later versions it is possible to collect logs of the qBittorrent application. + In {{ site.product.short_name }} 4.6 and later versions it is possible to collect logs of the qBittorrent application. --- ```config diff --git a/doc/_admin-guide/060_Sources/150_snmptrap/000_snmptrap_options.md b/doc/_admin-guide/060_Sources/150_snmptrap/000_snmptrap_options.md index 3da88c1f..b87a4f15 100644 --- a/doc/_admin-guide/060_Sources/150_snmptrap/000_snmptrap_options.md +++ b/doc/_admin-guide/060_Sources/150_snmptrap/000_snmptrap_options.md @@ -12,7 +12,7 @@ option is required, the others are optional. In addition to traps, the log of snmptrapd may contain other messages (for example, daemon start/stop information, debug logs) as well. -Currently syslog-ng OSE discards these messages. +Currently {{ site.product.short_name }} discards these messages. {% include doc/admin-guide/options/hook.md %} @@ -31,6 +31,6 @@ Default value: .snmp. option. name-value pairs, so you can handle the content of the trap as a structured message. Consequently, you might not even need the `${MESSAGE}` part of the log message. If set-message-macro() is set to -**no**, syslog-ng OSE leaves the `${MESSAGE}` part empty. If -set-message-macro() is set to **yes**, syslog-ng OSE generates a regular +**no**, {{ site.product.short_name }} leaves the `${MESSAGE}` part empty. If +set-message-macro() is set to **yes**, {{ site.product.short_name }} generates a regular log message from the trap. diff --git a/doc/_admin-guide/060_Sources/150_snmptrap/README.md b/doc/_admin-guide/060_Sources/150_snmptrap/README.md index 3ab0e099..2b3eaa09 100644 --- a/doc/_admin-guide/060_Sources/150_snmptrap/README.md +++ b/doc/_admin-guide/060_Sources/150_snmptrap/README.md @@ -5,13 +5,13 @@ id: adm-src-snmp description: >- Using the snmptrap() source, you can read and parse the SNMP traps of the Net-SNMPs snmptrapd application. - syslog-ng OSE can read these traps from a log file, and extract their + {{ site.product.short_name }} can read these traps from a log file, and extract their content into name-value pairs, making it easy to forward them as a - structured log message (for example, in JSON format). The syslog-ng OSE + structured log message (for example, in JSON format). The {{ site.product.short_name }} application automatically adds the .snmp. prefix to the name of the fields the extracted from the message. - The snmptrap() source is available in syslog-ng OSE version 3.10 and + The snmptrap() source is available in {{ site.product.short_name }} version 3.10 and later. --- @@ -23,19 +23,19 @@ description: >- - In addition to traps, the log of snmptrapd may contain other messages (for example, daemon start/stop information, debug logs) as - well. Currently syslog-ng OSE discards these messages. + well. Currently {{ site.product.short_name }} discards these messages. -- The syslog-ng OSE application cannot resolve OIDs, you have to +- The {{ site.product.short_name }} application cannot resolve OIDs, you have to configure snmptrapd to do so. Note that because of a bug, if snmptrapd does not escape String values in the VarBindList if it can - resolve an OID to a symbolic name. As a result, syslog-ng OSE cannot + resolve an OID to a symbolic name. As a result, {{ site.product.short_name }} cannot process traps that contain the = in the value of the string. To overcome this problem, disable resolving OIDs in snmptrapd. For details, see the documentation of snmptrapd. - The colon (:) character is commonly used in SNMP traps. However, - this character cannot be used in the name of syslog-ng OSE macros - (name-value pairs). Therefore, the syslog-ng OSE application + this character cannot be used in the name of {{ site.product.short_name }} macros + (name-value pairs). Therefore, the {{ site.product.short_name }} application automatically replaces all consecutive : characters with a single underscore (_) character. For example, you can reference the value of the NET-SNMP-EXAMPLES-MIB::netSnmpExampleString key using the @@ -54,7 +54,7 @@ description: >- format1 %.4y-%.2m-%.2l %.2h:%.2j:%.2k %B [%b]: %N\n\t%W Trap (%q) Uptime: %#T\n%v\n - If you use SMIv2 traps, use the default format. The snmptrap() - source of syslog-ng OSE expects this default format: + source of {{ site.product.short_name }} expects this default format: format2 %.4y-%.2m-%.2l %.2h:%.2j:%.2k %B [%b]:\n%v\n @@ -64,7 +64,7 @@ description: >- will not apply the the trap format. To use the snmptrap() driver, the scl.conf file must be included in your -syslog-ng OSE configuration: +{{ site.product.short_name }} configuration: ```config @include "scl.conf" @@ -83,7 +83,7 @@ Starting snmptrapd: `snmptrapd -A -Lf /var/log/snmptrapd.log` Sending a sample V2 trap message: snmptrap -v2c -c public 127.0.0.1 666 NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification netSnmpExampleHeartbeatRate i 60 netSnmpExampleString s \"string\". From -this trap, syslog-ng OSE receives the following input: +this trap, {{ site.product.short_name }} receives the following input: > 2017-05-23 15:29:40 localhost [UDP: [127.0.0.1]:59993->[127.0.0.1]:162]: > SNMPv2-SMI::mib-2.1.3.0 = Timeticks: (666) 0:00:06.66 @@ -91,7 +91,7 @@ this trap, syslog-ng OSE receives the following input: > NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatRate = > INTEGER: 60 NET-SNMP-EXAMPLES-MIB::netSnmpExampleString = STRING: string -The following syslog-ng OSE configuration sample uses the default +The following {{ site.product.short_name }} configuration sample uses the default settings of the driver, reading SNMP traps from the /var/log/snmptrapd.log file, and writes the log messages generated from the traps into a file. @@ -108,7 +108,7 @@ the traps into a file. }; ``` -From the trap, syslog-ng OSE writes the following into the log file: +From the trap, {{ site.product.short_name }} writes the following into the log file: >May 23 15:29:40 myhostname snmptrapd: hostname='localhost', transport_info='UDP: [127.0.0.1]:59993->[127.0.0.1]>:162', SNMPv2-SMI::mib-2.1.3.0='(666) 0:00:06.66', SNMPv2-SMI::snmpModules.1.1.4.1.>0='NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatNotification', >NET-SNMP-EXAMPLES-MIB::netSnmpExampleHeartbeatRate='60', NET-SNMP-EXAMPLES-MIB::netSnmpExampleString='string' diff --git a/doc/_admin-guide/060_Sources/160_sun-streams/README.md b/doc/_admin-guide/060_Sources/160_sun-streams/README.md index 1270020d..f82f21fe 100644 --- a/doc/_admin-guide/060_Sources/160_sun-streams/README.md +++ b/doc/_admin-guide/060_Sources/160_sun-streams/README.md @@ -19,7 +19,7 @@ STREAMS device to open, and the door() option. For the list of available optional parameters, see sun-streams() source options. -**NOTE:** Starting with version 3.7, the syslog-ng OSE system() driver +**NOTE:** Starting with version 3.7, the {{ site.product.short_name }} system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system() driver, use the diff --git a/doc/_admin-guide/060_Sources/170_Syslog/README.md b/doc/_admin-guide/060_Sources/170_Syslog/README.md index 1310d750..5c8476c5 100644 --- a/doc/_admin-guide/060_Sources/170_Syslog/README.md +++ b/doc/_admin-guide/060_Sources/170_Syslog/README.md @@ -14,7 +14,7 @@ NOTE: The syslog() driver can also receive BSD-syslog-formatted messages BSD-syslog or legacy-syslog messages if they are sent using the IETF-syslog protocol. -In syslog-ng OSE versions 3.1 and earlier, the syslog() driver could +In {{ site.product.short_name }} versions 3.1 and earlier, the syslog() driver could handle only messages in the IETF-syslog (RFC-5424) format. For the list of available optional parameters, see diff --git a/doc/_admin-guide/060_Sources/180_System/README.md b/doc/_admin-guide/060_Sources/180_System/README.md index 760d3be8..f3b6a7b2 100644 --- a/doc/_admin-guide/060_Sources/180_System/README.md +++ b/doc/_admin-guide/060_Sources/180_System/README.md @@ -3,33 +3,32 @@ title: 'system: Collecting the system-specific log messages of a platform' short_title: system id: adm-src-system description: >- - Starting with version 3.2, syslog-ng OSE can automatically collect the + Starting with version 3.2, {{ site.product.short_name }} can automatically collect the system-specific log messages of the host on a number of platforms using the system() driver. If the system() driver is included in the - syslog-ng OSE configuration file, syslog-ng OSE automatically adds the - following sources to the syslog-ng OSE configuration. + {{ site.product.short_name }} configuration file, {{ site.product.short_name }} automatically adds the + following sources to the {{ site.product.short_name }} configuration. --- -**NOTE:** syslog-ng OSE versions 3.2-3.3 used an external script to generate +**NOTE:** {{ site.product.short_name }} versions 3.2-3.3 used an external script to generate the system() source, but this was problematic in certain situations, for example, when the host used a strict AppArmor profile. Therefore, the -system() source is now generated internally in syslog-ng OSE. +system() source is now generated internally in {{ site.product.short_name }}. {: .notice--info} The system() driver is also used in the default configuration file of -syslog-ng OSE. For details on the default configuration file, see -Example: The default configuration file of syslog-ng -OSE. Starting with syslog-ng OSE version 3.6, you can use the **system-expand** +{{ site.product.short_name }}. For details on the default configuration file, see +Example: The default configuration file of {{ site.product.short_name }}. Starting with {{ site.product.short_name }} version 3.6, you can use the **system-expand** command-line utility (which is a shell script, located in the modules/system-source/ directory) to display the configuration that the system() source will use. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -If syslog-ng OSE does not recognize the platform it is installed on, it does not +If {{ site.product.short_name }} does not recognize the platform it is installed on, it does not add any sources. {: .notice--warning} -Starting with version 3.6, syslog-ng OSE parses messages complying with +Starting with version 3.6, {{ site.product.short_name }} parses messages complying with the Splunk Common Information Model(CIM) and marked with @cim as JSON messages (for example, the ulogd from the netfilter project can emit such messages). That way, you can forward @@ -49,16 +48,16 @@ such messages without losing any information to CIM-aware applications | Linux | unix-dgram("/dev/log"); | | | file("/proc/kmsg" program-override("kernel") flags(kernel)); | | | Note that on Linux, the so-rcvbuf() option of the system() source is automatically set to 8192. | -| | If the host is running under systemd, syslog-ng OSE reads directly from the systemd journal file using the systemd-journal() source. | -| | If the kernel of the host is version 3.5 or newer, and /dev/kmsg is seekable, syslog-ng OSE will use that instead of /proc/kmsg, using the multi-line-mode(indented), keep-timestamp(no), and the format(linux-kmsg)options. | -| | If syslog-ng OSE is running in a jail or a Linux Container (LXC), it will not read from the /dev/kmsg or /proc/kmsg files. | +| | If the host is running under systemd, {{ site.product.short_name }} reads directly from the systemd journal file using the systemd-journal() source. | +| | If the kernel of the host is version 3.5 or newer, and /dev/kmsg is seekable, {{ site.product.short_name }} will use that instead of /proc/kmsg, using the multi-line-mode(indented), keep-timestamp(no), and the format(linux-kmsg)options. | +| | If {{ site.product.short_name }} is running in a jail or a Linux Container (LXC), it will not read from the /dev/kmsg or /proc/kmsg files. | | macOS | file("/var/log/system.log" follow-freq(1)); | -| | **NOTE:** Starting with version 3.7, the syslog-ng OSE system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the Solaris parser on GitHub.| +| | **NOTE:** Starting with version 3.7, the {{ site.product.short_name }} system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the Solaris parser on GitHub.| | NetBSD | unix-dgram("/var/run/log"); | -| | NOTE: Starting with version 3.7, the syslog-ng OSE system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the Solaris parser on GitHub. | +| | NOTE: Starting with version 3.7, the {{ site.product.short_name }} system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the Solaris parser on GitHub. | | Solaris 8 | sun-streams("/dev/log"); | -| | NOTE: Starting with version 3.7, the syslog-ng OSE system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the Solaris parser on GitHub. | +| | NOTE: Starting with version 3.7, the {{ site.product.short_name }} system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the Solaris parser on GitHub. | | Solaris 9 | sun-streams("/dev/log" door("/etc/.syslog_door")); | -| | NOTE: Starting with version 3.7, the syslog-ng OSE system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the Solaris parser on GitHub. | +| | NOTE: Starting with version 3.7, the {{ site.product.short_name }} system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the Solaris parser on GitHub. | | Solaris 10 | sun-streams("/dev/log" door("/var/run/syslog_door")); | -| | NOTE: Starting with version 3.7, the syslog-ng OSE system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the solaris parser on GitHub. | +| | NOTE: Starting with version 3.7, the {{ site.product.short_name }} system() driver automatically extracts the msgid from the message (if available), and stores it in the .solaris.msgid macro. To extract the msgid from the message without using the system()driver, use the **extract-solaris-msgid()** parser. You can find the exact source of the solaris parser on GitHub. | diff --git a/doc/_admin-guide/060_Sources/190_systemd-journal/000_systemd-journal_options.md b/doc/_admin-guide/060_Sources/190_systemd-journal/000_systemd-journal_options.md index d83b8688..b3e97fd6 100644 --- a/doc/_admin-guide/060_Sources/190_systemd-journal/000_systemd-journal_options.md +++ b/doc/_admin-guide/060_Sources/190_systemd-journal/000_systemd-journal_options.md @@ -31,16 +31,16 @@ exist. | Type: | `yes`, `no`| | Default: | `no`| -This option is available in syslog-ng OSE 4.1 and later versions. +This option is available in {{ site.product.short_name }} 4.1 and later versions. -*Description:* If this option is set to `yes`, syslog-ng OSE fetches only which relate to the current boot. Every message generated in the previous boot is ignored. +*Description:* If this option is set to `yes`, {{ site.product.short_name }} fetches only which relate to the current boot. Every message generated in the previous boot is ignored. ## matches() | Type: | string| | Default: | | -This option is available in syslog-ng OSE 4.1 and later versions. +This option is available in {{ site.product.short_name }} 4.1 and later versions. *Description:* This option specifies one or more filters to be applied on the journal fields. This options application is similar to `journalctl`. @@ -88,7 +88,7 @@ The following modes of operation are available: *Syntax:* `namespace(string)` -**NOTE:** Starting with syslog-ng OSE version 4.4, multiple systemd-journal() +**NOTE:** Starting with {{ site.product.short_name }} version 4.4, multiple systemd-journal() sources can be configured. When configuring multiple sources, each systemd namespace must be unique. {: .notice--info} @@ -116,7 +116,7 @@ source s_journal ``` **NOTE:** Namespace support was introduced to the Journalctl command line -tool in Systemd version 2.45. The syslog-ng OSE application supports the +tool in Systemd version 2.45. The {{ site.product.short_name }} application supports the namespace() option from version 3.29. For further information about namespaces on the Systemd side, see Journal Namespaces. {: .notice--info} @@ -127,17 +127,16 @@ namespaces on the Systemd side, see Journal Namespaces. | Default: | .journald.| *Description:* If this option is set, every non-built-in mapped names -get a prefix (for example: ".SDATA.journald."). By default, syslog-ng -OSE adds the .journald. prefix to every value. +get a prefix (for example: ".SDATA.journald."). By default, {{ site.product.short_name }} adds the .journald. prefix to every value. ## read-old-records() | Accepted values:| yes \| no| |Default:| yes| -*Description:* If set to **yes**, syslog-ng OSE will start reading the +*Description:* If set to **yes**, {{ site.product.short_name }} will start reading the records from the beginning of the journal, if the journal has not been -read yet. If set to **no**, syslog-ng OSE will read only the new +read yet. If set to **no**, {{ site.product.short_name }} will read only the new records. If the source has a state in the persist file, this option will have no effect. diff --git a/doc/_admin-guide/060_Sources/190_systemd-journal/README.md b/doc/_admin-guide/060_Sources/190_systemd-journal/README.md index 30182467..0faf8c4f 100644 --- a/doc/_admin-guide/060_Sources/190_systemd-journal/README.md +++ b/doc/_admin-guide/060_Sources/190_systemd-journal/README.md @@ -7,7 +7,7 @@ description: >- such as RHEL (from RHEL7) and CentOS. The systemd-journal() source driver can read the structured name-value format of the journald system service, making it easier to reach the custom fields in the message. By - default, syslog-ng OSE adds the .journald. prefix to the name of every + default, {{ site.product.short_name }} adds the .journald. prefix to the name of every parsed value. For a list and description of name-value pairs that journald provides, see the documentation of journald for your platform (for example, man systemd.journal-fields). @@ -31,13 +31,12 @@ the **max-field-size()** option instead. **NOTE:** If you are using RHEL-7, the default source in the configuration is systemd-journal() instead of unix-dgram(\"/dev/log\") and file(\"/proc/kmsg\"). If you are using unix-dgram(\"/dev/log\") or -unix-stream(\"/dev/log\") in your configuration as a source, syslog-ng -OSE will revert to using systemd-journal() instead. +unix-stream(\"/dev/log\") in your configuration as a source, {{ site.product.short_name }} will revert to using systemd-journal() instead. {: .notice--info} ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Only one systemd-journal() source can be configured in the configuration file. -If there is more than one systemd-journal() source configured, syslog-ng OSE +If there is more than one systemd-journal() source configured, {{ site.product.short_name }} will not start. {: .notice--warning} @@ -111,7 +110,7 @@ log { ``` The journal contains credential information about the process that sent -the log message. The syslog-ng OSE application makes this information +the log message. The {{ site.product.short_name }} application makes this information available in the following macros: |Journald field| syslog-ng predefined macro| @@ -120,6 +119,6 @@ available in the following macros: | _HOSTNAME | ${HOST} | | _PID | ${PID}| | _COMM or SYSLOG_IDENTIFIER| ${PROGRAM}| -|| If both _COMM and SYSLOG_IDENTIFIER exists, syslog-ng OSE uses SYSLOG_IDENTIFIER| +|| If both _COMM and SYSLOG_IDENTIFIER exists, {{ site.product.short_name }} uses SYSLOG_IDENTIFIER| |SYSLOG_FACILITY | ${FACILITY_NUM} | |PRIORITY | ${LEVEL_NUM} | diff --git a/doc/_admin-guide/060_Sources/200_systemd-syslog/README.md b/doc/_admin-guide/060_Sources/200_systemd-syslog/README.md index 2dc7a284..2e36bfbc 100644 --- a/doc/_admin-guide/060_Sources/200_systemd-syslog/README.md +++ b/doc/_admin-guide/060_Sources/200_systemd-syslog/README.md @@ -15,7 +15,7 @@ Note the following points about this driver: - The socket activation of systemd is buggy, causing some log messages to get lost during system startup. -- If syslog-ng OSE is running in a jail or a Linux Container (LXC), it +- If {{ site.product.short_name }} is running in a jail or a Linux Container (LXC), it will not read from the /dev/kmsg or /proc/kmsg files. **Declaration** diff --git a/doc/_admin-guide/060_Sources/220_unix-stream_unix-dgram/000_Unix_credentials.md b/doc/_admin-guide/060_Sources/220_unix-stream_unix-dgram/000_Unix_credentials.md index 6f395ac6..febff3e8 100644 --- a/doc/_admin-guide/060_Sources/220_unix-stream_unix-dgram/000_Unix_credentials.md +++ b/doc/_admin-guide/060_Sources/220_unix-stream_unix-dgram/000_Unix_credentials.md @@ -2,12 +2,12 @@ title: UNIX credentials and other metadata id: adm-src-unix-meta description: >- - Starting with syslog-ng OSE 3.6, the unix-stream() and unix-dgram() + Starting with {{ site.product.short_name }} 3.6, the unix-stream() and unix-dgram() sources automatically extract the available UNIX credentials and other metainformation from the received log messages. --- -The syslog-ng OSE application can extract the following information on +The {{ site.product.short_name }} application can extract the following information on Linux and FreeBSD platforms (examples show the value of the macro for the `su - myuser` command). Similar information is available for the [[systemd-journal source|adm-src-systemd-journal]]. diff --git a/doc/_admin-guide/060_Sources/230_stdin/README.md b/doc/_admin-guide/060_Sources/230_stdin/README.md index 26c37886..b7c7ff12 100644 --- a/doc/_admin-guide/060_Sources/230_stdin/README.md +++ b/doc/_admin-guide/060_Sources/230_stdin/README.md @@ -4,12 +4,12 @@ short_title: stdin id: adm-src-stdin description: >- The stdin() driver collects messages from the standard input stream. - When the standard input stream is closed, syslog-ng stops and stdin() + When the standard input stream is closed, {{ site.product.short_name }} stops and stdin() inherits all options from the file() source, including multi-line options, or flags(no-parse). --- -The stdin() driver causes syslog-ng to exit once it hits end-of-file +The stdin() driver causes {{ site.product.short_name }} to exit once it hits end-of-file (EOF). **Declaration** diff --git a/doc/_admin-guide/060_Sources/README.md b/doc/_admin-guide/060_Sources/README.md index b9a8412f..3c851bf6 100644 --- a/doc/_admin-guide/060_Sources/README.md +++ b/doc/_admin-guide/060_Sources/README.md @@ -3,7 +3,7 @@ title: 'source: Read, receive, and collect log messages' short_title: Sources id: adm-src description: >- - A source is where syslog-ng receives log messages. Sources consist of + A source is where {{ site.product.short_name }} receives log messages. Sources consist of one or more drivers, each defining where and how messages are received. --- @@ -52,14 +52,14 @@ source headerless_messages { network(default-facility(syslog) default-priority(e ``` Define a source only once. The same source can be used in several log -paths. Duplicating sources causes syslog-ng to open the source (TCP/IP +paths. Duplicating sources causes {{ site.product.short_name }} to open the source (TCP/IP port, file, and so on) more than once, which might cause problems. For example, include the /dev/log file source only in one source statement, and use this statement in more than one log path if needed. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Sources and destinations are initialized only when they are used in a log statement. -For example, syslog-ng OSE starts listening on a port or starts polling a +For example, {{ site.product.short_name }} starts listening on a port or starts polling a file only if the source is used in a log statement. For details on creating log statements, see log: Filter and route log messages using log paths, flags, and filters. @@ -123,7 +123,7 @@ The following table lists the source drivers available in syslog-ng. |snmptrap()|Read and parse the SNMP traps of the Net-SNMP's snmptrapd application.| |sun-stream(), sun-streams()|Opens the specified STREAMS device on Solaris systems and reads incoming messages.| |syslog()|Listens for incoming messages using the new IETF-standard syslog protocol.| -|system()|Automatically detects which platform syslog-ng OSE is running on, and collects the native log messages of that platform.| +|system()|Automatically detects which platform {{ site.product.short_name }} is running on, and collects the native log messages of that platform.| |systemd-journal()|Collects messages directly from the journal of platforms that use systemd.| |systemd-syslog()|Collects messages from the journal using a socket on platforms that use systemd.| |unix-dgram|Opens the specified unix socket in SOCK_DGRAM mode and listens for incoming messages.| diff --git a/doc/_admin-guide/070_Destinations/000_amqp/000_amqp_options.md b/doc/_admin-guide/070_Destinations/000_amqp/000_amqp_options.md index 577b575f..eb782837 100644 --- a/doc/_admin-guide/070_Destinations/000_amqp/000_amqp_options.md +++ b/doc/_admin-guide/070_Destinations/000_amqp/000_amqp_options.md @@ -63,7 +63,7 @@ templates. | Type:| string| |Default:| syslog| -*Description:* The name of the AMQP exchange where syslog-ng OSE sends +*Description:* The name of the AMQP exchange where {{ site.product.short_name }} sends the message. Exchanges take a message and route it into zero or more queues. @@ -72,7 +72,7 @@ queues. | Type:| yes \| no| |Default:| no| -*Description:* By default, syslog-ng OSE does not create non-existing +*Description:* By default, {{ site.product.short_name }} does not create non-existing exchanges. Use the **exchange-declare(yes)** option to automatically create exchanges. @@ -97,7 +97,7 @@ Guide](https://www.rabbitmq.com/amqp-0-9-1-reference.html). | Type:| number \[seconds\]| |Default:| 0 (disabled)| -*Description:* If enabled, the syslog-ng OSE amqp destination sends +*Description:* If enabled, the {{ site.product.short_name }} amqp destination sends heartbeat messages to the server periodically. During negotiation, both the amqp server and the client provide a heartbeat parameter, and the smaller is chosen for heartbeat interval. For example: @@ -113,7 +113,7 @@ destination { amqp( }; ``` -Available in syslog-ng OSE version 3.21 and later. +Available in {{ site.product.short_name }} version 3.21 and later. {% include doc/admin-guide/options/hook.md %} diff --git a/doc/_admin-guide/070_Destinations/000_amqp/README.md b/doc/_admin-guide/070_Destinations/000_amqp/README.md index 9d6c4bd7..8add2e78 100644 --- a/doc/_admin-guide/070_Destinations/000_amqp/README.md +++ b/doc/_admin-guide/070_Destinations/000_amqp/README.md @@ -3,8 +3,8 @@ title: 'amqp: Publishing messages using AMQP' short_title: amqp id: adm-dest-amqp description: >- - The amqp() driver publishes messages using the AMQP (Advanced Message Queuing Protocol). syslog-ng OSE supports AMQP - versions 0.9.1 and 1.0. The syslog-ng OSE amqp() driver supports + The amqp() driver publishes messages using the AMQP (Advanced Message Queuing Protocol). {{ site.product.short_name }} supports AMQP + versions 0.9.1 and 1.0. The {{ site.product.short_name }} amqp() driver supports persistence, and every available exchange types. --- diff --git a/doc/_admin-guide/070_Destinations/010_collectd/000_collectd_options.md b/doc/_admin-guide/070_Destinations/010_collectd/000_collectd_options.md index a2dda1a4..ef146488 100644 --- a/doc/_admin-guide/070_Destinations/010_collectd/000_collectd_options.md +++ b/doc/_admin-guide/070_Destinations/010_collectd/000_collectd_options.md @@ -21,7 +21,7 @@ the underlying unix-stream() driver (for example, socket buffer size). |Default:| ${HOST}| *Description:* The hostname that is passed to collectd. By default, -syslog-ng OSE uses the host from the log message as the hostname. +{{ site.product.short_name }} uses the host from the log message as the hostname. ## interval() diff --git a/doc/_admin-guide/070_Destinations/010_collectd/README.md b/doc/_admin-guide/070_Destinations/010_collectd/README.md index 3bf8c0d2..fd191949 100644 --- a/doc/_admin-guide/070_Destinations/010_collectd/README.md +++ b/doc/_admin-guide/070_Destinations/010_collectd/README.md @@ -6,7 +6,7 @@ description: >- The collectd() destination uses the unixsock plugin of the collectd application to send log messages to the collectd system statistics collection daemon. You must install and configure collectd separately before using this destination. - Available in syslog-ng OSE version 3.20 and later. + Available in {{ site.product.short_name }} version 3.20 and later. --- **Declaration** @@ -45,7 +45,7 @@ destination d_collectd { ``` To use the collectd() driver, the scl.conf file must be included in your -syslog-ng OSE configuration: +{{ site.product.short_name }} configuration: ```config @include "scl.conf" diff --git a/doc/_admin-guide/070_Destinations/020_Discord/000_Discord_options.md b/doc/_admin-guide/070_Destinations/020_Discord/000_Discord_options.md index 02a0e8c2..05f18a88 100644 --- a/doc/_admin-guide/070_Destinations/020_Discord/000_Discord_options.md +++ b/doc/_admin-guide/070_Destinations/020_Discord/000_Discord_options.md @@ -5,7 +5,7 @@ throttle: '5' id: adm-dest-discord-opt --- -The discord() destination of syslog-ng OSE can directly post log +The discord() destination of {{ site.product.short_name }} can directly post log messages to web services using the HTTP protocol. The discord() destination has the following options. diff --git a/doc/_admin-guide/070_Destinations/020_Discord/README.md b/doc/_admin-guide/070_Destinations/020_Discord/README.md index 37fc6aec..951a53e7 100644 --- a/doc/_admin-guide/070_Destinations/020_Discord/README.md +++ b/doc/_admin-guide/070_Destinations/020_Discord/README.md @@ -7,7 +7,7 @@ description: >- using Discord Webhook. For the list of available optional parameters, see Discord destination options. - Available in syslog-ng OSE version 3.33 and later. + Available in {{ site.product.short_name }} version 3.33 and later. --- @@ -24,7 +24,7 @@ Discord: Rate Limits. To change this, use the throttle() option. To use this destination, the scl.conf file must be included in your -syslog-ng OSE configuration: +{{ site.product.short_name }} configuration: ```config @include "scl.conf" diff --git a/doc/_admin-guide/070_Destinations/030_Elasticsearch-http/001_Elasticsearch-http_options.md b/doc/_admin-guide/070_Destinations/030_Elasticsearch-http/001_Elasticsearch-http_options.md index 5b65a23d..feba785f 100644 --- a/doc/_admin-guide/070_Destinations/030_Elasticsearch-http/001_Elasticsearch-http_options.md +++ b/doc/_admin-guide/070_Destinations/030_Elasticsearch-http/001_Elasticsearch-http_options.md @@ -4,14 +4,14 @@ batch_lines: '25' workers: '4' id: adm-dest-es-http-opt description: >- - The elasticsearch-http destination of syslog-ng OSE can directly post + The elasticsearch-http destination of {{ site.product.short_name }} can directly post log messages to an Elasticsearch deployment using the Elasticsearch Bulk API over the HTTP and Secure HTTP (HTTPS) protocols. The elasticsearch-http destination has the following options. The required options are: index(), type(), and url(). --- -This destination is available in syslog-ng OSE version 3.21 and later. +This destination is available in {{ site.product.short_name }} version 3.21 and later. {% include doc/admin-guide/options/batch-bytes.md %} @@ -80,12 +80,12 @@ Batch mode and load balancing with ElasticSearch. |Default:| None| *Description:* The name of the Elasticsearch index where Elasticsearch -will store the messages received from syslog-ng OSE. This option is +will store the messages received from {{ site.product.short_name }}. This option is mandatory for this destination. You can use macros and template functions, but you must ensure that the resolved template contains only characters that Elasticsearch permits in -the name of the index. The syslog-ng OSE application does not validate +the name of the index. The {{ site.product.short_name }} application does not validate the name of the index. For details on the characters permitted in the name of Elasticsearch indices, see the documentation of Elasticsearch. @@ -125,9 +125,9 @@ destination { {% include doc/admin-guide/options/retries.md %} To handle HTTP error responses, if the HTTP server returns 5xx codes, -syslog-ng OSE will attempt to resend messages until the number of +{{ site.product.short_name }} will attempt to resend messages until the number of attempts reaches retries. If the HTTP server returns 4xx codes, -syslog-ng OSE will drop the messages. +{{ site.product.short_name }} will drop the messages. {% include doc/admin-guide/options/ssl-version.md %} @@ -167,10 +167,10 @@ address to specify the port number of the server. For example: This option is mandatory for this destination. Make sure that the URL ends with _bulk, this is the Elasticsearch API -endpoint that properly parses the messages sent by syslog-ng OSE. +endpoint that properly parses the messages sent by {{ site.product.short_name }}. In case the server on the specified URL returns a redirect request, -syslog-ng OSE automatically follows maximum 3 redirects. Only HTTP and +{{ site.product.short_name }} automatically follows maximum 3 redirects. Only HTTP and HTTPS based redirections are supported. {% include doc/admin-guide/load-balancing.md %} @@ -180,7 +180,7 @@ HTTPS based redirections are supported. | Type:| string| |Default:| | -*Description:* The username that syslog-ng OSE uses to authenticate on +*Description:* The username that {{ site.product.short_name }} uses to authenticate on the server where it sends the messages. {% include doc/admin-guide/options/use-system-cert-store.md %} diff --git a/doc/_admin-guide/070_Destinations/030_Elasticsearch-http/README.md b/doc/_admin-guide/070_Destinations/030_Elasticsearch-http/README.md index 97f77fef..622c3a98 100644 --- a/doc/_admin-guide/070_Destinations/030_Elasticsearch-http/README.md +++ b/doc/_admin-guide/070_Destinations/030_Elasticsearch-http/README.md @@ -4,7 +4,7 @@ title: 'elasticsearch-http: Sending messages to Elasticsearch HTTP Bulk short_title: elasticsearch-http id: adm-dest-es-http description: >- - Version 3.21 of syslog-ng OSE can directly post log messages to an + Version 3.21 of {{ site.product.short_name }} can directly post log messages to an Elasticsearch deployment using the Elasticsearch Bulk API over the HTTP and Secure HTTP (HTTPS) protocols. --- diff --git a/doc/_admin-guide/070_Destinations/040_File/000_File_destination_options.md b/doc/_admin-guide/070_Destinations/040_File/000_File_destination_options.md index bd84c08f..fd89b6af 100644 --- a/doc/_admin-guide/070_Destinations/040_File/000_File_destination_options.md +++ b/doc/_admin-guide/070_Destinations/040_File/000_File_destination_options.md @@ -8,13 +8,13 @@ The file() driver outputs messages to the specified text file, or to a set of files. The file() destination has the following options: ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** When -creating several thousands separate log files, syslog-ng Open Source Edition -(syslog-ng OSE) might not be able to open the required number of files. +creating several thousands separate log files, {{ site.product.name }} +({{ site.product.short_name }}) might not be able to open the required number of files. This might happen for example, when using the ${HOST} macro in the filename while receiving messages from a large number of hosts. To overcome -this problem, adjust the --fd-limit command-line parameter of syslog-ng OSE +this problem, adjust the --fd-limit command-line parameter of {{ site.product.short_name }} or the global ulimit parameter of your host. For setting the --fd-limit -command-line parameter ofsyslog-ng OSE see the The syslog-ng manual page. +command-line parameter of{{ site.product.short_name }} see the The {{ site.product.short_name }} manual page. For setting the ulimit parameter of the host, see the documentation of your operating system. {: .notice--warning} @@ -29,7 +29,7 @@ of your operating system. - *threaded*: The threaded flag enables multithreading for the destination. For details on multithreading, see - Multithreading and scaling in syslog-ng OSE. + Multithreading and scaling in {{ site.product.short_name }}. **NOTE:** The file destination uses multiple threads only if the destination filename contains macros. @@ -74,10 +74,10 @@ without specifying an attribute: group(). | Type:| number (seconds)| |Default:| 0| -*Description:* If set to a value higher than 0, syslog-ng OSE checks +*Description:* If set to a value higher than 0, {{ site.product.short_name }} checks when the file was last modified before starting to write into the file. If the file is older than the specified amount of time (in seconds), -then syslog-ng removes the existing file and opens a new file with the +then {{ site.product.short_name }} removes the existing file and opens a new file with the same name. In combination with for example, the ${WEEKDAY} macro, this can be used for simple log rotation, in case not all history has to be kept. (Note that in this weekly log rotation example if its Monday @@ -100,7 +100,7 @@ without specifying an attribute: owner(). ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Hazard of data loss! If the size of the incoming message is larger -than the previously set pad-size() value, syslog-ng will truncate +than the previously set pad-size() value, {{ site.product.short_name }} will truncate the message to the specified size. Therefore, all message content above that size will be lost. {: .notice--danger} diff --git a/doc/_admin-guide/070_Destinations/040_File/README.md b/doc/_admin-guide/070_Destinations/040_File/README.md index 002137e7..91d7022b 100644 --- a/doc/_admin-guide/070_Destinations/040_File/README.md +++ b/doc/_admin-guide/070_Destinations/040_File/README.md @@ -10,9 +10,9 @@ description: >- The destination filename may include macros which get expanded when the message is written, thus a simple file() driver may create several -files: for example, syslog-ng OSE can store the messages of client hosts +files: for example, {{ site.product.short_name }} can store the messages of client hosts in a separate file for each host. For more information on available -macros see Macros of syslog-ng OSE. +macros see Macros of {{ site.product.short_name }}. If the expanded filename refers to a directory which does not exist, it will be created depending on the create-dirs() setting (both global and a per destination option). @@ -48,18 +48,18 @@ rotation program to rotate these files. Otherwise, the log files can become very large. {: .notice--info} -Also, after rotating the log files, reload syslog-ng OSE using the +Also, after rotating the log files, reload {{ site.product.short_name }} using the syslog-ng-ctl reload command, or use another method to send a SIGHUP to -syslog-ng OSE. +{{ site.product.short_name }}. {: .notice--info} ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -Since the state of each created file must be tracked by syslog-ng, it consumes +Since the state of each created file must be tracked by {{ site.product.short_name }}, it consumes some memory for each file. If no new messages are written to a file within 60 seconds (controlled by the time-reap() global option), it is closed, and its state is freed. Exploiting this, a DoS attack can be mounted against the system. If the number of possible destination files and its needed memory is more than -the amount available on the syslog-ng server. The most suspicious macro is +the amount available on the {{ site.product.short_name }} server. The most suspicious macro is ${PROGRAM}, where the number of possible variations is rather high. Do not use the ${PROGRAM} macro in insecure environments. {: .notice--warning} diff --git a/doc/_admin-guide/070_Destinations/045_Google_bigQuery/000_bigquery_dest_options.md b/doc/_admin-guide/070_Destinations/045_Google_bigQuery/000_bigquery_dest_options.md index 7578d4a5..98f0d927 100644 --- a/doc/_admin-guide/070_Destinations/045_Google_bigQuery/000_bigquery_dest_options.md +++ b/doc/_admin-guide/070_Destinations/045_Google_bigQuery/000_bigquery_dest_options.md @@ -14,7 +14,7 @@ description: >- | Type:| boolean| |Default:| no| -Available in syslog-ng OSE 4.5 and later versions. +Available in {{ site.product.short_name }} 4.5 and later versions. *Description:* This option enables compression in gRPC requests. Currently only deflate-type (similar to gzip) compression is supported. @@ -23,7 +23,7 @@ Available in syslog-ng OSE 4.5 and later versions. | Type:| string| |Default:| | -*Description:* The name of the syslog-ng OSE destination dataset. +*Description:* The name of the {{ site.product.short_name }} destination dataset. {% include doc/admin-guide/options/disk-buffer.md %} @@ -59,7 +59,7 @@ Available in syslog-ng OSE 4.5 and later versions. | Type:| string| |Default:| | -*Description:* The ID of the Google Cloud project where syslog-ng OSE sends data. +*Description:* The ID of the Google Cloud project where {{ site.product.short_name }} sends data. ## protobuf-schema() @@ -91,7 +91,7 @@ message CustomRecord { | Type:| schema| |Default:| | -*Description:* Defines the schema syntax of the BigQuery table. Each line defines a column. The first part of the line defines the name and type of the column, the second part after the arrow sets syslog-ng OSE templates or macros which are evaluated on every log routed to the bigquery() destination. The available column types are the following: `STRING`, `BYTES`, `INTEGER`, `FLOAT`, `BOOLEAN`, `TIMESTAMP`, `DATE`, `TIME`, `DATETIME`, `JSON`, `NUMERIC`, `BIGNUMERIC`, `GEOGRAPHY`, `RECORD`, `INTERVAL`. +*Description:* Defines the schema syntax of the BigQuery table. Each line defines a column. The first part of the line defines the name and type of the column, the second part after the arrow sets {{ site.product.short_name }} templates or macros which are evaluated on every log routed to the bigquery() destination. The available column types are the following: `STRING`, `BYTES`, `INTEGER`, `FLOAT`, `BOOLEAN`, `TIMESTAMP`, `DATE`, `TIME`, `DATETIME`, `JSON`, `NUMERIC`, `BIGNUMERIC`, `GEOGRAPHY`, `RECORD`, `INTERVAL`. ### Example: defining a BigQuery table using schema() @@ -111,7 +111,7 @@ schema( | Type:| string| |Default:| | -*Description:* Defines the name of the Google BigQuery table where syslog-ng OSE send data to. +*Description:* Defines the name of the Google BigQuery table where {{ site.product.short_name }} send data to. {% include doc/admin-guide/options/template-escape.md %} diff --git a/doc/_admin-guide/070_Destinations/045_Google_bigQuery/README.md b/doc/_admin-guide/070_Destinations/045_Google_bigQuery/README.md index 2c296f95..96fc40c9 100644 --- a/doc/_admin-guide/070_Destinations/045_Google_bigQuery/README.md +++ b/doc/_admin-guide/070_Destinations/045_Google_bigQuery/README.md @@ -3,7 +3,7 @@ title: 'bigquery: Send data to Google BigQuery' short_title: Google BigQuery id: adm-dest-google-bq description: >- - In syslog-ng OSE 4.6 and later versions it is possible to send data to Google Cloud BigQuery through the BigQuery Storage Write API using a gRCP based high performance implementation. + In {{ site.product.short_name }} 4.6 and later versions it is possible to send data to Google Cloud BigQuery through the BigQuery Storage Write API using a gRCP based high performance implementation. --- ## Prerequisites @@ -15,7 +15,7 @@ description: >- * https://www.googleapis.com/auth/cloud-platform * https://www.googleapis.com/auth/bigquery.insertdata -To configure syslog-ng OSE, the name of the project, the dataset, the name and schema of the used table are necessary. +To configure {{ site.product.short_name }}, the name of the project, the dataset, the name and schema of the used table are necessary. The authentication is done through Application Default Credentials. diff --git a/doc/_admin-guide/070_Destinations/047_Google_PubSub/000_pubsub_dest_options.md b/doc/_admin-guide/070_Destinations/047_Google_PubSub/000_pubsub_dest_options.md index 7fc65aa4..327ac3ac 100644 --- a/doc/_admin-guide/070_Destinations/047_Google_PubSub/000_pubsub_dest_options.md +++ b/doc/_admin-guide/070_Destinations/047_Google_PubSub/000_pubsub_dest_options.md @@ -13,7 +13,7 @@ description: >- | Type:| string| |Default:| `"--scope rfc5424,all-nv-pairs --exclude MESSAGE"`| -*Description:* A JSON object representing key-value pairs for the Pub/Sub Event, formatted as syslog-ng OSE value-pairs. By default, the `google-pubsub()` destination sends the RFC-5424 fields as attributes. If different fields are required, override the default template. By default, the message part is sent in the `data()` option +*Description:* A JSON object representing key-value pairs for the Pub/Sub Event, formatted as {{ site.product.short_name }} value-pairs. By default, the `google-pubsub()` destination sends the RFC-5424 fields as attributes. If different fields are required, override the default template. By default, the message part is sent in the `data()` option ## auth() @@ -45,11 +45,11 @@ See the example for `auth()` above. | Type:| string/template| |Default:| | -*Description:* The ID of the Google Cloud project where syslog-ng OSE sends the data. The Pub/Sub API must be enabled for the project. +*Description:* The ID of the Google Cloud project where {{ site.product.short_name }} sends the data. The Pub/Sub API must be enabled for the project. ## topic() | Type:| string| |Default:| | -*Description:* The name of the Google Pub/Sub target topic to where syslog-ng OSE sends the data. \ No newline at end of file +*Description:* The name of the Google Pub/Sub target topic to where {{ site.product.short_name }} sends the data. diff --git a/doc/_admin-guide/070_Destinations/047_Google_PubSub/README.md b/doc/_admin-guide/070_Destinations/047_Google_PubSub/README.md index 38c4c83a..6e6cc419 100644 --- a/doc/_admin-guide/070_Destinations/047_Google_PubSub/README.md +++ b/doc/_admin-guide/070_Destinations/047_Google_PubSub/README.md @@ -3,18 +3,18 @@ title: 'PubSub: Send data to Google Pub/Sub' short_title: Google PubSub id: adm-dest-google-pubsub description: >- - In syslog-ng OSE 4.5 and later versions it is possible to send data to Google Cloud Pub/Sub using its HTTP REST API. + In {{ site.product.short_name }} 4.5 and later versions it is possible to send data to Google Cloud Pub/Sub using its HTTP REST API. --- ## Prerequisites * A live Google Pub/Sub subscription. -* An IAM service account used by syslog-ng OSE for authentication. +* An IAM service account used by {{ site.product.short_name }} for authentication. * A Google Cloud project with the Pub/Sub API enabled. For more information, see the Google Pub/Sub tutorial. -To configure syslog-ng OSE, the name of the project and the target topic of the data is required. +To configure {{ site.product.short_name }}, the name of the project and the target topic of the data is required. ### Example: minimal configuration of a Pub/Sub destination diff --git a/doc/_admin-guide/070_Destinations/050_Graphite/000_Graphite_options.md b/doc/_admin-guide/070_Destinations/050_Graphite/000_Graphite_options.md index fa4f80a3..0e25633b 100644 --- a/doc/_admin-guide/070_Destinations/050_Graphite/000_Graphite_options.md +++ b/doc/_admin-guide/070_Destinations/050_Graphite/000_Graphite_options.md @@ -22,7 +22,7 @@ The graphite() destination has the following options: pairs to forward to graphite. The syntax of payload is different from the syntax of value-pairs(): -use the command-line syntax used in the Template functions of syslog-ng OSE +use the command-line syntax used in the Template functions of {{ site.product.short_name }} format-json template function. For details on using the payload() option, see graphite-output. diff --git a/doc/_admin-guide/070_Destinations/050_Graphite/README.md b/doc/_admin-guide/070_Destinations/050_Graphite/README.md index 29adaab9..52121c47 100644 --- a/doc/_admin-guide/070_Destinations/050_Graphite/README.md +++ b/doc/_admin-guide/070_Destinations/050_Graphite/README.md @@ -9,7 +9,7 @@ description: >- Graphite template function with name value pairs. --- -The syslog-ng OSE CSV and PatternDB parsers (for details, +The {{ site.product.short_name }} CSV and PatternDB parsers (for details, see Using pattern parsers) can parse log messages and generate name value pairs based on message content. The CSV parser (for details, see @@ -19,12 +19,11 @@ like the Apache web server access logs. The patterndb parser can parse information and can extract important fields from free form log messages, as long as patterns describing the log messages are available. Another way is to send JSON-based log messages -(for details, see JSON parser) to syslog-ng -OSE, like running a simple shell script collecting +(for details, see JSON parser) to {{ site.product.short_name }}, like running a simple shell script collecting metrics and running it from cron regularly. To see an example of how the graphite() destination is used to collect -statistics coming from syslog-ng, see the blog post Collecting syslog-ng +statistics coming from {{ site.product.short_name }}, see the blog post Collecting syslog-ng statistics to Graphite. **Declaration** diff --git a/doc/_admin-guide/070_Destinations/060_Graylog/README.md b/doc/_admin-guide/070_Destinations/060_Graylog/README.md index 728f67d5..06231e11 100644 --- a/doc/_admin-guide/070_Destinations/060_Graylog/README.md +++ b/doc/_admin-guide/070_Destinations/060_Graylog/README.md @@ -31,7 +31,7 @@ native data format of Graylog. information, see the relevant Graylog documentation. -2. On the syslog-ng side, configure the name or IP address of the host +2. On the {{ site.product.short_name }} side, configure the name or IP address of the host running Graylog. ```config @@ -43,19 +43,19 @@ native data format of Graylog. }; ``` - If you parsed your messages using syslog-ng, the template also + If you parsed your messages using {{ site.product.short_name }}, the template also forwards any name-value pairs where the name starts with a dot or underscore. **NOTE:** If there is a dot in a field name other than the first character, -syslog-ng creates nested JSON while formatting the message. Nested JSON +{{ site.product.short_name }} creates nested JSON while formatting the message. Nested JSON is not automatically parsed in GELF messages. {: .notice--info} ## Sending nested JSON to Graylog While sending nested JSON inside GELF is possible, it is not convenient. -If you use parsing and normalization in syslog-ng and dot notation in +If you use parsing and normalization in {{ site.product.short_name }} and dot notation in field names, use pure JSON instead of GELF to forward your messages. 1. On the Graylog side, create a new raw TCP input. @@ -63,7 +63,7 @@ field names, use pure JSON instead of GELF to forward your messages. 2. Still in Graylog, once the raw TCP input is ready, add a JSON extractor to it. -3. On the syslog-ng side, use a network destination combined with a +3. On the {{ site.product.short_name }} side, use a network destination combined with a template utilizing format-json as shown in the example below: ```config diff --git a/doc/_admin-guide/070_Destinations/070_HDFS/000_hdfs_prerequisites.md b/doc/_admin-guide/070_Destinations/070_HDFS/000_hdfs_prerequisites.md index 8ca5b6a4..de7ba0f3 100644 --- a/doc/_admin-guide/070_Destinations/070_HDFS/000_hdfs_prerequisites.md +++ b/doc/_admin-guide/070_Destinations/070_HDFS/000_hdfs_prerequisites.md @@ -2,12 +2,12 @@ title: Prerequisites id: adm-dest-hdfs-pre description: >- - To send messages from syslog-ng OSE to HDFS, complete the following steps. + To send messages from {{ site.product.short_name }} to HDFS, complete the following steps. --- -1. If you want to use the Java-based modules of syslog-ng OSE (for +1. If you want to use the Java-based modules of {{ site.product.short_name }} (for example, the Elasticsearch, HDFS, or Kafka destinations), you must - compile syslog-ng OSE with Java support. + compile {{ site.product.short_name }} with Java support. - Download and install the Java Runtime Environment (JRE), 1.7 (or newer). You can use OpenJDK or Oracle JDK, other implementations @@ -21,7 +21,7 @@ description: >- Note that many platforms have a simplified links for Java libraries. Use the simplified path if available. If you use a - startup script to start syslog-ng OSE set **LD_LIBRARY_PATH** + startup script to start {{ site.product.short_name }} set **LD_LIBRARY_PATH** in the script as well. - If you are behind an HTTP proxy, create a gradle.properties @@ -33,8 +33,8 @@ description: >- 3. Extract the HDFS libraries into a temporary directory, then collect the various .jar files into a single directory (for example, - /opt/hadoop/lib/) where syslog-ng OSE can access them. You must - specify this directory in the syslog-ng OSE configuration file. The + /opt/hadoop/lib/) where {{ site.product.short_name }} can access them. You must + specify this directory in the {{ site.product.short_name }} configuration file. The files are located in the various lib directories under the share/ directory of the Hadoop release package. (For example, in Hadoop 2.7, required files are common/hadoop-common-2.7.0.jar, diff --git a/doc/_admin-guide/070_Destinations/070_HDFS/001_hdfs_interaction.md b/doc/_admin-guide/070_Destinations/070_HDFS/001_hdfs_interaction.md index 48418c69..2e6d76e7 100644 --- a/doc/_admin-guide/070_Destinations/070_HDFS/001_hdfs_interaction.md +++ b/doc/_admin-guide/070_Destinations/070_HDFS/001_hdfs_interaction.md @@ -1,57 +1,57 @@ --- -title: How syslog-ng OSE interacts with HDFS +title: How {{ site.product.short_name }} interacts with HDFS id: adm-dest-hdfs-interact description: >- - The syslog-ng OSE application sends the log messages to the official + The {{ site.product.short_name }} application sends the log messages to the official HDFS client library, which forwards the data to the HDFS nodes. The way - syslog-ng OSE interacts with HDFS is described in the following steps. + {{ site.product.short_name }} interacts with HDFS is described in the following steps. --- -1. After syslog-ng OSE is started and the first message arrives to the +1. After {{ site.product.short_name }} is started and the first message arrives to the hdfs destination, the hdfs destination tries to connect to the HDFS - NameNode. If the connection fails, syslog-ng OSE will repeatedly + NameNode. If the connection fails, {{ site.product.short_name }} will repeatedly attempt to connect again after the period set in time-reopen() expires. -2. syslog-ng OSE checks if the path to the logfile exists. If a - directory does not exist syslog-ng OSE automatically creates it. - syslog-ng OSE creates the destination file (using the filename set - in the syslog-ng OSE configuration file, with a UUID suffix to make +2. {{ site.product.short_name }} checks if the path to the logfile exists. If a + directory does not exist {{ site.product.short_name }} automatically creates it. + {{ site.product.short_name }} creates the destination file (using the filename set + in the {{ site.product.short_name }} configuration file, with a UUID suffix to make it unique, for example, /usr/hadoop/logfile.txt.3dc1c59e-ab3b-4b71-9e81-93db477ed9d9) and writes the message into the file. After the file is created, - syslog-ng OSE will write all incoming messages into the hdfs + {{ site.product.short_name }} will write all incoming messages into the hdfs destination.NOTE: When the hdfs-append-enabled() option - is set to **true**, syslog-ng OSE will not assign a new UUID suffix + is set to **true**, {{ site.product.short_name }} will not assign a new UUID suffix to an existing file, because it is then possible to open a closed file and append data to that.NOTE:You cannot set when log messages are flushed. Hadoop performs this action automatically, depending on its configured block size, and the amount of data received. There is - no way for the syslog-ng OSE application to influence when the - messages are actually written to disk. This means that syslog-ng OSE + no way for the {{ site.product.short_name }} application to influence when the + messages are actually written to disk. This means that {{ site.product.short_name }} cannot guarantee that a message sent to HDFS is actually written to - disk. When using flow-control, syslog-ng OSE acknowledges a message + disk. When using flow-control, {{ site.product.short_name }} acknowledges a message as written to disk when it passes the message to the HDFS client. This method is as reliable as your HDFS environment. -3. If the HDFS client returns an error, syslog-ng OSE attempts to close +3. If the HDFS client returns an error, {{ site.product.short_name }} attempts to close the file, then opens a new file and repeats sending the message (trying to connect to HDFS and send the message), as set in the retries() parameter. If sending the message fails for retries() - times, syslog-ng OSE drops the message. + times, {{ site.product.short_name }} drops the message. -4. The syslog-ng OSE application closes the destination file in the +4. The {{ site.product.short_name }} application closes the destination file in the following cases: - - syslog-ng OSE is reloaded + - {{ site.product.short_name }} is reloaded - - syslog-ng OSE is restarted + - {{ site.product.short_name }} is restarted - The HDFS client returns an error. 5. If the file is closed and you have set an archive directory, - syslog-ng OSE moves the file to this directory. If syslog-ng OSE - cannot move the file for some reason (for example, syslog-ng OSE + {{ site.product.short_name }} moves the file to this directory. If {{ site.product.short_name }} + cannot move the file for some reason (for example, {{ site.product.short_name }} cannot connect to the HDFS NameNode), the file remains at its - original location, syslog-ng OSE will not try to move it again. + original location, {{ site.product.short_name }} will not try to move it again. diff --git a/doc/_admin-guide/070_Destinations/070_HDFS/002_hdfs_maprfs.md b/doc/_admin-guide/070_Destinations/070_HDFS/002_hdfs_maprfs.md index 3f1528ae..c08d40b0 100644 --- a/doc/_admin-guide/070_Destinations/070_HDFS/002_hdfs_maprfs.md +++ b/doc/_admin-guide/070_Destinations/070_HDFS/002_hdfs_maprfs.md @@ -2,13 +2,13 @@ title: Storing messages with MapR-FS id: adm-dest-hdfs-maprfs description: >- - The syslog-ng OSE application is also compatible with MapR File System + The {{ site.product.short_name }} application is also compatible with MapR File System (MapR-FS). MapR-FS provides better performance, reliability, efficiency, maintainability, and ease of use compared to the default Hadoop Distributed Files System (HDFS). --- -To use MapR-FS with syslog-ng OSE, complete the following steps: +To use MapR-FS with {{ site.product.short_name }}, complete the following steps: 1. Install MapR libraries. Instead of the official Apache HDFS libraries, MapR uses different libraries. The supported version is @@ -41,7 +41,7 @@ To use MapR-FS with syslog-ng OSE, complete the following steps: hadoop-0.20.2-dev-core.jar, json-20080701.jar, protobuf-java-2.5.0.jar, zookeeper-3.4.5-mapr-1406.jar. -3. Configure the hdfs destination in syslog-ng OSE. +3. Configure the hdfs destination in {{ site.product.short_name }}. Example: Storing logfiles with MapR-FS diff --git a/doc/_admin-guide/070_Destinations/070_HDFS/003_hdfs_kerberos_authentication.md b/doc/_admin-guide/070_Destinations/070_HDFS/003_hdfs_kerberos_authentication.md index 5104792c..a65a89b2 100644 --- a/doc/_admin-guide/070_Destinations/070_HDFS/003_hdfs_kerberos_authentication.md +++ b/doc/_admin-guide/070_Destinations/070_HDFS/003_hdfs_kerberos_authentication.md @@ -1,15 +1,15 @@ --- -title: Kerberos authentication with syslog-ng hdfs() destination +title: Kerberos authentication with {{ site.product.short_name }} hdfs() destination id: adm-dest-hdfs-kerberos description: >- Version 3.10 and later supports Kerberos authentication to authenticate - the connection to your Hadoop cluster. syslog-ng OSE assumes that you + the connection to your Hadoop cluster. {{ site.product.short_name }} assumes that you already have a Hadoop and Kerberos infrastructure. --- **NOTE:** If you configure Kerberos authentication for a hdfs() destination, it affects all hdfs() destinations. Kerberos and non-Kerberos hdfs() -destinations cannot be mixed in a syslog-ng OSE configuration. This +destinations cannot be mixed in a {{ site.product.short_name }} configuration. This means that if one hdfs() destination uses Kerberos authentication, you have to configure all other hdfs() destinations to use Kerberos authentication too. @@ -20,7 +20,7 @@ unable to authenticate to the HDFS server. **NOTE:** If you want to configure your hdfs() destination to stop using Kerberos authentication, namely, to remove Kerberos-related options from -the hdfs() destination configuration, make sure to restart syslog-ng OSE +the hdfs() destination configuration, make sure to restart {{ site.product.short_name }} for the changes to take effect. {: .notice--info} @@ -30,10 +30,10 @@ for the changes to take effect. authentication. - You have a keytab file and a principal for the host running - syslog-ng OSE. For details, see the Kerberos documentation. + {{ site.product.short_name }}. For details, see the Kerberos documentation. - You have installed and configured the Kerberos client packages on - the host running syslog-ng OSE. (That is, Kerberos authentication + the host running {{ site.product.short_name }}. (That is, Kerberos authentication works for the host, for example, from the command line using the **kinit user@REALM -k -t \** command.) diff --git a/doc/_admin-guide/070_Destinations/070_HDFS/004_hdfs_options.md b/doc/_admin-guide/070_Destinations/070_HDFS/004_hdfs_options.md index cb9a84c2..7427ca7f 100644 --- a/doc/_admin-guide/070_Destinations/070_HDFS/004_hdfs_options.md +++ b/doc/_admin-guide/070_Destinations/070_HDFS/004_hdfs_options.md @@ -9,7 +9,7 @@ options. The following options are required: hdfs-file(), hdfs-uri(). Note that to use hdfs, you must add the following line to the beginning of your -syslog-ng OSE configuration: +{{ site.product.short_name }} configuration: ```config @include "scl.conf" @@ -32,24 +32,22 @@ client-lib-dir(\"/opt/syslog-ng/lib/syslog-ng/java-modules/:/opt/hadoop/libs/\") | Type:| true \| false| |Default:| false| -*Description:* When hdfs-append-enabled is set to **true**, syslog-ng -OSE will append new data to the end of an already existing HDFS file. +*Description:* When hdfs-append-enabled is set to **true**, {{ site.product.short_name }} will append new data to the end of an already existing HDFS file. Note that in this case, archiving is automatically disabled, and -syslog-ng OSE will ignore the hdfs-archive-dir option. +{{ site.product.short_name }} will ignore the hdfs-archive-dir option. -When hdfs-append-enabled is set to **false**, the syslog-ng OSE +When hdfs-append-enabled is set to **false**, the {{ site.product.short_name }} application always creates a new file if the previous has been closed. In that case, appending data to existing files is not supported. -When you choose to write data into an existing file, syslog-ng OSE does +When you choose to write data into an existing file, {{ site.product.short_name }} does not extend the filename with a UUID suffix because there is no need to open a new file (a new unique ID would mean opening a new file and writing data into that). ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Before enabling the hdfs-append-enabled option, ensure that your HDFS -server supports the append operation and that it is enabled. Otherwise syslog-ng -OSE will not be able to append data into an existing file, resulting in an +server supports the append operation and that it is enabled. Otherwise {{ site.product.short_name }} will not be able to append data into an existing file, resulting in an error log. {: .notice--warning} @@ -58,14 +56,14 @@ error log. | Type:| string| |Default:| N/A| -*Description:* The path where syslog-ng OSE will move the closed log -files. If syslog-ng OSE cannot move the file for some reason (for -example, syslog-ng OSE cannot connect to the HDFS NameNode), the file +*Description:* The path where {{ site.product.short_name }} will move the closed log +files. If {{ site.product.short_name }} cannot move the file for some reason (for +example, {{ site.product.short_name }} cannot connect to the HDFS NameNode), the file remains at its original location. For example, hdfs-archive-dir(\"/usr/hdfs/archive/\"). **NOTE:** When hdfs-append-enabled is set to **true**, archiving is -automatically disabled, and syslog-ng OSE will ignore the +automatically disabled, and {{ site.product.short_name }} will ignore the hdfs-archive-dir option. {: .notice--info} @@ -75,16 +73,16 @@ hdfs-archive-dir option. |Default:| N/A| *Description:* The path and name of the log file. For example, -hdfs-file(\"/usr/hdfs/mylogfile.txt\"). syslog-ng OSE checks if the path -to the logfile exists. If a directory does not exist syslog-ng OSE +hdfs-file(\"/usr/hdfs/mylogfile.txt\"). {{ site.product.short_name }} checks if the path +to the logfile exists. If a directory does not exist {{ site.product.short_name }} automatically creates it. -hdfs-file() supports the usage of macros. This means that syslog-ng OSE +hdfs-file() supports the usage of macros. This means that {{ site.product.short_name }} can create files on HDFS dynamically, using macros in the file (or directory) name. **NOTE:** When a filename resolved from the macros contains a character that -HDFS does not support, syslog-ng OSE will not be able to create the +HDFS does not support, {{ site.product.short_name }} will not be able to create the file. Make sure that you use macros that do not contain unsupported characters. {: .notice--warning} @@ -111,9 +109,9 @@ then the name of the file will be 31-12.txt. |Default:| 255| *Description:* The maximum length of the filename. This filename -(including the UUID that syslog-ng OSE appends to it) cannot be longer +(including the UUID that {{ site.product.short_name }} appends to it) cannot be longer than what the file system permits. If the filename is longer than the -value of hdfs-max-filename-length, syslog-ng OSE will automatically +value of hdfs-max-filename-length, {{ site.product.short_name }} will automatically truncate the filename. For example, hdfs-max-filename-length("255"). ## hdfs-resources() @@ -144,7 +142,7 @@ hdfs-uri(\"hdfs://\[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210\]:8020\"). {% include doc/admin-guide/options/jvm-options.md %} You can set this option only as a global option, by adding it -to the options statement of the syslog-ng configuration file. +to the options statement of the {{ site.product.short_name }} configuration file. ## kerberos-keytab-file() @@ -158,7 +156,7 @@ option is needed only if you want to authenticate using Kerberos in Hadoop. You also have to set the hdfs-option-kerberos-principal() option. For details on the using Kerberos authentication with the hdfs() destination, see -Kerberos authentication with syslog-ng hdfs() destination. +Kerberos authentication with {{ site.product.short_name }} hdfs() destination. ```config destination d_hdfs { @@ -170,7 +168,7 @@ destination d_hdfs { }; ``` -Available in syslog-ng OSE version 3.10 and later. +Available in {{ site.product.short_name }} version 3.10 and later. ## kerberos-principal() @@ -183,7 +181,7 @@ needed only if you want to authenticate using Kerberos in Hadoop. You also have to set the hdfs-option-kerberos-keytab-file() option. For details on the using Kerberos authentication with the hdfs() destination, see -Kerberos authentication with syslog-ng hdfs() destination. +Kerberos authentication with {{ site.product.short_name }} hdfs() destination. ```config destination d_hdfs { @@ -195,7 +193,7 @@ destination d_hdfs { }; ``` -Available in syslog-ng OSE version 3.10 and later. +Available in {{ site.product.short_name }} version 3.10 and later. {% include doc/admin-guide/options/log-fifo-size.md %} diff --git a/doc/_admin-guide/070_Destinations/070_HDFS/README.md b/doc/_admin-guide/070_Destinations/070_HDFS/README.md index 0e588608..5f4e1df8 100644 --- a/doc/_admin-guide/070_Destinations/070_HDFS/README.md +++ b/doc/_admin-guide/070_Destinations/070_HDFS/README.md @@ -4,7 +4,7 @@ title: 'hdfs: Storing messages on the Hadoop Distributed File System short_title: HDFS id: adm-dest-hdfs description: >- - Starting with version 3.7, syslog-ng OSE can send plain-text log files + Starting with version 3.7, {{ site.product.short_name }} can send plain-text log files to the Hadoop Distributed File System (HDFS), allowing you to store your log data on a distributed, scalable file system. This is especially useful if you have huge amounts of log messages that would @@ -12,30 +12,30 @@ description: >- using Hadoop tools (for example, Apache Pig). --- -For more information about the benefits of using syslog-ng as a data +For more information about the benefits of using {{ site.product.short_name }} as a data collection, processing, and filtering tool in a Hadoop environment, see the blog post Filling your data lake with log messages: the syslog-ng Hadoop (HDFS) destination. -Note the following limitations when using the syslog-ng OSE hdfs +Note the following limitations when using the {{ site.product.short_name }} hdfs destination: - This destination is only supported on the Linux platform. -- Since syslog-ng OSE uses the official Java HDFS client, the hdfs +- Since {{ site.product.short_name }} uses the official Java HDFS client, the hdfs destination has significant memory usage (about 400MB). - You cannot set when log messages are flushed. Hadoop performs this action automatically, depending on its configured block size, and - the amount of data received. There is no way for the syslog-ng OSE + the amount of data received. There is no way for the {{ site.product.short_name }} application to influence when the messages are actually written to - disk. This means that syslog-ng OSE cannot guarantee that a message + disk. This means that {{ site.product.short_name }} cannot guarantee that a message sent to HDFS is actually written to disk. When using flow-control, - syslog-ng OSE acknowledges a message as written to disk when it + {{ site.product.short_name }} acknowledges a message as written to disk when it passes the message to the HDFS client. This method is as reliable as your HDFS environment. - The log messages of the underlying client libraries are available in - the internal() source of syslog-ng OSE. + the internal() source of {{ site.product.short_name }}. **Declaration** @@ -69,23 +69,23 @@ destination d_hdfs { - To install the software required for the hdfs destination, see [[Prerequisites|adm-dest-hdfs-pre]]. - For details on how the hdfs destination works, see - How syslog-ng OSE interacts with HDFS. + How {{ site.product.short_name }} interacts with HDFS. - For details on using MapR-FS, see Storing messages with MapR-FS. - For details on using Kerberos authentication, see - Kerberos authentication with syslog-ng hdfs() destination. + Kerberos authentication with {{ site.product.short_name }} hdfs() destination. - For the list of options, see HDFS destination options. The hdfs() driver is actually a reusable configuration snippet configured to receive log messages using the Java language-binding of -syslog-ng OSE. For details on using or writing such configuration +{{ site.product.short_name }}. For details on using or writing such configuration snippets, see Reusing configuration blocks. You can find the source of the hdfs configuration snippet on GitHub. -For details on extending syslog-ng OSE in Java, see the Getting started with implementing Java destinations guide. +For details on extending {{ site.product.short_name }} in Java, see the Getting started with implementing Java destinations guide. **NOTE:** If you delete all Java destinations from your configuration and -reload syslog-ng, the JVM is not used anymore, but it is still running. -If you want to stop JVM, stop syslog-ng and then start syslog-ng again. +reload {{ site.product.short_name }}, the JVM is not used anymore, but it is still running. +If you want to stop JVM, stop {{ site.product.short_name }} and then start {{ site.product.short_name }} again. {: .notice--info} diff --git a/doc/_admin-guide/070_Destinations/080_http/000_http_options.md b/doc/_admin-guide/070_Destinations/080_http/000_http_options.md index 18e4665b..44f0d4b5 100644 --- a/doc/_admin-guide/070_Destinations/080_http/000_http_options.md +++ b/doc/_admin-guide/070_Destinations/080_http/000_http_options.md @@ -3,7 +3,7 @@ title: HTTP destination options id: adm-dest-http-opt --- -The http destination of syslog-ng OSE can directly post log messages to +The http destination of {{ site.product.short_name }} can directly post log messages to web services using the HTTP protocol. The http destination has the following options. Some of these options are directly used by the Java code underlying the http destination, therefore these options must be @@ -49,7 +49,7 @@ For the http destination, use this option as |Default: | PUT| *Description:* Specifies the HTTP method to use when sending the message -to the server. Available in syslog-ng OSE version 3.7.2 and newer. +to the server. Available in {{ site.product.short_name }} version 3.7.2 and newer. {% include doc/admin-guide/options/retries.md %} diff --git a/doc/_admin-guide/070_Destinations/080_http/README.md b/doc/_admin-guide/070_Destinations/080_http/README.md index d00fd14d..bf40260a 100644 --- a/doc/_admin-guide/070_Destinations/080_http/README.md +++ b/doc/_admin-guide/070_Destinations/080_http/README.md @@ -3,7 +3,7 @@ title: Posting messages over HTTP short_title: http id: adm-dest-http description: >- - Version 3.7 of syslog-ng OSE can directly post log messages to web + Version 3.7 of {{ site.product.short_name }} can directly post log messages to web services using the HTTP protocol. Error and status messages received from the HTTP server are forwarded to the internal logs of syslog-ng OSE. @@ -50,6 +50,6 @@ log ``` **NOTE:** If you delete all Java destinations from your configuration and -reload syslog-ng, the JVM is not used anymore, but it is still running. -If you want to stop JVM, stop syslog-ng and then start syslog-ng again. +reload {{ site.product.short_name }}, the JVM is not used anymore, but it is still running. +If you want to stop JVM, stop {{ site.product.short_name }} and then start {{ site.product.short_name }} again. {: .notice--info} diff --git a/doc/_admin-guide/070_Destinations/090_http_nonjava/001_http_nonjava_options.md b/doc/_admin-guide/070_Destinations/090_http_nonjava/001_http_nonjava_options.md index 1ac228c7..7fef90bc 100644 --- a/doc/_admin-guide/070_Destinations/090_http_nonjava/001_http_nonjava_options.md +++ b/doc/_admin-guide/070_Destinations/090_http_nonjava/001_http_nonjava_options.md @@ -4,7 +4,7 @@ batch_timeout: 'none' id: adm-dest-http-nonjava-opt --- -The http destination of syslog-ng OSE can directly post log messages to +The http destination of {{ site.product.short_name }} can directly post log messages to web services using the HTTP protocol. The http destination has the following options. @@ -35,9 +35,8 @@ received from the source by default. | Accepted values:| string| |Default:| none| -*Description:* The string syslog-ng OSE puts at the beginning of the -body of the HTTP request, before the log message. Available in syslog-ng -OSE version 3.18 and later. +*Description:* The string {{ site.product.short_name }} puts at the beginning of the +body of the HTTP request, before the log message. Available in {{ site.product.short_name }} version 3.18 and later. {% include doc/admin-guide/http-batch.md %} @@ -46,8 +45,8 @@ OSE version 3.18 and later. | Accepted values:| string| |Default:| none| -*Description:* The string syslog-ng OSE puts to the end of the body of -the HTTP request, after the log message. Available in syslog-ng OSE +*Description:* The string {{ site.product.short_name }} puts to the end of the body of +the HTTP request, after the log message. Available in {{ site.product.short_name }} version 3.18 and later. {% include doc/admin-guide/http-batch.md %} @@ -161,14 +160,14 @@ destination { *Description:* Specifies the hostname or IP address and optionally the port number of the web service that can receive log data via HTTP. Use a colon (**:**) after the address to specify the port number of the server. For example: http://127.0.0.1:8000 -In case the server on the specified URL returns a redirect request, syslog-ng OSE automatically follows maximum 3 redirects. Only HTTP and HTTPS based redirections are supported. +In case the server on the specified URL returns a redirect request, {{ site.product.short_name }} automatically follows maximum 3 redirects. Only HTTP and HTTPS based redirections are supported. ### Templates in the URL -In syslog-ng OSE 4.5 and later versions, templates can be used in the `url()` option of the `http()` driver, with the following conditions: +In {{ site.product.short_name }} 4.5 and later versions, templates can be used in the `url()` option of the `http()` driver, with the following conditions: * **Templates and batching:** Templates can only be resolved for a single message, because the template could resolve differently on different messages. If batching is enabled and multiple workers are configured, only add messages to a batch that generate identical URLs. Set the `worker-partition-key()` option with a template that contains all the templates used in the `url()` option, otherwise messages get mixed. -* Due to security concerns, syslog-ng OSE URL-encodes the templated content of the `url()` option. The following parts of the URL cannot be templated: +* Due to security concerns, {{ site.product.short_name }} URL-encodes the templated content of the `url()` option. The following parts of the URL cannot be templated: * scheme * host * port @@ -186,7 +185,7 @@ In syslog-ng OSE 4.5 and later versions, templates can be used in the `url()` op | Type:| string| |Default:| | -*Description:* The username that syslog-ng OSE uses to authenticate on +*Description:* The username that {{ site.product.short_name }} uses to authenticate on the server where it sends the messages. {% include doc/admin-guide/options/use-system-cert-store.md %} diff --git a/doc/_admin-guide/070_Destinations/090_http_nonjava/002_Azure_auth_header_plugin.md b/doc/_admin-guide/070_Destinations/090_http_nonjava/002_Azure_auth_header_plugin.md index 9a04ffbe..084adc69 100644 --- a/doc/_admin-guide/070_Destinations/090_http_nonjava/002_Azure_auth_header_plugin.md +++ b/doc/_admin-guide/070_Destinations/090_http_nonjava/002_Azure_auth_header_plugin.md @@ -2,17 +2,16 @@ title: The Azure auth header plugin id: adm-dest-http-nonjava-azure description: >- - This section describes the syslog-ng Open Source Edition (syslog-ng OSE) + This section describes the {{ site.product.short_name }} application's Azure auth header plugin. - For more information about modules in syslog-ng OSE, see - Modules in syslog-ng Open Source Edition (syslog-ng OSE). + For more information about modules in {{ site.product.short_name }}, see + Modules in {{ site.product.short_name }}. --- ## The Azure auth header plugin -The Azure auth header plugin is a signal-slot mechanism-based syslog-ng -OSE module that generates authorization headers for applications that +The Azure auth header plugin is a signal-slot mechanism-based {{ site.product.short_name }} module that generates authorization headers for applications that connect to Microsoft Azure. ## Defining the Azure auth header plugin diff --git a/doc/_admin-guide/070_Destinations/090_http_nonjava/003_Python_http_header_plugin.md b/doc/_admin-guide/070_Destinations/090_http_nonjava/003_Python_http_header_plugin.md index 538533b1..93583943 100644 --- a/doc/_admin-guide/070_Destinations/090_http_nonjava/003_Python_http_header_plugin.md +++ b/doc/_admin-guide/070_Destinations/090_http_nonjava/003_Python_http_header_plugin.md @@ -2,23 +2,23 @@ title: The Python HTTP header plugin id: adm-dest-http-nonjava-python description: >- - This section describes the syslog-ng Open Source Edition (syslog-ng OSE) + This section describes the {{ site.product.short_name }} application's Python HTTP header plugin. - For more information about modules in syslog-ng OSE, see - Modules in syslog-ng Open Source Edition (syslog-ng OSE). + For more information about modules in {{ site.product.short_name }}, see + Modules in {{ site.product.short_name }}. --- ## The Python HTTP header plugin -The syslog-ng OSE application supports adding custom headers to HTTP +The {{ site.product.short_name }} application supports adding custom headers to HTTP requests using the Python programming language. ## Prerequisites **NOTE:** Before you use the python-http-header plugin, make sure that your -syslog-ng OSE appliance was compiled with Python support. If you -installed syslog-ng OSE from a package, make sure that the subpackage +{{ site.product.short_name }} appliance was compiled with Python support. If you +installed {{ site.product.short_name }} from a package, make sure that the subpackage containing Python support is also installed. {: .notice--info} @@ -51,7 +51,7 @@ destination d_http { {: .notice--info} - *options(\"key\" \"value\")*: Optional option. Multiple options can be - specified at the same time. The syslog-ng OSE application will build + specified at the same time. The {{ site.product.short_name }} application will build a Python dictionary, which will be available in the \_\_init\_\_ method. @@ -88,7 +88,7 @@ mark-errors-as-critical function. ### Methods used in the configuration - *\_\_init\_\_(self, options)*: Optional method. The options specified - in the syslog-ng OSE configuration can be stored in the instance + in the {{ site.product.short_name }} configuration can be stored in the instance using this method. - *get\_headers(self, body, headers)*: Mandatory method. Returns a list @@ -98,7 +98,7 @@ mark-errors-as-critical function. that the HTTP destination has already added to the request. - *on\_http\_response\_received(self, http\_code)*: Optional method. If - specified, syslog-ng OSE inserts the http\_code of the previous + specified, {{ site.product.short_name }} inserts the http\_code of the previous response. This can be used to handle error (for example, for recreating auth headers, or dropping cache). @@ -144,7 +144,7 @@ destination d_http { class("TestCounter") options("header", "X-Test-Python-Counter") options("counter", 11) - # this means that syslog-ng will keep trying to send the http request even when this module fails + # this means that {{ site.product.short_name }} will keep trying to send the http request even when this module fails mark-errors-as-critical(no) ) url("http://127.0.0.1:8888") @@ -159,10 +159,10 @@ log { ``` ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -Although it is possible to configure multiple HTTP workers for syslog-ng OSE, -the syslog-ng OSE application can only embed a single Python interpreter at +Although it is possible to configure multiple HTTP workers for {{ site.product.short_name }}, +the {{ site.product.short_name }} application can only embed a single Python interpreter at the same time. As a result, if you configure more than one HTTP workers on -your syslog-ng OSE application, the Python code will run in concurrent mode. +your {{ site.product.short_name }} application, the Python code will run in concurrent mode. To protect the state of the object, you may need to use locks. {: .notice--warning} diff --git a/doc/_admin-guide/070_Destinations/090_http_nonjava/README.md b/doc/_admin-guide/070_Destinations/090_http_nonjava/README.md index 0eef2c81..200bf726 100644 --- a/doc/_admin-guide/070_Destinations/090_http_nonjava/README.md +++ b/doc/_admin-guide/070_Destinations/090_http_nonjava/README.md @@ -3,7 +3,7 @@ title: 'http: Posting messages over HTTP without Java' short_title: http-nonjava id: adm-dest-http-nonjava description: >- - Version 3.8 of syslog-ng OSE can directly post log messages to web + Version 3.8 of {{ site.product.short_name }} can directly post log messages to web services using the HTTP protocol, without having to use Java. --- @@ -15,9 +15,9 @@ HTTPS connection, as well as password- and certificate-based authentication is supported. If the server returns a status code beginning with 2 (for example, 200), -syslog-ng OSE assumes the message was successfully sent. For other +{{ site.product.short_name }} assumes the message was successfully sent. For other response codes, see HTTP destination options. -You can override the behavior of syslog-ng OSE using the response-action() option. +You can override the behavior of {{ site.product.short_name }} using the response-action() option. ## Example: Client certificate authentication with HTTPS @@ -89,4 +89,4 @@ log { ``` You can also use the http() destination to -[[forward log messages to Splunk|adm-dest-splunk-hec]] using syslog-ng OSE. +[[forward log messages to Splunk|adm-dest-splunk-hec]] using {{ site.product.short_name }}. diff --git a/doc/_admin-guide/070_Destinations/100_Kafka-c/001_Before_you_begin.md b/doc/_admin-guide/070_Destinations/100_Kafka-c/001_Before_you_begin.md index 8ed6f902..08813fe2 100644 --- a/doc/_admin-guide/070_Destinations/100_Kafka-c/001_Before_you_begin.md +++ b/doc/_admin-guide/070_Destinations/100_Kafka-c/001_Before_you_begin.md @@ -16,12 +16,12 @@ description: >- implementation (which uses the official Java Kafka producer). - The log messages of the underlying client libraries are available in - the internal() source of syslog-ng OSE. + the internal() source of {{ site.product.short_name }}. - If you used the Java implementation before, see Shifting from Java implementation to C implementation. -- The syslog-ng OSE kafka destination supports all properties of the +- The {{ site.product.short_name }} kafka destination supports all properties of the official Kafka producer. For details, see the librdkafka documentation. - For the list of options, see diff --git a/doc/_admin-guide/070_Destinations/100_Kafka-c/002_Flow_control.md b/doc/_admin-guide/070_Destinations/100_Kafka-c/002_Flow_control.md index 6aa330b7..9999e627 100644 --- a/doc/_admin-guide/070_Destinations/100_Kafka-c/002_Flow_control.md +++ b/doc/_admin-guide/070_Destinations/100_Kafka-c/002_Flow_control.md @@ -1,21 +1,21 @@ --- -title: Flow control in syslog-ng OSE and the Kafka client +title: Flow control in {{ site.product.short_name }} and the Kafka client id: adm-dest-kafkac-flow description: >- - A syslog-ng OSE destination recognizes a message as sent when the + A {{ site.product.short_name }} destination recognizes a message as sent when the message has been sent to the Kafka client, not when the Kafka server confirms its delivery. --- If the Kafka client collects too many unsent messages, it will not -accept any more messages from syslog-ng OSE. The syslog-ng OSE +accept any more messages from {{ site.product.short_name }}. The {{ site.product.short_name }} application detects this and stops sending messages to the Kafka client. -Also, syslog-ng OSE's flow control starts functioning in the direction -of the sources (for example, syslog-ng OSE will not read from the +Also, {{ site.product.short_name }}'s flow control starts functioning in the direction +of the sources (for example, {{ site.product.short_name }} will not read from the sources in that specific logpath). You can specify a "high water mark" limit for the Kafka client in the properties-file(). For more information about how the C implementation of the kafka() -destination works with syslog-ng OSE, click [[here|adm-dest-kafkac]]. +destination works with {{ site.product.short_name }}, click [[here|adm-dest-kafkac]]. diff --git a/doc/_admin-guide/070_Destinations/100_Kafka-c/003_Kafka-c_options.md b/doc/_admin-guide/070_Destinations/100_Kafka-c/003_Kafka-c_options.md index 313805e9..5b2eb6d2 100644 --- a/doc/_admin-guide/070_Destinations/100_Kafka-c/003_Kafka-c_options.md +++ b/doc/_admin-guide/070_Destinations/100_Kafka-c/003_Kafka-c_options.md @@ -3,14 +3,14 @@ title: "Options of the kafka() destination's C implementation" id: adm-dest-kafkac-opt --- -The C implementation of the kafka() destination of syslog-ng OSE can +The C implementation of the kafka() destination of {{ site.product.short_name }} can directly publish log messages to the Apache Kafka message bus, where subscribers can access them. The C implementation of the kafka() destination has the following options. ## Required options The following options are required: bootstrap-servers(), topic(). Note that to use the C implementation of the kafka() destination, you must -add the following lines to the beginning of your syslog-ng OSE +add the following lines to the beginning of your {{ site.product.short_name }} configuration: ```config @@ -21,28 +21,28 @@ configuration: {% include doc/admin-guide/options/batch-lines.md %} -**NOTE:** The syslog-ng OSE configuration accepts this option with +**NOTE:** The {{ site.product.short_name }} configuration accepts this option with sync-send() set to both "yes" or "no", but the option will only take effect if you set sync-send() to "yes". {: .notice--info} **NOTE:** If you set sync-send() to "yes", the number you specify for -batch-lines() affects how many messages syslog-ng OSE packs into once +batch-lines() affects how many messages {{ site.product.short_name }} packs into once transaction. {: .notice--info} {% include doc/admin-guide/options/batch-timeout.md %} -**NOTE:** The syslog-ng OSE configuration accepts this option with +**NOTE:** The {{ site.product.short_name }} configuration accepts this option with sync-send() set to both "yes" or "no", but the option will only take effect if you set sync-send() to "yes". {: .notice--info} **NOTE:** When setting batch-timeout(), consider the value of the transaction.timeout.ms Kafka property. If in case of timeout (that is, -if syslog-ng OSE does not receive batch-lines() amount of messages) the +if {{ site.product.short_name }} does not receive batch-lines() amount of messages) the value of batch-timeout() exceeds the value of transaction.timeout.ms, -syslog-ng OSE will not send out messages in time. +{{ site.product.short_name }} will not send out messages in time. {: .notice--info} For more information about the default values of the @@ -83,7 +83,7 @@ of the properties-file(). {% include doc/admin-guide/notes/kafka-c.md %} -The syslog-ng OSE kafka destination supports all properties of the +The {{ site.product.short_name }} kafka destination supports all properties of the official Kafka producer. For details, see the librdkafka documentation. The syntax of the config() option is the following: @@ -104,11 +104,11 @@ config( | Type:| integer in msec| |Default:| 1000| -*Description:* When syslog-ng reloads, the Kafka client will also +*Description:* When {{ site.product.short_name }} reloads, the Kafka client will also reload. The flush-timeout-on-reload() option specifies the number of -milliseconds syslog-ng waits for the Kafka client to send the unsent +milliseconds {{ site.product.short_name }} waits for the Kafka client to send the unsent messages. The unsent messages will be retained in syslog-ng\'s own queue -and syslog-ng will continue sending them after reload. This works +and {{ site.product.short_name }} will continue sending them after reload. This works without disk-buffering, too. ## flush-timeout-on-shutdown() @@ -116,9 +116,9 @@ without disk-buffering, too. | Type:| integer in msec| |Default:| 60000| -*Description:* When syslog-ng shuts down, the Kafka client will also +*Description:* When {{ site.product.short_name }} shuts down, the Kafka client will also shut down. The flush-timeout-on-shutdown() option specifies the number -of milliseconds syslog-ng waits for the Kafka client to send the unsent +of milliseconds {{ site.product.short_name }} waits for the Kafka client to send the unsent messages. Any messages not sent after the specified time will be lost. To avoid losing messages, we recommend you use the disk-buffer option. @@ -147,9 +147,9 @@ key(\"${PROGRAM}\"). | Type:| integer in msec| |Default:| 1000| -*Description:* Specifies the frequency your syslog-ng queries the Kafka +*Description:* Specifies the frequency your {{ site.product.short_name }} queries the Kafka client about the amount of messages sent since the last poll-timeout (). -In case of multithreading, the first syslog-ng worker is responsible for +In case of multithreading, the first {{ site.product.short_name }} worker is responsible for poll-timeout(). ## properties-file() @@ -160,10 +160,10 @@ poll-timeout(). *Description:* The absolute path and filename of the Kafka properties file to load. For example, properties-file(\"/opt/syslog-ng/etc/kafka_dest.properties\"). The -syslog-ng OSE application reads this file and passes the properties to +{{ site.product.short_name }} application reads this file and passes the properties to the Kafka Producer. -The syslog-ng OSE kafka destination supports all properties of the +The {{ site.product.short_name }} kafka destination supports all properties of the official Kafka producer. For details, see the librdkafka documentation. The bootstrap-servers option is translated to the bootstrap.servers @@ -188,20 +188,20 @@ compression.type=snappy. | Type:| yes \| no| |Default:| no| -*Description:* When sync-send is set to **yes**, syslog-ng OSE sends +*Description:* When sync-send is set to **yes**, {{ site.product.short_name }} sends the message reliably: it sends a message to the Kafka server, then waits -for a reply. In case of failure, syslog-ng OSE repeats sending the +for a reply. In case of failure, {{ site.product.short_name }} repeats sending the message, as set in the retries() parameter. If sending the message fails -for retries() times, syslog-ng OSE drops the message. +for retries() times, {{ site.product.short_name }} drops the message. This method ensures reliable message transfer, but is very slow. -When sync-send() is set to **no**, syslog-ng OSE sends messages +When sync-send() is set to **no**, {{ site.product.short_name }} sends messages asynchronously, and receives the response asynchronously. In case of a -problem, syslog-ng OSE cannot resend the messages. +problem, {{ site.product.short_name }} cannot resend the messages. This method is fast, but the transfer is not reliable. Several thousands -of messages can be lost before syslog-ng OSE recognizes the error. +of messages can be lost before {{ site.product.short_name }} recognizes the error. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Hazard of data loss! If sync-send() is set to "no", the messages passed @@ -262,6 +262,6 @@ option only if your Kafka clients have many threads and they do not receive enough messages. **NOTE:** Kafka clients have their own threadpool, entirely independent from -any syslog-ng settings. The workers() option has no effect on this +any {{ site.product.short_name }} settings. The workers() option has no effect on this threadpool. {: .notice--info} diff --git a/doc/_admin-guide/070_Destinations/100_Kafka-c/README.md b/doc/_admin-guide/070_Destinations/100_Kafka-c/README.md index 3aed3cca..0f99e618 100644 --- a/doc/_admin-guide/070_Destinations/100_Kafka-c/README.md +++ b/doc/_admin-guide/070_Destinations/100_Kafka-c/README.md @@ -4,17 +4,17 @@ title: 'kafka-c(): Publishing messages to Apache Kafka using the short_title: kafka-c id: adm-dest-kafkac description: >- - Starting with version 3.21, syslog-ng Open Source Edition (syslog-ng + Starting with version 3.21, {{ site.product.name }} (syslog-ng OSE) can directly publish log messages to the Apache Kafka message bus, where subscribers can access them. --- -As of syslog-ng OSE version 3.21, the new C implementation of the kafka +As of {{ site.product.short_name }} version 3.21, the new C implementation of the kafka destination is available. The new implementation uses the librdkafka client and has several advantages, such as scalability, more efficient memory usage and simpler setup. The options of this implementation are compatible with those of the old Java implementation. -## Figure 11: How the C implementation of the kafka destination works with syslog-ng OSE +## Figure 11: How the C implementation of the kafka destination works with {{ site.product.short_name }} ![]({{ adm_img_folder | append: 'fig-kafka-c-implementation.png'}}) diff --git a/doc/_admin-guide/070_Destinations/110_Loggly/README.md b/doc/_admin-guide/070_Destinations/110_Loggly/README.md index 3f65d4d2..98c9ce6b 100644 --- a/doc/_admin-guide/070_Destinations/110_Loggly/README.md +++ b/doc/_admin-guide/070_Destinations/110_Loggly/README.md @@ -57,7 +57,7 @@ log { ``` To use the loggly() driver, the scl.conf file must be included in your -syslog-ng OSE configuration: +{{ site.product.short_name }} configuration: ```config @include "scl.conf" diff --git a/doc/_admin-guide/070_Destinations/120_Logmatic_io/README.md b/doc/_admin-guide/070_Destinations/120_Logmatic_io/README.md index 77d9a0fa..b6fd5e61 100644 --- a/doc/_admin-guide/070_Destinations/120_Logmatic_io/README.md +++ b/doc/_admin-guide/070_Destinations/120_Logmatic_io/README.md @@ -57,7 +57,7 @@ log { ``` To use the logmatic() driver, the scl.conf file must be included in your -syslog-ng OSE configuration: +{{ site.product.short_name }} configuration: ```config @include "scl.conf" diff --git a/doc/_admin-guide/070_Destinations/125_Loki/001_Loki_options.md b/doc/_admin-guide/070_Destinations/125_Loki/001_Loki_options.md index 57c26dd4..cc4c12b3 100644 --- a/doc/_admin-guide/070_Destinations/125_Loki/001_Loki_options.md +++ b/doc/_admin-guide/070_Destinations/125_Loki/001_Loki_options.md @@ -85,14 +85,14 @@ labels( | Type:| template or template-function| |Default:| ${ISODATE} ${HOST} ${MSGHDR} ${MSG}| -*Description:* This option specifies a template that defines the logformat to be used in the destination. For more information on macros and template functions, see Macros of syslog-ng OSE and Template functions of syslog-ng OSE. +*Description:* This option specifies a template that defines the logformat to be used in the destination. For more information on macros and template functions, see Macros of {{ site.product.short_name }} and Template functions of {{ site.product.short_name }}. ## tenant-id() | Type:| string| |Default:| | -Available in syslog-ng OSE 4.7 and later versions. +Available in {{ site.product.short_name }} 4.7 and later versions. *Description:* This option sets the tenant ID for multi-tenant cases. diff --git a/doc/_admin-guide/070_Destinations/125_Loki/README.md b/doc/_admin-guide/070_Destinations/125_Loki/README.md index 13880d80..c2574d33 100644 --- a/doc/_admin-guide/070_Destinations/125_Loki/README.md +++ b/doc/_admin-guide/070_Destinations/125_Loki/README.md @@ -3,7 +3,7 @@ title: 'loki(): Storing messages in a Grafana Loki database' short_title: Loki id: adm-dest-loki description: >- - In syslog-ng OSE 4.4 and later versions the `loki()` destination can be used to send log data to Grafana Loki. + In {{ site.product.short_name }} 4.4 and later versions the `loki()` destination can be used to send log data to Grafana Loki. For more information on the message format, see Grafna Loki HTTP endpoint. --- diff --git a/doc/_admin-guide/070_Destinations/130_MongoDB/000_Connecting_to_mongodb.md b/doc/_admin-guide/070_Destinations/130_MongoDB/000_Connecting_to_mongodb.md index e30128c3..5af6c0f0 100644 --- a/doc/_admin-guide/070_Destinations/130_MongoDB/000_Connecting_to_mongodb.md +++ b/doc/_admin-guide/070_Destinations/130_MongoDB/000_Connecting_to_mongodb.md @@ -1,44 +1,44 @@ --- -title: How syslog-ng OSE connects the MongoDB server +title: How {{ site.product.short_name }} connects the MongoDB server id: adm-dest-mongodb-conn description: >- - When syslog-ng OSE connects the MongoDB server during startup, it + When {{ site.product.short_name }} connects the MongoDB server during startup, it completes the following steps. --- -1. The syslog-ng OSE application connects the first address listed in +1. The {{ site.product.short_name }} application connects the first address listed in the servers() option. 2. - If the server is accessible and it is a master MongoDB server, - syslog-ng OSE authenticates on the server (if needed), then + {{ site.product.short_name }} authenticates on the server (if needed), then starts sending the log messages to the server. - If the server is not accessible, or it is not a master server in a MongoDB replicaset and it does not send the address of the - master server, syslog-ng OSE connects the next address listed in + master server, {{ site.product.short_name }} connects the next address listed in the servers() option. - If the server is not a master server in a MongoDB replicaset, - but it sends the address of the master server, syslog-ng OSE + but it sends the address of the master server, {{ site.product.short_name }} connects the received address. -3. When syslog-ng OSE connects the master MongoDB server, it retrieves +3. When {{ site.product.short_name }} connects the master MongoDB server, it retrieves the list of replicas (from the replSet option of the server), and appends this list to the servers() option. > ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** > - > - This means that syslog-ng OSE can send log messages to + > - This means that {{ site.product.short_name }} can send log messages to > addresses that are not listed in its configuration. > > - Make sure to include the address of your master server in - > your syslog-ng OSE configuration file, otherwise you risk + > your {{ site.product.short_name }} configuration file, otherwise you risk > losing log messages if all the addresses listed in the - > syslog-ng OSE configuration are offline. + > {{ site.product.short_name }} configuration are offline. > > - Addresses retrieved from the MongoDB servers are not - > stored, and can be lost when syslog-ng OSE is restarted. + > stored, and can be lost when {{ site.product.short_name }} is restarted. > The retrieved addresses are not lost if the server() option > of the destination was not changed in the configuration > file since the last restart. @@ -48,18 +48,18 @@ description: >- > drivers. {. :notice--warning} -4. The syslog-ng OSE application attempts to connect another server if +4. The {{ site.product.short_name }} application attempts to connect another server if the servers() list contains at least two addresses, and one of the following events happens: - The safe-mode() option is set to **no**, and the MongoDB server becomes unreachable. - - The safe-mode() option is set to **yes**, and syslog-ng OSE + - The safe-mode() option is set to **yes**, and {{ site.product.short_name }} cannot insert a log message into the database because of an error. - In this case, syslog-ng OSE starts to connect the addresses in from + In this case, {{ site.product.short_name }} starts to connect the addresses in from the servers() list (starting from the first address) to find the new master server, authenticates on the new server (if needed), then continues to send the log messages to the new master server. @@ -67,5 +67,5 @@ description: >- During this failover step, one message can be lost if the safe-mode() option is disabled. -5. If the original master becomes accessible again, syslog-ng OSE will +5. If the original master becomes accessible again, {{ site.product.short_name }} will automatically connect to the original master. diff --git a/doc/_admin-guide/070_Destinations/130_MongoDB/001_Mongodb_options.md b/doc/_admin-guide/070_Destinations/130_MongoDB/001_Mongodb_options.md index d2258150..3a0956af 100644 --- a/doc/_admin-guide/070_Destinations/130_MongoDB/001_Mongodb_options.md +++ b/doc/_admin-guide/070_Destinations/130_MongoDB/001_Mongodb_options.md @@ -60,14 +60,14 @@ mongodb( ``` ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -Hazard of data loss! The syslog-ng OSE application does not verify that +Hazard of data loss! The {{ site.product.short_name }} application does not verify that the specified collection name does not contain invalid characters. If you specify a collection with an invalid name, the log messages sent to the MongoDB database will be irrevocably lost without any warning. {: .notice--danger} -For MongoDB operations, syslog-ng OSE uses a one-minute timeout: if an -operation times out, syslog-ng OSE assumes the operation has failed. +For MongoDB operations, {{ site.product.short_name }} uses a one-minute timeout: if an +operation times out, {{ site.product.short_name }} assumes the operation has failed. ## uri() diff --git a/doc/_admin-guide/070_Destinations/130_MongoDB/README.md b/doc/_admin-guide/070_Destinations/130_MongoDB/README.md index ab6eb68b..48745055 100644 --- a/doc/_admin-guide/070_Destinations/130_MongoDB/README.md +++ b/doc/_admin-guide/070_Destinations/130_MongoDB/README.md @@ -22,17 +22,17 @@ collections. The mongodb() driver does not add the _id field to the message: the MongoDB server will do that automatically, if none is present. If you -want to override this field from syslog-ng OSE, use the key() parameter +want to override this field from {{ site.product.short_name }}, use the key() parameter of the value-pairs() option. -The syslog-ng OSE mongodb() driver is compatible with MongoDB server +The {{ site.product.short_name }} mongodb() driver is compatible with MongoDB server version 1.4 and newer. -**NOTE:** Prior to version 4.0, syslog-ng OSE handled all data as strings, and allowed the strings to be converted into other types of data that only data formats of certain destinations supported. -In syslog-ng OSE 4.0 and later versions, each name-value pair is a (name, type, value) triplet, and several components of syslog-ng OSE 4.0 support this format. For details, see [Specifying data types in value-pairs](./000_Specifying_data_types.md). +**NOTE:** Prior to version 4.0, {{ site.product.short_name }} handled all data as strings, and allowed the strings to be converted into other types of data that only data formats of certain destinations supported. +In {{ site.product.short_name }} 4.0 and later versions, each name-value pair is a (name, type, value) triplet, and several components of {{ site.product.short_name }} 4.0 support this format. For details, see Specifying data types in value-pairs. {: .notice--info} -**NOTE:** By default, syslog-ng OSE handles every message field as a string. +**NOTE:** By default, {{ site.product.short_name }} handles every message field as a string. For details on how to send selected fields as other types of data (for example, handle the PID as a number), see Specifying data types in value-pairs. diff --git a/doc/_admin-guide/070_Destinations/140_mqtt/001_mqtt_destination_limitations.md b/doc/_admin-guide/070_Destinations/140_mqtt/001_mqtt_destination_limitations.md index e99f532a..7b1b326a 100644 --- a/doc/_admin-guide/070_Destinations/140_mqtt/001_mqtt_destination_limitations.md +++ b/doc/_admin-guide/070_Destinations/140_mqtt/001_mqtt_destination_limitations.md @@ -3,10 +3,10 @@ title: Limitations to using the mqtt() destination id: adm-dest-mqtt-lim --- -Using the mqtt() destination of syslog-ng OSE has the following +Using the mqtt() destination of {{ site.product.short_name }} has the following limitations: -- You can only use the mqtt() destination with syslog-ng OSE version +- You can only use the mqtt() destination with {{ site.product.short_name }} version 3.33 or higher. - You cannot use the mqtt() destination without installing the the diff --git a/doc/_admin-guide/070_Destinations/140_mqtt/002_mqtt_destination_options.md b/doc/_admin-guide/070_Destinations/140_mqtt/002_mqtt_destination_options.md index e556ad67..06e4b7b6 100644 --- a/doc/_admin-guide/070_Destinations/140_mqtt/002_mqtt_destination_options.md +++ b/doc/_admin-guide/070_Destinations/140_mqtt/002_mqtt_destination_options.md @@ -15,7 +15,7 @@ Required options: address(), fallback-topic(), and topic(). |Required: | yes| *Description:* Specifies the hostname or IP address, and the port number -of the MQTT broker to which syslog-ng OSE will send the log messages. +of the MQTT broker to which {{ site.product.short_name }} will send the log messages. Syntax: \://\:\ @@ -33,7 +33,7 @@ Supported protocol types: TCP, WS, SSL andWSS. *Description:* Required option when using templates in the topic() option. -If the resolved topic() template is not a valid topic, syslog-ng OSE +If the resolved topic() template is not a valid topic, {{ site.product.short_name }} will use the fallback-topic() option to send messages. **NOTE:** If instead of strings, you use actual templates (that is, a macro @@ -41,7 +41,7 @@ like ${MESSAGE}, or a template function like $(format-json)) in the topic() option, configuring the fallback-topic() option is required. {: .notice--info} -**TIP:** Occasionally, the reason why syslog-ng OSE cannot post messages to +**TIP:** Occasionally, the reason why {{ site.product.short_name }} cannot post messages to the configured topic() is that the topic contains invalid characters that originate from templates. {: .notice--info} @@ -61,11 +61,11 @@ that originate from templates. |Type:| string| |Default:| ${ISODATE} ${HOST} ${MSGHDR}${MSG}| -*Description:* Specifies the message template that syslog-ng OSE sends +*Description:* Specifies the message template that {{ site.product.short_name }} sends to the MQTT broker. If you want to use macros in templates, see -Macros of syslog-ng OSE. +Macros of {{ site.product.short_name }}. {% include doc/admin-guide/options/tls.md %} diff --git a/doc/_admin-guide/070_Destinations/140_mqtt/003_mqtt_possible_error_messages.md b/doc/_admin-guide/070_Destinations/140_mqtt/003_mqtt_possible_error_messages.md index 2f23dd7e..bfc069b4 100644 --- a/doc/_admin-guide/070_Destinations/140_mqtt/003_mqtt_possible_error_messages.md +++ b/doc/_admin-guide/070_Destinations/140_mqtt/003_mqtt_possible_error_messages.md @@ -17,43 +17,43 @@ possible reasons behind them, and potential workaround methods. "ERROR, while init threaded dest. ..." - The syslog-ng OSE application will not start. + The {{ site.product.short_name }} application will not start. You can try the following methods:
    -
  • Restart syslog-ng OSE.
    • +
  • Restart {{ site.product.short_name }}.
  • Stop some of the programs running on your computer.
    • -
  • Restart your computer, and then restart syslog-ng OSE.
    • +
  • Restart your computer, and then restart {{ site.product.short_name }}.
"mqtt: the topic() argument is required for mqtt destinations. ..." - The topic() option is not set in your configuration. The syslog-ng OSE application will not start. + The topic() option is not set in your configuration. The {{ site.product.short_name }} application will not start. Set the missing topic() option in your configuration, then restart. "The mqtt destination does not support the batching of messages, ..." - Your configuration may contain the batch-timeout() and / or batch-lines() options, which are not supported by the mqtt() destination. The syslog-ng OSE application will not start. + Your configuration may contain the batch-timeout() and / or batch-lines() options, which are not supported by the mqtt() destination. The {{ site.product.short_name }} application will not start. If your configuration contains the batch-timeout() and / or batch-lines() options, remove them from your configuration, and restart. "Disconnected during publish! - The syslog-ng OSE application can not send the message, because syslog-ng OSE disconnected from the broker. By default, syslog-ng OSE attempts to reconnect to the broker and send the messages 3 times. - If syslog-ng OSE fails all 3 attempts to reconnect to the broker and send the messages, you can try checking your configuration or restarting your MQTT system with syslog-ng OSE as a client. + The {{ site.product.short_name }} application can not send the message, because {{ site.product.short_name }} disconnected from the broker. By default, {{ site.product.short_name }} attempts to reconnect to the broker and send the messages 3 times. + If {{ site.product.short_name }} fails all 3 attempts to reconnect to the broker and send the messages, you can try checking your configuration or restarting your MQTT system with {{ site.product.short_name }} as a client. "Max message inflight! (publish)" - The syslog-ng OSE application can not send the message due to the max message inflight broker response code (which signals that the broker has received too many messages, and it needs more time to process them). The syslog-ng OSE application will attempt to resend the message. - Wait until the broker can process the in-flight messages and syslog-ng OSE can attempt to resend the message. + The {{ site.product.short_name }} application can not send the message due to the max message inflight broker response code (which signals that the broker has received too many messages, and it needs more time to process them). The {{ site.product.short_name }} application will attempt to resend the message. + Wait until the broker can process the in-flight messages and {{ site.product.short_name }} can attempt to resend the message. "Failure during publishing!" - The syslog-ng OSE application can not send the message due to the failure broker response code. The syslog-ng OSE application will attempt to resend the message. + The {{ site.product.short_name }} application can not send the message due to the failure broker response code. The {{ site.product.short_name }} application will attempt to resend the message. N/A "Error during publish!" - The syslog-ng OSE application can not send the message, and drops it. + The {{ site.product.short_name }} application can not send the message, and drops it. Possible reason: bad\_utf8\_string (topic), NULL parameter. @@ -67,12 +67,12 @@ That is, the most probable reasons behind this issue are either that the topic n "Disconnected while waiting the response!" - The syslog-ng OSE application has sent the message, but the client disconnected from the broker before syslog-ng OSE received the response. The syslog-ng OSE application will attempt to reconnect, or to resend the message. - The syslog-ng OSE application will attempt to reconnect to the broker and send the in-flight message. If the reconnect attempt fails, syslog-ng OSE will resend the message. + The {{ site.product.short_name }} application has sent the message, but the client disconnected from the broker before {{ site.product.short_name }} received the response. The {{ site.product.short_name }} application will attempt to reconnect, or to resend the message. + The {{ site.product.short_name }} application will attempt to reconnect to the broker and send the in-flight message. If the reconnect attempt fails, {{ site.product.short_name }} will resend the message. "Error while waiting the response!" - The syslog-ng OSE application can not get any response from the broker, due to the failure broker response code. The syslog-ng OSE will attempt to resend the message. + The {{ site.product.short_name }} application can not get any response from the broker, due to the failure broker response code. The {{ site.product.short_name }} will attempt to resend the message. In this case, you will receive a further error message, depending on what the problem is. Wait for the second error message for more information about how you can proceed. @@ -87,12 +87,12 @@ That is, the most probable reasons behind this issue are either that the topic n "Error connecting mqtt client ..." - The syslog-ng OSE application can not connect to broker, and it will attempt to reconnect later. - **If the issue persists, you can try the following: Update your eclipse-paho-mqtt-c library.Restart syslog-ng OSE.** + The {{ site.product.short_name }} application can not connect to broker, and it will attempt to reconnect later. + **If the issue persists, you can try the following: Update your eclipse-paho-mqtt-c library.Restart {{ site.product.short_name }}.** "Error creat mqtt client ..." - The syslog-ng OSE application encountered an error while creating the MQTT client, and it will attempt to create it later. Possible reasons: + The {{ site.product.short_name }} application encountered an error while creating the MQTT client, and it will attempt to create it later. Possible reasons:
  • There is a wrong address() set in your configuration.
  • The broker is not running.
    • diff --git a/doc/_admin-guide/070_Destinations/150_Network/000_Network_destination_options.md b/doc/_admin-guide/070_Destinations/150_Network/000_Network_destination_options.md index a5ba9cb9..f4d72d62 100644 --- a/doc/_admin-guide/070_Destinations/150_Network/000_Network_destination_options.md +++ b/doc/_admin-guide/070_Destinations/150_Network/000_Network_destination_options.md @@ -4,7 +4,7 @@ id: adm-dest-netw-opt --- The network() driver sends messages to a remote host (for example, a -syslog-ng server or relay) on the local intranet or internet using the +{{ site.product.short_name }} server or relay) on the local intranet or internet using the RFC-3164 syslog protocol (for details about the protocol, see BSD-syslog or legacy-syslog messages. The network() driver supports sending messages using the UDP, diff --git a/doc/_admin-guide/070_Destinations/150_Network/README.md b/doc/_admin-guide/070_Destinations/150_Network/README.md index a225bfa8..7b8cfe70 100644 --- a/doc/_admin-guide/070_Destinations/150_Network/README.md +++ b/doc/_admin-guide/070_Destinations/150_Network/README.md @@ -23,7 +23,7 @@ description: >- is broken, messages that the client has sent but were not yet received on the server are lost. -- The syslog-ng application supports TLS (Transport Layer Security, +- The {{ site.product.short_name }} application supports TLS (Transport Layer Security, also known as SSL) over TCP. For details, see Encrypting log messages with TLS. @@ -36,7 +36,7 @@ network("" [options]); The network() destination has a single required parameter that specifies the destination host address where messages should be sent. If name resolution is configured, you can use the hostname of the target server. -By default, syslog-ng OSE sends messages using the TCP protocol to port +By default, {{ site.product.short_name }} sends messages using the TCP protocol to port 514. ## Example: Using the network() driver diff --git a/doc/_admin-guide/070_Destinations/153_OpenObserve/001_OpenObserve-destination-options.md b/doc/_admin-guide/070_Destinations/153_OpenObserve/001_OpenObserve-destination-options.md index 39f1a96e..475eec17 100644 --- a/doc/_admin-guide/070_Destinations/153_OpenObserve/001_OpenObserve-destination-options.md +++ b/doc/_admin-guide/070_Destinations/153_OpenObserve/001_OpenObserve-destination-options.md @@ -12,7 +12,7 @@ description: >- | Type:| string| | Default:| `"default"`| -*Description:* The name of the OpenObserve organization where syslog-ng OSE sends the data. +*Description:* The name of the OpenObserve organization where {{ site.product.short_name }} sends the data. {% include doc/admin-guide/options/password.md %} @@ -23,14 +23,14 @@ description: >- | Type:| string| | Default:| `"--scope rfc5424 --exclude DATE --key ISODATE @timestamp=${ISODATE}"`| -*Description:* A JSON object representing key-value pairs sent to OpenObserve, formatted as syslog-ng OSE value-pairs. By default, the `openobserve-log()` destination sends the RFC-5424 fields as attributes. If you want to send different fields, override the default content of the `record()` field. +*Description:* A JSON object representing key-value pairs sent to OpenObserve, formatted as {{ site.product.short_name }} value-pairs. By default, the `openobserve-log()` destination sends the RFC-5424 fields as attributes. If you want to send different fields, override the default content of the `record()` field. ## stream() | Type:| string| | Default:| `"default"`| -*Description:* The OpenObserve stream where syslog-ng OSE sends the data, for example, `your-example-stream`. +*Description:* The OpenObserve stream where {{ site.product.short_name }} sends the data, for example, `your-example-stream`. ## user() diff --git a/doc/_admin-guide/070_Destinations/153_OpenObserve/README.md b/doc/_admin-guide/070_Destinations/153_OpenObserve/README.md index cc81819f..e168a61c 100644 --- a/doc/_admin-guide/070_Destinations/153_OpenObserve/README.md +++ b/doc/_admin-guide/070_Destinations/153_OpenObserve/README.md @@ -9,7 +9,7 @@ description: >- ## Prerequisites -* An OpenObserve account for syslog-ng OSE or a self-hosted OpenObserve deployment +* An OpenObserve account for {{ site.product.short_name }} or a self-hosted OpenObserve deployment * Username, password, organization name and the name of the OpenObserve target stream where data is sent to. ### Example: minimal configuration of OpenObserve diff --git a/doc/_admin-guide/070_Destinations/155_opensearch/001_opensearch()-destination-options.md b/doc/_admin-guide/070_Destinations/155_opensearch/001_opensearch()-destination-options.md index 4ac2059e..9b42608e 100644 --- a/doc/_admin-guide/070_Destinations/155_opensearch/001_opensearch()-destination-options.md +++ b/doc/_admin-guide/070_Destinations/155_opensearch/001_opensearch()-destination-options.md @@ -4,9 +4,9 @@ id: adm-dest-os-opt --- -The opensearch destination of syslog-ng OSE can directly post log messages to an OpenSearch deployment using the OpenSearch Bulk API over the HTTP and Secure HTTP (HTTPS) protocols. The opensearch destination has the following options. The index() and url() options are strictly required. +The opensearch destination of {{ site.product.short_name }} can directly post log messages to an OpenSearch deployment using the OpenSearch Bulk API over the HTTP and Secure HTTP (HTTPS) protocols. The opensearch destination has the following options. The index() and url() options are strictly required. -This destination is available in syslog-ng OSE version 4.4 and later versions. +This destination is available in {{ site.product.short_name }} version 4.4 and later versions. {% include doc/admin-guide/options/batch-bytes.md %} @@ -48,9 +48,9 @@ For details on how this option influences batch mode, see Batch mode and load ba | Type:| string or template| | Default:| none| -*Description:* The name of the OpenSearch index where OpenSearch will store the messages received from syslog-ng OSE. This option is mandatory for this destination. +*Description:* The name of the OpenSearch index where OpenSearch will store the messages received from {{ site.product.short_name }}. This option is mandatory for this destination. -You can use macros and template functions, but you must ensure that the resolved template contains only characters that OpenSearch permits in the name of the index. The syslog-ng OSE application does not validate the name of the index. For details on the characters permitted in the name of OpenSearch indices, see the documentation of OpenSearch. +You can use macros and template functions, but you must ensure that the resolved template contains only characters that OpenSearch permits in the name of the index. The {{ site.product.short_name }} application does not validate the name of the index. For details on the characters permitted in the name of OpenSearch indices, see the documentation of OpenSearch. {% include doc/admin-guide/options/log-fifo-size.md %} @@ -67,11 +67,11 @@ You can use macros and template functions, but you must ensure that the resolved | Type:| number| | Default:| 3| -*Description:* If syslog-ng OSE cannot send a message, it will try again until the number of attempts reaches retries(). +*Description:* If {{ site.product.short_name }} cannot send a message, it will try again until the number of attempts reaches retries(). -If the number of attempts reaches retries(), syslog-ng OSE will wait for time-reopen() time, then tries sending the message again. +If the number of attempts reaches retries(), {{ site.product.short_name }} will wait for time-reopen() time, then tries sending the message again. -To handle HTTP error responses, if the HTTP server returns 5xx codes, syslog-ng OSE will attempt to resend messages until the number of attempts reaches retries. If the HTTP server returns 4xx codes, syslog-ng OSE will drop the messages. +To handle HTTP error responses, if the HTTP server returns 5xx codes, {{ site.product.short_name }} will attempt to resend messages until the number of attempts reaches retries. If the HTTP server returns 4xx codes, {{ site.product.short_name }} will drop the messages. ## ssl-version() @@ -120,18 +120,18 @@ Make sure that you specify TLS options either using their own dedicated option ( This option is mandatory for this destination. -Make sure that the URL ends with _bulk, this is the OpenSearch API endpoint that properly parses the messages sent by syslog-ng OSE. +Make sure that the URL ends with _bulk, this is the OpenSearch API endpoint that properly parses the messages sent by {{ site.product.short_name }}. -In case the server on the specified URL returns a redirect request, syslog-ng OSE automatically follows maximum 3 redirects. Only HTTP and HTTPS based redirections are supported. +In case the server on the specified URL returns a redirect request, {{ site.product.short_name }} automatically follows maximum 3 redirects. Only HTTP and HTTPS based redirections are supported. -Starting with version 3.19, you can specify multiple URLs, for example, url("site1" "site2"). In this case, syslog-ng OSE sends log messages to the specified URLs in a load-balance fashion. This means that syslog-ng OSE sends each message to only one URL. For example, you can use this to send the messages to a set of ingestion nodes or indexers of your SIEM solution if a single node cannot handle the load. Note that the order of the messages as they arrive on the servers can differ from the order syslog-ng OSE has received them, so use load-balancing only if your server can use the timestamp from the messages. If the server uses the timestamp when it receives the messages, the order of the messages will be incorrect. +Starting with version 3.19, you can specify multiple URLs, for example, url("site1" "site2"). In this case, {{ site.product.short_name }} sends log messages to the specified URLs in a load-balance fashion. This means that {{ site.product.short_name }} sends each message to only one URL. For example, you can use this to send the messages to a set of ingestion nodes or indexers of your SIEM solution if a single node cannot handle the load. Note that the order of the messages as they arrive on the servers can differ from the order {{ site.product.short_name }} has received them, so use load-balancing only if your server can use the timestamp from the messages. If the server uses the timestamp when it receives the messages, the order of the messages will be incorrect. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** If you set multiple URLs in the url() option, set the persist-name() option as well to avoid data loss. {: .notice--warning} -Starting with version syslog-ng OSE version 3.22, you can use any of the following +Starting with version {{ site.product.short_name }} version 3.22, you can use any of the following formats to specify multiple URLs: ```config @@ -146,7 +146,7 @@ formats to specify multiple URLs: | Type:| string| | Default:| | -*Description:* The username that syslog-ng OSE uses to authenticate on the server where it sends the messages. +*Description:* The username that {{ site.product.short_name }} uses to authenticate on the server where it sends the messages. {% include doc/admin-guide/options/use-system-cert-store.md %} diff --git a/doc/_admin-guide/070_Destinations/160_osquery/README.md b/doc/_admin-guide/070_Destinations/160_osquery/README.md index 16b82e6d..a5945145 100644 --- a/doc/_admin-guide/070_Destinations/160_osquery/README.md +++ b/doc/_admin-guide/070_Destinations/160_osquery/README.md @@ -8,7 +8,7 @@ description: >- The syslog table contains logs forwarded over a named pipe from syslog-ng. When an osquery process that supports the syslog table starts up, it creates (and properly sets permissions for) a named pipe for - syslog-ng to write to. + {{ site.product.short_name }} to write to. --- ## Example: Using the osquery() destination driver diff --git a/doc/_admin-guide/070_Destinations/170_Pipe/000_Pipe_destination_options.md b/doc/_admin-guide/070_Destinations/170_Pipe/000_Pipe_destination_options.md index 5e78c065..2671fb59 100644 --- a/doc/_admin-guide/070_Destinations/170_Pipe/000_Pipe_destination_options.md +++ b/doc/_admin-guide/070_Destinations/170_Pipe/000_Pipe_destination_options.md @@ -45,7 +45,7 @@ without specifying an attribute: owner(). ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Hazard of data loss! If the size of the incoming message is larger -than the previously set pad-size() value, syslog-ng will truncate +than the previously set pad-size() value, {{ site.product.short_name }} will truncate the message to the specified size. Therefore, all message content above that size will be lost. {: .notice--danger} diff --git a/doc/_admin-guide/070_Destinations/170_Pipe/README.md b/doc/_admin-guide/070_Destinations/170_Pipe/README.md index 63e65e3d..1f7b1c86 100644 --- a/doc/_admin-guide/070_Destinations/170_Pipe/README.md +++ b/doc/_admin-guide/070_Destinations/170_Pipe/README.md @@ -17,7 +17,7 @@ pipe(filename); ``` ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -Caution: Starting with syslog-ng OSE 3.0.2, pipes are created automatically. +Caution: Starting with {{ site.product.short_name }} 3.0.2, pipes are created automatically. In earlier versions, you had to create the pipe using the mkfifo(1) command. {: .notice--warning} diff --git a/doc/_admin-guide/070_Destinations/180_Program/README.md b/doc/_admin-guide/070_Destinations/180_Program/README.md index 206241a4..6d32e0c4 100644 --- a/doc/_admin-guide/070_Destinations/180_Program/README.md +++ b/doc/_admin-guide/070_Destinations/180_Program/README.md @@ -8,7 +8,7 @@ description: >- is a single line (ending with a newline character), which your script can process. Make sure that your script runs in a loop and keeps reading the standard input --- it should not exit. (If your script exits, - syslog-ng OSE tries to restart it.) + {{ site.product.short_name }} tries to restart it.) --- The program() driver has a single required parameter, specifying a @@ -25,26 +25,26 @@ program(command_to_run); When using the program() driver, consider the following: -- The syslog-ng OSE application must be able to start and restart the +- The {{ site.product.short_name }} application must be able to start and restart the external program, and have the necessary permissions to do so. For example, if your host is running AppArmor, you might have to modify - your AppArmor configuration to enable syslog-ng OSE to execute + your AppArmor configuration to enable {{ site.product.short_name }} to execute external applications. -- The syslog-ng OSE application executes program destinations through +- The {{ site.product.short_name }} application executes program destinations through the standard system shell. If the system shell is not bash and you experience problems with the program destination, try changing the /bin/sh link to /bin/bash. -- If the external program exits, the syslog-ng OSE application +- If the external program exits, the {{ site.product.short_name }} application automatically restarts it. However it is not recommended to launch programs for single messages, because if the message rate is high, launching several instances of an application might overload the system, resulting in Denial of Service. -- When the syslog-ng OSE application stops, it will automatically stop +- When the {{ site.product.short_name }} application stops, it will automatically stop the external program. To avoid restarting the application when - syslog-ng OSE is only reloaded, enable the keep-alive() option in + {{ site.product.short_name }} is only reloaded, enable the keep-alive() option in the program destination. - Certain external applications buffer the log messages, which might diff --git a/doc/_admin-guide/070_Destinations/200_Python/README.md b/doc/_admin-guide/070_Destinations/200_Python/README.md index c448c8b7..4df0b0d4 100644 --- a/doc/_admin-guide/070_Destinations/200_Python/README.md +++ b/doc/_admin-guide/070_Destinations/200_Python/README.md @@ -6,7 +6,7 @@ description: >- The Python destination allows you to write your own destination in Python. You can import external Python modules to process the messages, and send them to other services or servers. Since many services have a - Python library, the Python destination makes integrating syslog-ng OSE + Python library, the Python destination makes integrating {{ site.product.short_name }} very easy and quick. --- @@ -16,13 +16,13 @@ description: >- **Declaration** -Python destinations consist of two parts. The first is a syslog-ng OSE -destination object that you define in your syslog-ng OSE configuration +Python destinations consist of two parts. The first is a {{ site.product.short_name }} +destination object that you define in your {{ site.product.short_name }} configuration and use in the log path. This object references a Python class, which is the second part of the Python destination. The Python class processes the log messages it receives, and can do virtually anything that you can code in Python. You can either embed the Python class into your -syslog-ng OSE configuration file, or +{{ site.product.short_name }} configuration file, or [[store it in an external Python file|adm-conf-python]]. ```config @@ -88,12 +88,12 @@ python() destination. The open(self) method opens the resources required for the destination, for example, it initiates a connection to the target service. It is -called after init() when syslog-ng OSE is started or reloaded. If send() -returns with an error, syslog-ng OSE calls close() and open() before +called after init() when {{ site.product.short_name }} is started or reloaded. If send() +returns with an error, {{ site.product.short_name }} calls close() and open() before trying to send again. If open() fails, it should return the False value. In this case, -syslog-ng OSE retries it every time-reopen() seconds. By default, this +{{ site.product.short_name }} retries it every time-reopen() seconds. By default, this is 1 second for Python sources and destinations, the value of time-reopen() is not inherited from the global option. For details, see Error handling in the python() destination. @@ -108,7 +108,7 @@ Note that for batch mode, the flush() method must be implemented as well. This is the only mandatory method of the destination. If a message cannot be delivered after the number of times set in -retries() (by default: 3), syslog-ng OSE drops the message and continues +retries() (by default: 3), {{ site.product.short_name }} drops the message and continues with the next message. For details, see Error handling in the python() destination. @@ -172,7 +172,7 @@ The method can return True, False, or one of the following constants: ### close(self) method (optional) Close the connection to the target service. Usually it is called right -before deinit() when stopping or reloading syslog-ng OSE. It is also +before deinit() when stopping or reloading {{ site.product.short_name }}. It is also called when send() fails. {% include doc/admin-guide/python-deinit.md %} @@ -181,26 +181,26 @@ called when send() fails. The Python destination handles errors as follows. -1. Currently syslog-ng OSE ignores every error from the open method +1. Currently {{ site.product.short_name }} ignores every error from the open method until the first log message arrives to the Python destination. If the fist message has arrived and there was an error in the open - method, syslog-ng OSE starts calling the open method every + method, {{ site.product.short_name }} starts calling the open method every time-reopen() second, until opening the destination succeeds. -2. If the open method returns without error, syslog-ng OSE calls the +2. If the open method returns without error, {{ site.product.short_name }} calls the send method to send the first message. -3. If the send method returns with an error, syslog-ng OSE calls the +3. If the send method returns with an error, {{ site.product.short_name }} calls the is_opened method. - - If the is_opened method returns an error, syslog-ng OSE starts + - If the is_opened method returns an error, {{ site.product.short_name }} starts calling the open method every time-reopen() second, until opening the destination succeeds. - - Otherwise, syslog-ng OSE calls the send method again. + - Otherwise, {{ site.product.short_name }} calls the send method again. 4. If the send method has returned with an error retries() times and - the is_opened method has not returned any errors, syslog-ng OSE + the is_opened method has not returned any errors, {{ site.product.short_name }} drops the message and attempts to process the next message. ### Example: Write logs into a file @@ -211,7 +211,7 @@ files, use the [[file destination|adm-dest-file]] instead. The following sample code writes the body of log messages into the /tmp/example.txt file. Only the send() method is implemented, meaning -that syslog-ng OSE opens and closes the file for every message. +that {{ site.product.short_name }} opens and closes the file for every message. ```config destination d_python_to_file { diff --git a/doc/_admin-guide/070_Destinations/210_Redis/001_Redis_options.md b/doc/_admin-guide/070_Destinations/210_Redis/001_Redis_options.md index 1488745f..a72e680e 100644 --- a/doc/_admin-guide/070_Destinations/210_Redis/001_Redis_options.md +++ b/doc/_admin-guide/070_Destinations/210_Redis/001_Redis_options.md @@ -13,7 +13,7 @@ The redis() destination has the following options: | Default: | N/A| *Description:* The password used for authentication on a -password-protected Redis server. Available in syslog-ng OSE version 3.10 +password-protected Redis server. Available in {{ site.product.short_name }} version 3.10 and later. {% include doc/admin-guide/options/batch-bytes.md %} @@ -41,8 +41,8 @@ Note the following points when using the redis() destination: - Currently you can use only one command in a redis() destination. -- The syslog-ng OSE application ignores the return value of the - command. If the Redis server returns an error, syslog-ng OSE closes +- The {{ site.product.short_name }} application ignores the return value of the + command. If the Redis server returns an error, {{ site.product.short_name }} closes the connection. {% include doc/admin-guide/options/disk-buffer.md %} diff --git a/doc/_admin-guide/070_Destinations/220_Riemann/000_Riemann_options.md b/doc/_admin-guide/070_Destinations/220_Riemann/000_Riemann_options.md index 6e81f618..554ffebb 100644 --- a/doc/_admin-guide/070_Destinations/220_Riemann/000_Riemann_options.md +++ b/doc/_admin-guide/070_Destinations/220_Riemann/000_Riemann_options.md @@ -39,7 +39,7 @@ event. | Type:| template, macro, or string| |Default:| ${UNIXTIME}| -*Description:* Instead of the arrival time into Riemann, syslog-ng OSE +*Description:* Instead of the arrival time into Riemann, {{ site.product.short_name }} can also send its own timestamp value. This can be useful if Riemann is inaccessible for a while, and the @@ -59,9 +59,9 @@ event-time("12345678" seconds) event-time("12345678") ``` -In case the parameter is omitted, syslog-ng OSE defaults to the seconds +In case the parameter is omitted, {{ site.product.short_name }} defaults to the seconds version. In case the event-time() option is omitted altogether, -syslog-ng OSE defaults to the seconds version with ${UNIXTIME}. +{{ site.product.short_name }} defaults to the seconds version with ${UNIXTIME}. Note that the time format parameter requires: @@ -166,7 +166,7 @@ event. |Default:| the tags already assigned to the message| *Description:* The list of tags to add as the tags field of the Riemann -event. If not specified syslog-ng OSE automatically adds the tags +event. If not specified {{ site.product.short_name }} automatically adds the tags already assigned to the message. If you set the tags() option, only the tags you specify will be added to the event. diff --git a/doc/_admin-guide/070_Destinations/220_Riemann/README.md b/doc/_admin-guide/070_Destinations/220_Riemann/README.md index cc455770..09e5816e 100644 --- a/doc/_admin-guide/070_Destinations/220_Riemann/README.md +++ b/doc/_admin-guide/070_Destinations/220_Riemann/README.md @@ -54,6 +54,6 @@ log { }; ``` -For a detailed use-case on using syslog-ng OSE with the Riemann +For a detailed use-case on using {{ site.product.short_name }} with the Riemann monitoring system, see the article A How to Guide on Modern Monitoring and Alerting by Fabien Wernli. diff --git a/doc/_admin-guide/070_Destinations/225_Amazon-s3/000_amazon_s3_options.md b/doc/_admin-guide/070_Destinations/225_Amazon-s3/000_amazon_s3_options.md index fd09c4f4..09bad0b3 100644 --- a/doc/_admin-guide/070_Destinations/225_Amazon-s3/000_amazon_s3_options.md +++ b/doc/_admin-guide/070_Destinations/225_Amazon-s3/000_amazon_s3_options.md @@ -59,7 +59,7 @@ Description: Only has effect if compression() is set to `yes`. The level of the |Type:| integer[minutes]| |Default:| 60| -*Description:* After the grace period expires and no new messages are routed to the destination, syslog-ng OSE flushes the contents of the buffer to the S3 object even if the volume of the messages in the buffer is lower than chunk-size(). +*Description:* After the grace period expires and no new messages are routed to the destination, {{ site.product.short_name }} flushes the contents of the buffer to the S3 object even if the volume of the messages in the buffer is lower than chunk-size(). #{% include doc/admin-guide/options/log-fifo-size.md %} @@ -68,7 +68,7 @@ Description: Only has effect if compression() is set to `yes`. The level of the |Type:| number [GiB]| |Default:| 5120GiB| -*Description:* The maximal size of the S3 object. If an object reaches this size, syslog-ng OSE appends an index suffix ("-1", “-2”, …) to the object key and starts a new object after rotation. +*Description:* The maximal size of the S3 object. If an object reaches this size, {{ site.product.short_name }} appends an index suffix ("-1", “-2”, …) to the object key and starts a new object after rotation. ### max-pending-uploads() @@ -128,7 +128,7 @@ If an invalid value is configured, the default is used. |Type:| integer| |Default:| 8| -*Description:* The number of syslog-ng OSE worker threads that are used to upload data to S3 from this destination. +*Description:* The number of {{ site.product.short_name }} worker threads that are used to upload data to S3 from this destination. ### template() diff --git a/doc/_admin-guide/070_Destinations/225_Amazon-s3/README.md b/doc/_admin-guide/070_Destinations/225_Amazon-s3/README.md index 14cdcb0d..9780ebf5 100644 --- a/doc/_admin-guide/070_Destinations/225_Amazon-s3/README.md +++ b/doc/_admin-guide/070_Destinations/225_Amazon-s3/README.md @@ -3,7 +3,7 @@ title: 's3: Sending messages to Amazon Simple Storage' id: adm-dest-amazon short_title: s3 description: >- - Available in syslog-ng OSE version 4.4 and later versions. + Available in {{ site.product.short_name }} version 4.4 and later versions. The s3() destination sends log messages to the Amazon Simple Storage Service (Amazon S3) object storage service. Log messages can be sent over TCP, or encrypted with TLS. --- @@ -11,9 +11,9 @@ description: >- ## Prerequisites * An already existing S3 bucket configured for programmatic access, and the related `ACCESS_KEY` and `SECRET_KEY` of a user that can access it. -* If the venv (`/usr/bin/syslog-ng-update-virtualenv`) created by syslog-ng OSE is not used, the `boto3` and/or `botocore` Python dependencies must be installed. +* If the venv (`/usr/bin/syslog-ng-update-virtualenv`) created by {{ site.product.short_name }} is not used, the `boto3` and/or `botocore` Python dependencies must be installed. -To use the s3() driver, the scl.conf file must be included in the syslog-ng OSE configuration: +To use the s3() driver, the scl.conf file must be included in the {{ site.product.short_name }} configuration: ```config @include "scl.conf" @@ -36,16 +36,16 @@ s3( ## Creating Objects -syslog-ng OSE can create a new object based on the following strategies: +{{ site.product.short_name }} can create a new object based on the following strategies: -* Based on object size:The max-object-size() option configures syslog-ng OSE to complete an object if it reaches a certain size. syslog-ng OSE appends an index ("-1", “-2”, …) to the end of the object key, then starts a new object. +* Based on object size:The max-object-size() option configures {{ site.product.short_name }} to complete an object if it reaches a certain size. {{ site.product.short_name }} appends an index ("-1", “-2”, …) to the end of the object key, then starts a new object. * Based on timestamp: The object-key-timestamp() option can be used to set a timestamp related template, which is appended to the end of an object, for example: "${R_MONTH_ABBREV}${R_DAY}". When a log message arrives with a newer timestamp template resolution, the previous timestamped object is completed and a new one is started with a new timestamp. If an older message arrives, it does not reopen the old object, but starts a new object with the key having an index appended to the old object. -* Based on timeout: The flush-grace-period() option sets the number of minutes to wait for new messages to arrive after the last one. If the timeout expires, syslog-ng OSE completes the object, and opens a new object (with an appended index) when a new message arrives. +* Based on timeout: The flush-grace-period() option sets the number of minutes to wait for new messages to arrive after the last one. If the timeout expires, {{ site.product.short_name }} completes the object, and opens a new object (with an appended index) when a new message arrives. All of these methods can be used individually, or together. ## Upload options -syslog-ng OSE uploads objects using the multipart upload API. syslog-ng OSE composes chunks locally. When a chunk reaches the size set in chunk-size() (by default 5 MiB), the chunk is uploaded. When an object is finished, the multipart upload is completed and S3 merges the chunks. +{{ site.product.short_name }} uploads objects using the multipart upload API. {{ site.product.short_name }} composes chunks locally. When a chunk reaches the size set in chunk-size() (by default 5 MiB), the chunk is uploaded. When an object is finished, the multipart upload is completed and S3 merges the chunks. The upload can be configured with the chunk-size(), upload-threads(), and the max-pending-uploads() options. diff --git a/doc/_admin-guide/070_Destinations/230_Slack/000_Slack_options.md b/doc/_admin-guide/070_Destinations/230_Slack/000_Slack_options.md index 72b1ee21..4958c6ed 100644 --- a/doc/_admin-guide/070_Destinations/230_Slack/000_Slack_options.md +++ b/doc/_admin-guide/070_Destinations/230_Slack/000_Slack_options.md @@ -3,7 +3,7 @@ title: Slack destination options id: adm-dest-slack-opt --- -The slack destination of syslog-ng OSE can directly post log messages +The slack destination of {{ site.product.short_name }} can directly post log messages and notifications to Slack channels. The slack destination has the following options. @@ -113,12 +113,10 @@ documentation](https://api.slack.com/docs/message-attachments). | Default: | None| *Description:* The Webhook URL for the Incoming Webhook of your Slack -app. This URL must also include the authentication token that syslog-ng -OSE uses to authenticate to Slack. For example: +app. This URL must also include the authentication token that {{ site.product.short_name }} uses to authenticate to Slack. For example: **https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX** -For details, see the [Slack documentation about Incoming -Webhooks](https://api.slack.com/incoming-webhooks). +For details, see the Slack webhook documentation. ## image-url() @@ -126,8 +124,7 @@ Webhooks](https://api.slack.com/incoming-webhooks). | Default:| None| *Description:* A hyperlink for an image. For details, see the -[image_url option in the Slack -documentation](https://api.slack.com/docs/message-attachments). +image_url option in the Slack API documentation. {% include doc/admin-guide/options/log-fifo-size.md %} @@ -139,8 +136,7 @@ documentation](https://api.slack.com/docs/message-attachments). | Default: | None| *Description:* The text that appears above the attachment block. For -details, see the [pretext option in the Slack -documentation](https://api.slack.com/docs/message-attachments). +details, see the pretext option in the Slack API documentation. {% include doc/admin-guide/options/retries.md %} @@ -166,8 +162,7 @@ sslv2, sslv3, tlsv1, tlsv1_0, tlsv1_1, tlsv1_2, tlsv1_3. | Default:| None| *Description:* A hyperlink for a thumbnail image. For details, see the -[thumb\_url option in the Slack -documentation](https://api.slack.com/docs/message-attachments). +thumb_url option in the Slack API documentation. ## timeout() @@ -184,9 +179,8 @@ in version 3.11 and later. | Type: string or template| | Default: None| -*Description:* The message title in Slack. For details, see the [title -option in the Slack -documentation](https://api.slack.com/docs/message-attachments). +*Description:* The message title in Slack. For details, see the title +option in the Slack API documentation. ## title-link() @@ -194,8 +188,7 @@ documentation](https://api.slack.com/docs/message-attachments). | Default:| None| *Description:* A hyperlink for the message title in Slack. For details, -see the [title_link option in the Slack -documentation](https://api.slack.com/docs/message-attachments). +see the title_link option in the Slack API documentation. {% include doc/admin-guide/options/user-agent.md %} diff --git a/doc/_admin-guide/070_Destinations/230_Slack/README.md b/doc/_admin-guide/070_Destinations/230_Slack/README.md index 774cb419..fa6b6970 100644 --- a/doc/_admin-guide/070_Destinations/230_Slack/README.md +++ b/doc/_admin-guide/070_Destinations/230_Slack/README.md @@ -34,7 +34,7 @@ period of time. For details, see the Web API rate limiting in the Slack documentation. To use this destination, the scl.conf file must be included in your -syslog-ng OSE configuration: +{{ site.product.short_name }} configuration: ```config @include "scl.conf" @@ -48,9 +48,9 @@ You can find the source of the Slack configuration snippet on GitHub. ## Prerequisites -To send messages and notifications from syslog-ng OSE to Slack, you must -create a Slack app and a Webhook that syslog-ng OSE can use. For -details, see the [[Slack documentation|slack-webhook-doc]]. +To send messages and notifications from {{ site.product.short_name }} to Slack, you must +create a Slack app and a Webhook that {{ site.product.short_name }} can use. For +details, see the Slack webhook documentation. ### Example: Using the slack() driver diff --git a/doc/_admin-guide/070_Destinations/240_SMTP/000_SMTP_options.md b/doc/_admin-guide/070_Destinations/240_SMTP/000_SMTP_options.md index e5250517..9d4ceab7 100644 --- a/doc/_admin-guide/070_Destinations/240_SMTP/000_SMTP_options.md +++ b/doc/_admin-guide/070_Destinations/240_SMTP/000_SMTP_options.md @@ -23,7 +23,7 @@ applications. The smtp() destination has the following options: the string. Use **\\n** to start a new line. For example: ```config -body("syslog-ng OSE received the following alert from ${HOST}:\n${MSG}") +body("{{ site.product.short_name }} received the following alert from ${HOST}:\n${MSG}") ``` ## bcc() diff --git a/doc/_admin-guide/070_Destinations/240_SMTP/README.md b/doc/_admin-guide/070_Destinations/240_SMTP/README.md index 6aab03d1..53cd8073 100644 --- a/doc/_admin-guide/070_Destinations/240_SMTP/README.md +++ b/doc/_admin-guide/070_Destinations/240_SMTP/README.md @@ -7,7 +7,7 @@ description: >- trusted SMTP server. The goal is to send mail to trusted recipients, through a controlled channel. It hands mails over to an SMTP server, and that is all it does, therefore the resulting solution is as reliable as - sending an email in general. For example, syslog-ng OSE does not verify + sending an email in general. For example, {{ site.product.short_name }} does not verify whether the recipient exists. --- @@ -18,12 +18,12 @@ email to multiple recipients, and so on. The subject(), body(), and header() fields may include macros which get expanded in the email. For more information on available macros see -Macros of syslog-ng OSE. +Macros of {{ site.product.short_name }}. The smtp() driver has the following required parameters: host(), port(), from(), to(), subject(), and body(). For the list of available optional parameters, see smtp() destination options. -NOTE: The smtp() destination driver is available only in syslog-ng OSE +NOTE: The smtp() destination driver is available only in {{ site.product.short_name }} 3.4 and later. **Declaration** diff --git a/doc/_admin-guide/070_Destinations/250_snmp/000_Converting_Cisco_messages.md b/doc/_admin-guide/070_Destinations/250_snmp/000_Converting_Cisco_messages.md index ea0749a1..8cd5f3b9 100644 --- a/doc/_admin-guide/070_Destinations/250_snmp/000_Converting_Cisco_messages.md +++ b/doc/_admin-guide/070_Destinations/250_snmp/000_Converting_Cisco_messages.md @@ -3,7 +3,7 @@ title: Converting Cisco syslog messages to clogMessageGenerated SNMP traps short_title: Converting Cisco messages id: adm-dest-snmp-cisco description: >- - The syslog-ng OSE application can convert the syslog messages sent by + The {{ site.product.short_name }} application can convert the syslog messages sent by Cisco devices to Cisco-specific SNMP traps defined by the CISCO-SYSLOG-MIB (enterprises.cisco.ciscoMgmt.ciscoCiscoMIB) is also supported (such traps are also referred to as clogMessageGenerated @@ -13,8 +13,8 @@ description: >- For this to work correctly, the following requirements must be met: -- The syslog-ng Source Configuration Library (SCL) must be included in - the syslog-ng OSE configuration file: +- The {{ site.product.short_name }} Source Configuration Library (SCL) must be included in + the {{ site.product.short_name }} configuration file: ```config @include "scl.conf" @@ -24,7 +24,7 @@ For this to work correctly, the following requirements must be met: fields with patterndb must be used to parse the incoming log messages. -To accomplish this, syslog-ng OSE has to use a special pattern database +To accomplish this, {{ site.product.short_name }} has to use a special pattern database to parse the Cisco-specific syslog messages, because these messages do not comply with the standard syslog formats. diff --git a/doc/_admin-guide/070_Destinations/250_snmp/001_snmp_options.md b/doc/_admin-guide/070_Destinations/250_snmp/001_snmp_options.md index 974a3a57..8db12659 100644 --- a/doc/_admin-guide/070_Destinations/250_snmp/001_snmp_options.md +++ b/doc/_admin-guide/070_Destinations/250_snmp/001_snmp_options.md @@ -26,7 +26,7 @@ This option is used with the SNMPv3 protocol. *Description:* The password used for authentication. If the auth-username() option is set but the auth-password() is empty, -syslog-ng OSE will try to authenticate with an empty password. +{{ site.product.short_name }} will try to authenticate with an empty password. This option is used with the SNMPv3 protocol. @@ -36,7 +36,7 @@ This option is used with the SNMPv3 protocol. | Default: | empty string| *Description:* The username used to authenticate on the SNMP server. If -this parameter is set, syslog-ng OSE will try to authenticate on the +this parameter is set, {{ site.product.short_name }} will try to authenticate on the SNMP server. This option is used with the SNMPv3 protocol. @@ -95,7 +95,7 @@ This option is a required parameter when using the SNMPv3 protocol. trap elements. To create a trap element, specify the OID, type, and value of the element in the snmp-obj() option. To send SNMP traps, at least one snmp-obj() option must be defined. The snmp-obj() option -requires the following parameters. Note that syslog-ng OSE does not +requires the following parameters. Note that {{ site.product.short_name }} does not validate the values of these elements. - \: The object id of the SNMP object, for @@ -106,11 +106,11 @@ validate the values of these elements. Ipaddress, Objectid. The type names are not case sensitive. - \: The value of the object as a string. The - macros of syslog-ng OSE can be used to set these values, making it + macros of {{ site.product.short_name }} can be used to set these values, making it possible to transfer the content and other metadata from the the syslog message to the SNMP trap. Note that if the value of an Integer, Counter32 or Timeticks object is not a number (for example, - is an empty string or other not-number string), syslog-ng OSE will + is an empty string or other not-number string), {{ site.product.short_name }} will automatically replace the value with 0. The values of other types of objects are not validated. @@ -148,10 +148,10 @@ with the Objectid type. *Description:* Specifies which version of the SNMP protocol to use. -**NOTE:** The syslog-ng OSE application will accept any valid option for the +**NOTE:** The {{ site.product.short_name }} application will accept any valid option for the snmp() destination, but will only use the ones relevant to the selected protocol version, any other option will be ignored. For example, if the version(\"v2c\") engine-id(\"0xABABABABAB\") community(\"mycommunity\") -options are set, syslog-ng OSE will accept every option, but process +options are set, {{ site.product.short_name }} will accept every option, but process only the community() option, because engine-id() applies only to SNMPv3. {: .notice--info} \ No newline at end of file diff --git a/doc/_admin-guide/070_Destinations/250_snmp/README.md b/doc/_admin-guide/070_Destinations/250_snmp/README.md index 2737618d..656431d4 100644 --- a/doc/_admin-guide/070_Destinations/250_snmp/README.md +++ b/doc/_admin-guide/070_Destinations/250_snmp/README.md @@ -6,9 +6,9 @@ description: >- The snmp() driver sends SNMP traps using the Simple Network Management Protocol version 2c or version 3. Incoming log messages can be converted to SNMP traps, as the fields of the SNMP messages can be customized - using syslog-ng OSE macros. + using {{ site.product.short_name }} macros. - The snmp() driver is available in syslog-ng OSE version 3.22 and later. + The snmp() driver is available in {{ site.product.short_name }} version 3.22 and later. --- **NOTE:** The snmp destination driver currently supports sending SNMP traps @@ -26,7 +26,7 @@ destination d_snmp {snmp(host() trap-obj() snmp-obj() ...);}; ``` ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -If syslog-ng OSE cannot resolve the destination hostname during startup, +If {{ site.product.short_name }} cannot resolve the destination hostname during startup, it will try to resolve the hostname again when the next message to be sent as an SNMP trap is received. However, if this name resolution fails, the trap will be dropped. diff --git a/doc/_admin-guide/070_Destinations/260_Splunk/000_Splunk-hec-event.md b/doc/_admin-guide/070_Destinations/260_Splunk/000_Splunk-hec-event.md index 4aa3235e..73fccc17 100644 --- a/doc/_admin-guide/070_Destinations/260_Splunk/000_Splunk-hec-event.md +++ b/doc/_admin-guide/070_Destinations/260_Splunk/000_Splunk-hec-event.md @@ -9,7 +9,7 @@ description: >- * HEC must be enabled on the Splunk deployment. -* A token must be created for syslog-ng OSE to be used in the token() destination option. Use the syslog source type when creating the token. +* A token must be created for {{ site.product.short_name }} to be used in the token() destination option. Use the syslog source type when creating the token. For more information, see Set up and use HTTP Event Collector in Splunk Web. diff --git a/doc/_admin-guide/070_Destinations/260_Splunk/README.md b/doc/_admin-guide/070_Destinations/260_Splunk/README.md index 15f49965..a022cd4c 100644 --- a/doc/_admin-guide/070_Destinations/260_Splunk/README.md +++ b/doc/_admin-guide/070_Destinations/260_Splunk/README.md @@ -3,14 +3,14 @@ title: 'Splunk destination' short_title: Splunk id: adm-dest-splunk-hec description: >- - In syslog-ng OSE versions older than 4.2, use the [[http() destination|adm-dest-http-nonjava]]. + In {{ site.product.short_name }} versions older than 4.2, use the [[http() destination|adm-dest-http-nonjava]]. In version older than 3.8, use the [[program() destination|adm-dest-program]]. --- -For details on forwarding log messages to Splunk with syslog-ng OSE see the following posts on the Splunk blog: +For details on forwarding log messages to Splunk with {{ site.product.short_name }} see the following posts on the Splunk blog: * syslog-ng and HEC: Scalable Aggregated Data Collection in Splunk -* Using Syslog-ng with Splunk +* Using syslog-ng with Splunk -From version 4.2 syslog-ng OSE can send messages to the Splunk HTTP Event Collector(HEC). For details, see splunk-hec-event: Send log messages to Splunk HEC. +From version 4.2 {{ site.product.short_name }} can send messages to the Splunk HTTP Event Collector(HEC). For details, see splunk-hec-event: Send log messages to Splunk HEC. diff --git a/doc/_admin-guide/070_Destinations/270_sql/000_Using_sql_driver_with_Oracle.md b/doc/_admin-guide/070_Destinations/270_sql/000_Using_sql_driver_with_Oracle.md index cbc092a5..8cf35312 100644 --- a/doc/_admin-guide/070_Destinations/270_sql/000_Using_sql_driver_with_Oracle.md +++ b/doc/_admin-guide/070_Destinations/270_sql/000_Using_sql_driver_with_Oracle.md @@ -11,7 +11,7 @@ to note. If the tnsnames.ora file is not located in the /etc directory (or in the /var/opt/oracle directory on Solaris), set the following - Oracle-related environment variables, so syslog-ng OSE will find the + Oracle-related environment variables, so {{ site.product.short_name }} will find the file: ORACLE_BASE, ORACLE_HOME, and ORACLE_SID. For details, see the documentation of the Oracle Instant Client. @@ -20,21 +20,21 @@ to note. a reference to the connection string of the tnsnames.ora file. To overcome this problem, you can duplicate the connections in the tnsnames.ora file under a different name, and use a different table - in each Oracle destination in syslog-ng OSE. + in each Oracle destination in {{ site.product.short_name }}. - As certain database versions limit the maximum length of table names, macros in the table names should be used with care. -- In the current version of syslog-ng OSE, the types of database +- In the current version of {{ site.product.short_name }}, the types of database columns must be explicitly set for the Oracle destination. The column used to store the text part of the syslog messages should be able to store messages as long as the longest message permitted by - syslog-ng, therefore it is usually recommended to use the + {{ site.product.short_name }}, therefore it is usually recommended to use the **varchar2** or **clob** column type. (The maximum length of the messages can be set using the log-msg-size() option.) For details, see the following example. -- The Oracle Instant Client used by syslog-ng OSE supports only the +- The Oracle Instant Client used by {{ site.product.short_name }} supports only the following character sets: - Single-byte character sets: US7ASCII, WE8DEC, WE8MSWIN1252, and @@ -48,7 +48,7 @@ The following example sends the log messages into an Oracle database running on the logserver host, which must be set in the /etc/tnsnames.ora file. The messages are inserted into the LOGS database, the name of the table includes the exact date when the -messages were sent. The syslog-ng application automatically creates the +messages were sent. The {{ site.product.short_name }} application automatically creates the required tables and columns, if the user account used to connect to the database has the required privileges. diff --git a/doc/_admin-guide/070_Destinations/270_sql/001_Using_sql_driver_with_MSSQL.md b/doc/_admin-guide/070_Destinations/270_sql/001_Using_sql_driver_with_MSSQL.md index f03fbbff..f2e6ed29 100644 --- a/doc/_admin-guide/070_Destinations/270_sql/001_Using_sql_driver_with_MSSQL.md +++ b/doc/_admin-guide/070_Destinations/270_sql/001_Using_sql_driver_with_MSSQL.md @@ -7,13 +7,13 @@ The mssql database driver can access Microsoft SQL (MSSQL) destinations. This driver has some special aspects that are important to note. - The date format used by the MSSQL database must be explicitly set in - the /etc/locales.conf file of the syslog-ng server. For details, see + the /etc/locales.conf file of the {{ site.product.short_name }} server. For details, see the following example. - As certain database versions limit the maximum length of table names, macros in the table names should be used with care. -- In the current version of syslog-ng OSE, the types of database +- In the current version of {{ site.product.short_name }}, the types of database columns must be explicitly set for the MSSQL destination. {% include doc/admin-guide/warnings/mssql-columns.md %} @@ -34,7 +34,7 @@ This driver has some special aspects that are important to note. The following example sends the log messages into an MSSQL database running on the logserver host. The messages are inserted into the syslogng database, the name of the table includes the exact date when -the messages were sent. The syslog-ng application automatically creates +the messages were sent. The {{ site.product.short_name }} application automatically creates the required tables and columns, if the user account used to connect to the database has the required privileges. @@ -50,7 +50,7 @@ sql(type(mssql) host("logserver") port("1433") ``` The date format used by the MSSQL database must be explicitly set in the -/etc/locales.conf file of the syslog-ng server. Edit or create this file +/etc/locales.conf file of the {{ site.product.short_name }} server. Edit or create this file as needed for your configuration. A sample is provided below. ```config diff --git a/doc/_admin-guide/070_Destinations/270_sql/002_Interaction/001_mssql_specific_interaction_methods.md b/doc/_admin-guide/070_Destinations/270_sql/002_Interaction/001_mssql_specific_interaction_methods.md index 0370b12e..8791ffcc 100644 --- a/doc/_admin-guide/070_Destinations/270_sql/002_Interaction/001_mssql_specific_interaction_methods.md +++ b/doc/_admin-guide/070_Destinations/270_sql/002_Interaction/001_mssql_specific_interaction_methods.md @@ -11,5 +11,5 @@ allow NULL to insert. Give the column as the following example: \"datetime varchar(16) NULL\". The date format used by the MSSQL database must be explicitly set in the -/etc/locales.conf file of the syslog-ng server. **\[default\] date = +/etc/locales.conf file of the {{ site.product.short_name }} server. **\[default\] date = \"%Y-%m-%d %H:%M:%S\"**. diff --git a/doc/_admin-guide/070_Destinations/270_sql/002_Interaction/README.md b/doc/_admin-guide/070_Destinations/270_sql/002_Interaction/README.md index ebf51d55..343a8ef5 100644 --- a/doc/_admin-guide/070_Destinations/270_sql/002_Interaction/README.md +++ b/doc/_admin-guide/070_Destinations/270_sql/002_Interaction/README.md @@ -1,5 +1,5 @@ --- -title: The way syslog-ng interacts with the database +title: The way {{ site.product.short_name }} interacts with the database id: adm-dest-sql-interact --- @@ -7,26 +7,26 @@ id: adm-dest-sql-interact ### Create table -- If the given table does not exist, syslog-ng tries to create it with +- If the given table does not exist, {{ site.product.short_name }} tries to create it with the given column types. -- The syslog-ng OSE application automatically creates the required +- The {{ site.product.short_name }} application automatically creates the required tables and columns, if the user account used to connect to the database has the required privileges. -- If syslog-ng cannot create or alter a table, it tries to do it again +- If {{ site.product.short_name }} cannot create or alter a table, it tries to do it again when it reaches the next time-reopen(). ### Alter table - If the table structure is different from given structure in an - existing table, syslog-ng tries to add columns in this table but + existing table, {{ site.product.short_name }} tries to add columns in this table but never will delete or modify an existing column. -- If syslog-ng OSE cannot create or alter a table, it tries to do it +- If {{ site.product.short_name }} cannot create or alter a table, it tries to do it again when reach the next time-reopen(). -- The syslog-ng OSE application requires read and write access to the +- The {{ site.product.short_name }} application requires read and write access to the SQL table, otherwise it cannot verify that the destination table exists. @@ -37,41 +37,41 @@ id: adm-dest-sql-interact - Inserting the records into the database is performed by a separate thread. -- The syslog-ng OSE application automatically performs the escaping +- The {{ site.product.short_name }} application automatically performs the escaping required to insert the messages into the database. -- If insert returns with error, syslog-ng tries to insert the message +- If insert returns with error, {{ site.product.short_name }} tries to insert the message +two times by default, then drops it. Retrying time is the value of time-reopen(). ## Encoding -The syslog-ng OSE application uses UTF-8 by default when writes logs +The {{ site.product.short_name }} application uses UTF-8 by default when writes logs into database. ## Start/stop and reload ### Start -- The syslog-ng OSE application will connect to database automatically +- The {{ site.product.short_name }} application will connect to database automatically after starting regardless existing incoming messages. ### Stop -- The syslog-ng OSE application will close the connection to database +- The {{ site.product.short_name }} application will close the connection to database before shutting down. ### Possibility of losing logs -- The syslog-ng OSE application cannot lose logs during shutting down +- The {{ site.product.short_name }} application cannot lose logs during shutting down if disk buffer was given and it is not full yet. -- The syslog-ng OSE application cannot lose logs during shutting down +- The {{ site.product.short_name }} application cannot lose logs during shutting down if disk buffer was not given. ### Reload -- The syslog-ng OSE application will close the connection to database +- The {{ site.product.short_name }} application will close the connection to database if it received SIGHUP signal (reload). - It will reconnect to the database when it tries to send a new diff --git a/doc/_admin-guide/070_Destinations/270_sql/003_sql_destination_options.md b/doc/_admin-guide/070_Destinations/270_sql/003_sql_destination_options.md index 4941fdec..2045df64 100644 --- a/doc/_admin-guide/070_Destinations/270_sql/003_sql_destination_options.md +++ b/doc/_admin-guide/070_Destinations/270_sql/003_sql_destination_options.md @@ -21,7 +21,7 @@ has the following options: *Description:* Name of the columns storing the data in fieldname \[dbtype\] format. The \[dbtype\] parameter is optional, and specifies -the type of the field. By default, syslog-ng OSE creates text columns. +the type of the field. By default, {{ site.product.short_name }} creates text columns. Note that not every database engine can index text fields. {% include doc/admin-guide/warnings/mssql-columns.md %} @@ -32,8 +32,7 @@ Note that not every database engine can index text fields. |Default: | empty string| *Description:* Specifies additional SQL options that are appended to the -CREATE statement. That way you can customize what happens when syslog-ng -OSE creates a new table in the database. Consult the documentation of +CREATE statement. That way you can customize what happens when {{ site.product.short_name }} creates a new table in the database. Consult the documentation of your database server for details on the available options. Syntax: ```config @@ -61,8 +60,7 @@ cannot use the same database() settings in more than one destination. | Type: | string| |Default: | empty string| -*Description:* Specify database options that are set whenever syslog-ng -OSE connects to the database server. Consult the documentation of your +*Description:* Specify database options that are set whenever {{ site.product.short_name }} connects to the database server. Consult the documentation of your database server for details on the available options. Syntax: ```config @@ -92,7 +90,7 @@ retrieve the hostname from the /etc/tnsnames.ora file. **NOTE:** If you specify **host=\"localhost\"**, syslog-ng will use a socket to connect to the local database server. Use **host=\"127.0.0.1\"** to -force TCP communication between syslog-ng and the local database server. +force TCP communication between {{ site.product.short_name }} and the local database server. {: .notice--info} To specify the socket to use, set and export the **MYSQL\_UNIX\_PORT** @@ -108,10 +106,10 @@ MYSQL\_UNIX\_PORT**. *Description:* The list of columns that are indexed by the database to speed up searching. To disable indexing for the destination, include the empty indexes() parameter in the destination, simply omitting the -indexes parameter will cause syslog-ng to request indexing on the +indexes parameter will cause {{ site.product.short_name }} to request indexing on the default columns. -The syslog-ng OSE application will create the name of indexes +The {{ site.product.short_name }} application will create the name of indexes automaticaly with the following method: - In case of MsSQL, PostgreSQL, MySQL or SQLite or (Oracle but @@ -189,7 +187,7 @@ NULL as well. | Default:| empty string| *Description:* Specifies one or more SQL-like statement which is -executed after syslog-ng OSE has successfully connected to the database. +executed after {{ site.product.short_name }} has successfully connected to the database. For example: ```config @@ -197,7 +195,7 @@ session-statements("SET COLLATION_CONNECTION='utf8_general_ci'") ``` ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -The syslog-ng OSE application does not validate or limit the contents +The {{ site.product.short_name }} application does not validate or limit the contents of customized queries. Consequently, queries performed with a user with write-access can potentially modify or even harm the database. Use customized queries with care, and only for your own responsibility. diff --git a/doc/_admin-guide/070_Destinations/270_sql/README.md b/doc/_admin-guide/070_Destinations/270_sql/README.md index 9fa0c6d8..47460ef6 100644 --- a/doc/_admin-guide/070_Destinations/270_sql/README.md +++ b/doc/_admin-guide/070_Destinations/270_sql/README.md @@ -20,9 +20,9 @@ and values(). >![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** > ->- The syslog-ng application requires read and write access to the SQL table, +>- The {{ site.product.short_name }} application requires read and write access to the SQL table, > otherwise it cannot verify that the destination table exists. ->- Currently the syslog-ng application has default schemas for the different +>- Currently the {{ site.product.short_name }} application has default schemas for the different > databases and uses these defaults if the database schema (for example, > columns and column types) is not defined in the configuration file. > However, these schemas will be deprecated and specifying the exact @@ -30,13 +30,13 @@ and values(). > >{: .notice--warning} -**NOTE:** In addition to the standard syslog-ng packages, the sql() +**NOTE:** In addition to the standard {{ site.product.short_name }} packages, the sql() destination requires database-specific packages to be installed. These -packages are automatically installed by the binary syslog-ng installer. +packages are automatically installed by the binary {{ site.product.short_name }} installer. {: .notice--info} The table and value parameters can include macros to create tables and -columns dynamically (for details, see Macros of syslog-ng OSE. +columns dynamically (for details, see Macros of {{ site.product.short_name }}. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** When using macros in table names, note that some databases limit the maximum @@ -44,7 +44,7 @@ allowed length of table names. Consult the documentation of the database for det {: .notice--warning} Inserting the records into the database is performed by a separate -thread. The syslog-ng application automatically performs the escaping +thread. The {{ site.product.short_name }} application automatically performs the escaping required to insert the messages into the database. ### Example: Using the sql() driver @@ -52,7 +52,7 @@ required to insert the messages into the database. The following example sends the log messages into a PostgreSQL database running on the logserver host. The messages are inserted into the logs database, the name of the table includes the exact date and the name of -the host sending the messages. The syslog-ng application automatically +the host sending the messages. The {{ site.product.short_name }} application automatically creates the required tables and columns, if the user account used to connect to the database has the required privileges. diff --git a/doc/_admin-guide/070_Destinations/275_stdout/000_stdout_options.md b/doc/_admin-guide/070_Destinations/275_stdout/000_stdout_options.md index 11b8807c..cac0dc54 100644 --- a/doc/_admin-guide/070_Destinations/275_stdout/000_stdout_options.md +++ b/doc/_admin-guide/070_Destinations/275_stdout/000_stdout_options.md @@ -13,7 +13,7 @@ The following options are available for an stdout destiantion. | Type:| time [milliseconds]| | Default: | 10 000 milliseconds| -*Description:* Specifies the time syslog-ng OSE waits for lines to accumulate in the output buffer. The syslog-ng OSE application sends flushes to the destinations evenly. The timer starts when the first message arrives to the buffer, so if only few messages arrive, syslog-ng OSE sends messages to the destination at most once every flush-timeout() seconds. +*Description:* Specifies the time {{ site.product.short_name }} waits for lines to accumulate in the output buffer. The {{ site.product.short_name }} application sends flushes to the destinations evenly. The timer starts when the first message arrives to the buffer, so if only few messages arrive, {{ site.product.short_name }} sends messages to the destination at most once every flush-timeout() seconds. {% include doc/admin-guide/options/frac-digits.md %} diff --git a/doc/_admin-guide/070_Destinations/275_stdout/README.md b/doc/_admin-guide/070_Destinations/275_stdout/README.md index be5ce7ad..953608ed 100644 --- a/doc/_admin-guide/070_Destinations/275_stdout/README.md +++ b/doc/_admin-guide/070_Destinations/275_stdout/README.md @@ -3,7 +3,7 @@ title: 'stdout: Send messages to standard output' short_title: stdout id: am-dest-stdout description: >- - Available in syslog-ng OSE 4.4 or later versions. + Available in {{ site.product.short_name }} 4.4 or later versions. The stdout() destination driver sends messages to the standard output. --- diff --git a/doc/_admin-guide/070_Destinations/280_Stomp/000_Stomp_options.md b/doc/_admin-guide/070_Destinations/280_Stomp/000_Stomp_options.md index 9fa868b9..1ccb62e6 100644 --- a/doc/_admin-guide/070_Destinations/280_Stomp/000_Stomp_options.md +++ b/doc/_admin-guide/070_Destinations/280_Stomp/000_Stomp_options.md @@ -16,8 +16,8 @@ The stomp() destination has the following options: *Description:* Request the STOMP server to acknowledge the receipt of the messages. If you enable this option, then after sending a message, -syslog-ng OSE waits until the server confirms that it has received the -message. This delay can seriously limit the performance of syslog-ng OSE +{{ site.product.short_name }} waits until the server confirms that it has received the +message. This delay can seriously limit the performance of {{ site.product.short_name }} if the message rate is high, and the server cannot acknowledge the messages fast enough. diff --git a/doc/_admin-guide/070_Destinations/280_Stomp/README.md b/doc/_admin-guide/070_Destinations/280_Stomp/README.md index d966fdbf..12048505 100644 --- a/doc/_admin-guide/070_Destinations/280_Stomp/README.md +++ b/doc/_admin-guide/070_Destinations/280_Stomp/README.md @@ -4,8 +4,8 @@ short_title: Stomp id: adm-dest-stomp description: >- The stomp() driver sends messages to servers (message brokers) using the Simple (or Streaming) Text Oriented Message Protocol - (STOMP), formerly known as TTMP. syslog-ng OSE - supports version 1.0 of the STOMP protocol. The syslog-ng OSE stomp() + (STOMP), formerly known as TTMP. {{ site.product.short_name }} + supports version 1.0 of the STOMP protocol. The {{ site.product.short_name }} stomp() driver supports persistence. --- diff --git a/doc/_admin-guide/070_Destinations/290_Sumologic/004_sumologic_syslog_options.md b/doc/_admin-guide/070_Destinations/290_Sumologic/004_sumologic_syslog_options.md index 9630adfc..8db66100 100644 --- a/doc/_admin-guide/070_Destinations/290_Sumologic/004_sumologic_syslog_options.md +++ b/doc/_admin-guide/070_Destinations/290_Sumologic/004_sumologic_syslog_options.md @@ -27,8 +27,7 @@ options. |Default:| \"tag\"| *Description:* Optional. This option specifies the list of tags to add -as the tags fields of Sumo Logic messages. If not specified, syslog-ng -OSE automatically adds the tags already assigned to the message. If you +as the tags fields of Sumo Logic messages. If not specified, {{ site.product.short_name }} automatically adds the tags already assigned to the message. If you set the tag() option, only the tags you specify will be added to the messages. diff --git a/doc/_admin-guide/070_Destinations/290_Sumologic/README.md b/doc/_admin-guide/070_Destinations/290_Sumologic/README.md index 88a5d6c4..913ef0a0 100644 --- a/doc/_admin-guide/070_Destinations/290_Sumologic/README.md +++ b/doc/_admin-guide/070_Destinations/290_Sumologic/README.md @@ -4,7 +4,7 @@ title: 'Sumo Logic destinations: sumologic-http() and short_title: sumologic id: adm-dest-sumologic description: >- - From version 3.27.1, the syslog-ng Open Source Edition (syslog-ng OSE) + From version 3.27.1, the {{ site.product.short_name }} application can send log messages to Sumo Logic, a cloud-based log management and security analytics service, by using the sumologic-http() and sumologic-syslog() destinations. @@ -13,7 +13,7 @@ description: >- ## Prerequisites Currently, using the sumologic-http() and sumologic-syslog() -destinations with syslog-ng OSE has the following prerequisites: +destinations with {{ site.product.short_name }} has the following prerequisites: - A Sumo Logic account. @@ -46,17 +46,17 @@ destinations with syslog-ng OSE has the following prerequisites: {: .notice--info} - Your Sumo Logic syslog client, configured to send data to the Sumo - Logic cloud syslog service, by using syslog-ng OSE. + Logic cloud syslog service, by using {{ site.product.short_name }}. For detailed information, follow the instructions under the Send - data to cloud syslog source with syslog-ng section on the official Sumo Logic website. + data to cloud syslog source with {{ site.product.short_name }} section on the official Sumo Logic website. - A verified connection and client configuration with the Sumo Logic service. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** To avoid potential data loss, One Identity strongly recommends that you verify your connection and client configuration with the Sumo Logic service before you start using the sumologic-http() or sumologic-syslog() destination - with syslog-ng OSE in a production environment. + with {{ site.product.short_name }} in a production environment. {: .notice--warning} - (Optional) For using the sumologic-http() destination, you need a @@ -73,9 +73,9 @@ destinations with syslog-ng OSE has the following prerequisites: ## Limitations Currently, using the sumologic-syslog() and sumologic-http() -destinations with syslog-ng OSE has the following limitations: +destinations with {{ site.product.short_name }} has the following limitations: -- The minimum required version of syslog-ng OSE is version 3.27.1. +- The minimum required version of {{ site.product.short_name }} is version 3.27.1. - Message format must be in RFC-5424 compliant form. Messages over 64KB in length are truncated. @@ -118,7 +118,7 @@ destination d_sumo_syslog { ## Using the sumologic() driver To use the sumologic() driver, the scl.conf file must be included in -your syslog-ng OSE configuration: +your {{ site.product.short_name }} configuration: ```config @include "scl.conf" diff --git a/doc/_admin-guide/070_Destinations/300_syslog/000_syslog_destination_options.md b/doc/_admin-guide/070_Destinations/300_syslog/000_syslog_destination_options.md index 47cd6329..cdf8455c 100644 --- a/doc/_admin-guide/070_Destinations/300_syslog/000_syslog_destination_options.md +++ b/doc/_admin-guide/070_Destinations/300_syslog/000_syslog_destination_options.md @@ -4,7 +4,7 @@ id: adm-dest-syslog-opt --- The syslog() driver sends messages to a remote host (for example, a -syslog-ng server or relay) on the local intranet or internet using the +{{ site.product.short_name }} server or relay) on the local intranet or internet using the RFC-5424 syslog protocol developed by IETF (for details about the protocol, see IETF-syslog messages). The protocol supports sending messages using the UDP, TCP, or diff --git a/doc/_admin-guide/070_Destinations/300_syslog/README.md b/doc/_admin-guide/070_Destinations/300_syslog/README.md index 657826bb..d8894fff 100644 --- a/doc/_admin-guide/070_Destinations/300_syslog/README.md +++ b/doc/_admin-guide/070_Destinations/300_syslog/README.md @@ -5,7 +5,7 @@ short_title: syslog id: adm-dest-syslog description: >- The syslog() driver sends messages to a remote host (for example, a - syslog-ng server or relay) on the local intranet or internet using the + {{ site.product.short_name }} server or relay) on the local intranet or internet using the new standard syslog protocol developed by IETF (for details about the new protocol, see IETF-syslog messages.) @@ -15,7 +15,7 @@ description: >- The required arguments of the driver are the address of the destination host (where messages should be sent). The transport method (networking -protocol) is optional, syslog-ng uses the TCP protocol by default. For +protocol) is optional, {{ site.product.short_name }} uses the TCP protocol by default. For the list of available optional parameters, see syslog() destination options. diff --git a/doc/_admin-guide/070_Destinations/310_syslog-ng/000_syslog-ng_destination_options.md b/doc/_admin-guide/070_Destinations/310_syslog-ng/000_syslog-ng_destination_options.md index d157dbf4..0464e413 100644 --- a/doc/_admin-guide/070_Destinations/310_syslog-ng/000_syslog-ng_destination_options.md +++ b/doc/_admin-guide/070_Destinations/310_syslog-ng/000_syslog-ng_destination_options.md @@ -46,7 +46,7 @@ the TCP514 port of the server. | Type:| hostname or IP address| |Default: | 127.0.0.1| -*Description:* The hostname or IP address of the syslog-ng server. +*Description:* The hostname or IP address of the {{ site.product.short_name }} server. {% include doc/admin-guide/options/so-broadcast.md %} diff --git a/doc/_admin-guide/070_Destinations/310_syslog-ng/README.md b/doc/_admin-guide/070_Destinations/310_syslog-ng/README.md index cf923d1f..2d7f7ebb 100644 --- a/doc/_admin-guide/070_Destinations/310_syslog-ng/README.md +++ b/doc/_admin-guide/070_Destinations/310_syslog-ng/README.md @@ -1,15 +1,15 @@ --- -title: 'syslog-ng(): Forward logs to another syslog-ng node' +title: 'syslog-ng(): Forward logs to another {{ site.product.short_name }} node' short_title: syslog-ng id: adm-dest-syslogng description: >- The syslog-ng() destination driver forwards log messages to another - syslog-ng node in EWMM format. + {{ site.product.short_name }} node in EWMM format. --- The Enterprise-wide message model (EWMM) allows you to deliver structured messages from the initial -receiving syslog-ng component right up to the central log server, +receiving {{ site.product.short_name }} component right up to the central log server, through any number of hops. It does not matter if you parse the messages on the client, on a relay, or on the central server, their structured results will be available where you store the messages. Optionally, you diff --git a/doc/_admin-guide/070_Destinations/320_tcp_tcp6_udp_udp6/README.md b/doc/_admin-guide/070_Destinations/320_tcp_tcp6_udp_udp6/README.md index 9bb26bc5..68532e86 100644 --- a/doc/_admin-guide/070_Destinations/320_tcp_tcp6_udp_udp6/README.md +++ b/doc/_admin-guide/070_Destinations/320_tcp_tcp6_udp_udp6/README.md @@ -18,6 +18,6 @@ use the network() driver, see Change an old destination driver to the network() driver. The tcp(), tcp6(), udp(), and udp6() drivers send messages to another -host (for example, a syslog-ng server or relay) on the local intranet or +host (for example, a {{ site.product.short_name }} server or relay) on the local intranet or internet using the UDP or TCP protocol. The tcp6() and udp6() drivers use the IPv6 network protocol. diff --git a/doc/_admin-guide/070_Destinations/330_Telegram/000_Telegram_options.md b/doc/_admin-guide/070_Destinations/330_Telegram/000_Telegram_options.md index f88ac69d..b61732b3 100644 --- a/doc/_admin-guide/070_Destinations/330_Telegram/000_Telegram_options.md +++ b/doc/_admin-guide/070_Destinations/330_Telegram/000_Telegram_options.md @@ -72,7 +72,7 @@ that the message is formatted in markdown style. | Type: | string| | Default: | ${MESSAGE} \\\") -*Description:* Specifies the content of the message. The syslog-ng OSE +*Description:* Specifies the content of the message. The {{ site.product.short_name }} application will automatically encode the content of this option using the url-encode() template function. diff --git a/doc/_admin-guide/070_Destinations/360_Custom_destinations.md b/doc/_admin-guide/070_Destinations/360_Custom_destinations.md index f221c345..df599bf1 100644 --- a/doc/_admin-guide/070_Destinations/360_Custom_destinations.md +++ b/doc/_admin-guide/070_Destinations/360_Custom_destinations.md @@ -3,20 +3,20 @@ title: Write your own custom destination in Java or Python short_title: Custom destinations id: adm-dest-custom description: >- - The syslog-ng OSE application is open source, so if you have the + The {{ site.product.short_name }} application is open source, so if you have the necessary programming skills, you can extend it if its features are not adequate for your particular environment or needs. You can write - destinations and other extensions to syslog-ng OSE in C (the main - language of syslog-ng OSE), or using its language bindings, for example, + destinations and other extensions to {{ site.product.short_name }} in C (the main + language of {{ site.product.short_name }}), or using its language bindings, for example, Java or Python. --- -- For details on extending syslog-ng OSE in Python, see +- For details on extending {{ site.product.short_name }} in Python, see [[python: writing custom Python destinations]]. -- For details on extending syslog-ng OSE in Java, see the Getting started with implementing Java destinations +- For details on extending {{ site.product.short_name }} in Java, see the Getting started with implementing Java destinations **NOTE:** If you delete all Java destinations from your configuration and -reload syslog-ng, the JVM is not used anymore, but it is still running. -If you want to stop JVM, stop syslog-ng and then start syslog-ng again. +reload {{ site.product.short_name }}, the JVM is not used anymore, but it is still running. +If you want to stop JVM, stop {{ site.product.short_name }} and then start {{ site.product.short_name }} again. {: .notice--info} diff --git a/doc/_admin-guide/070_Destinations/370_Client_side_failover.md b/doc/_admin-guide/070_Destinations/370_Client_side_failover.md index 8b46e5a2..665295ff 100644 --- a/doc/_admin-guide/070_Destinations/370_Client_side_failover.md +++ b/doc/_admin-guide/070_Destinations/370_Client_side_failover.md @@ -2,36 +2,36 @@ title: Client-side failover id: adm-dest-failover description: >- - syslog-ng OSE can detect if the remote server of a network destination + {{ site.product.short_name }} can detect if the remote server of a network destination becomes inaccessible, and start sending messages to a secondary server. You can configure multiple failover servers, so if the secondary server - becomes inaccessible as well, syslog-ng OSE switches to the third server + becomes inaccessible as well, {{ site.product.short_name }} switches to the third server in the list, and so on. If there are no more failover servers left, - syslog-ng OSE returns to the beginning of a list and attempts to connect + {{ site.product.short_name }} returns to the beginning of a list and attempts to connect to the primary server. --- The primary server is the address you provided in the destination driver -configuration and it has a special role. syslog-ng OSE nominates this +configuration and it has a special role. {{ site.product.short_name }} nominates this destination over the failover servers, and handles it as the primary address. -When syslog-ng OSE starts up, it always connects to the primary server +When {{ site.product.short_name }} starts up, it always connects to the primary server first. In the failover() option there is a possibility to customize the failover modes. -Depending on how you set the failback() option, syslog-ng OSE behaves as +Depending on how you set the failback() option, {{ site.product.short_name }} behaves as follows: -- **round-robin mode**: If failback() is not set, syslog-ng OSE does +- **round-robin mode**: If failback() is not set, {{ site.product.short_name }} does not attempt to return to the primary server even if it becomes - available. In case the failover server fails, syslog-ng OSE attempts + available. In case the failover server fails, {{ site.product.short_name }} attempts to connect the next failover server in the list in round-robin fashion. Example: round-robin mode - In the following example syslog-ng OSE handles the logservers in + In the following example {{ site.product.short_name }} handles the logservers in round-robin fashion if the primary logserver becomes inaccessible (therefore failback() option is not set). @@ -45,18 +45,18 @@ follows: }; ``` -- **failback mode**: If failback() is set, syslog-ng OSE attempts to +- **failback mode**: If failback() is set, {{ site.product.short_name }} attempts to return to the primary server. - After syslog-ng OSE connects a secondary server during a failover, + After {{ site.product.short_name }} connects a secondary server during a failover, it sends a probe every tcp-probe-interval() seconds towards the primary server. If the primary logserver responds with a TCP ACK packet, the probe is successful. When the number of successful probes reaches the value set in the successful-probes-required() - option, syslog-ng OSE tries to connect the primary server using the + option, {{ site.product.short_name }} tries to connect the primary server using the last probe. - **NOTE:** syslog-ng OSE always waits for the result of the last probe + **NOTE:** {{ site.product.short_name }} always waits for the result of the last probe before sending the next message. So if one connection attempt takes longer than the configured interval, that is, it waits for connection time out, you may experience longer intervals between @@ -65,7 +65,7 @@ follows: Example: failback mode - In the following example syslog-ng OSE attempts to return to the + In the following example {{ site.product.short_name }} attempts to return to the primary logserver, as set in the failback() option: it will check if the server is accessible every tcp-probe-interval() seconds, and reconnect to the primary logserver after three successful connection @@ -87,15 +87,15 @@ follows: }; ``` -If syslog-ng OSE is restarted, it attempts to connect the primary +If {{ site.product.short_name }} is restarted, it attempts to connect the primary server. -If syslog-ng OSE uses TLS-encryption to communicate with the remote -server, syslog-ng OSE checks the certificate of the failover server as +If {{ site.product.short_name }} uses TLS-encryption to communicate with the remote +server, {{ site.product.short_name }} checks the certificate of the failover server as well. The certificates of the failover servers should match their domain names or IP addresses --- for details, see Encrypting log messages with TLS. -Note that when mutual authentication is used, the syslog-ng OSE client sends the +Note that when mutual authentication is used, the {{ site.product.short_name }} client sends the same certificate to every server. The primary server and the failover servers must be accessible with the diff --git a/doc/_admin-guide/070_Destinations/README.md b/doc/_admin-guide/070_Destinations/README.md index 2537e839..de90f440 100644 --- a/doc/_admin-guide/070_Destinations/README.md +++ b/doc/_admin-guide/070_Destinations/README.md @@ -49,14 +49,13 @@ destination d_tcp { problems with most destination types. Instead, use filters and log paths to avoid such situations. - Sources and destinations are initialized only when they are used in a log - statement. For example, syslog-ng OSE starts listening on a port or starts + statement. For example, {{ site.product.short_name }} starts listening on a port or starts polling a file only if the source is used in a log statement. For details on creating log statements, see [[log: Filter and route log messages using log paths, flags, and filters]] {: .notice--warning} -The following section lists the destination drivers available in syslog-ng -OSE. If these destinations do not satisfy your needs, you can extend -syslog-ng OSE and write your own destination, for example, in C, Java, +The following section lists the destination drivers available in {{ site.product.short_name }}. If these destinations do not satisfy your needs, you can extend +{{ site.product.short_name }} and write your own destination, for example, in C, Java, or Python. For details, see Write your own custom destination in Java or Python. diff --git a/doc/_admin-guide/080_Log/000_Log_paths/000_Embedded_log_statements/README.md b/doc/_admin-guide/080_Log/000_Log_paths/000_Embedded_log_statements/README.md index 80151c7a..a9de4850 100644 --- a/doc/_admin-guide/080_Log/000_Log_paths/000_Embedded_log_statements/README.md +++ b/doc/_admin-guide/080_Log/000_Log_paths/000_Embedded_log_statements/README.md @@ -2,7 +2,7 @@ title: Embedded log statements id: adm-log-emb-log description: >- - Starting from version 3.0, syslog-ng can handle embedded log statements + Starting from version 3.0, {{ site.product.short_name }} can handle embedded log statements (also called log pipes). Embedded log statements are useful for creating complex, multi-level log paths with several destinations and use filters, parsers, and rewrite rules. diff --git a/doc/_admin-guide/080_Log/000_Log_paths/002_Junctions_and_channels.md b/doc/_admin-guide/080_Log/000_Log_paths/002_Junctions_and_channels.md index e3850e78..90827929 100644 --- a/doc/_admin-guide/080_Log/000_Log_paths/002_Junctions_and_channels.md +++ b/doc/_admin-guide/080_Log/000_Log_paths/002_Junctions_and_channels.md @@ -50,7 +50,7 @@ junction { For example, suppose that you have a single network source that receives log messages from different devices, and some devices send messages that are not RFC-compliant (some routers are notorious for that). To solve -this problem in earlier versions of syslog-ng OSE, you had to create two +this problem in earlier versions of {{ site.product.short_name }}, you had to create two different network sources using different IP addresses or ports: one that received the RFC-compliant messages, and one that received the improperly formatted messages (for example, using the @@ -120,8 +120,8 @@ log { }; ``` -**NOTE:** syslog-ng OSE has several parsers that you can use to parse -non-compliant messages. You can even [[write a custom syslog-ng parser in Python|adm-parser-python]]. +**NOTE:** {{ site.product.short_name }} has several parsers that you can use to parse +non-compliant messages. You can even [[write a custom {{ site.product.short_name }} parser in Python|adm-parser-python]]. For details, see [[parser: Parse and segment structured messages]]. {: .notice--info} diff --git a/doc/_admin-guide/080_Log/000_Log_paths/003_Log_path_flags.md b/doc/_admin-guide/080_Log/000_Log_paths/003_Log_path_flags.md index 2a1631f6..45934616 100644 --- a/doc/_admin-guide/080_Log/000_Log_paths/003_Log_path_flags.md +++ b/doc/_admin-guide/080_Log/000_Log_paths/003_Log_path_flags.md @@ -2,7 +2,7 @@ title: Log path flags id: adm-log-path-flags description: >- - Flags influence the behavior of syslog-ng, and the way it processes + Flags influence the behavior of {{ site.product.short_name }}, and the way it processes messages. The following flags may be used in the log paths, as described in Log paths. --- @@ -12,10 +12,10 @@ description: >- | Flag | Description | |---|---| | catchall | This flag means that the source of the message is ignored, only the filters of the log path are taken into account when matching messages. A log statement using the catchall flag processes every message that arrives to any of the defined sources. | -| drop-unmatched | This flag means that the message is dropped along a log path when it does not match a filter or is discarded by a parser. Without using the drop-unmatched flag, syslog-ng OSE would continue to process the message along alternative paths.| +| drop-unmatched | This flag means that the message is dropped along a log path when it does not match a filter or is discarded by a parser. Without using the drop-unmatched flag, {{ site.product.short_name }} would continue to process the message along alternative paths.| | fallback | This flag makes a log statement \'fallback\'. Fallback log statements process messages that were not processed by other, \'non-fallback\' log statements. Processed means that every filter of a log path matched the message. Note that in the case of embedded log paths, the message is considered to be processed if it matches the filters of the outer log path, even if it does not match the filters of the embedded log path. For details, see [[Example: Using log path flags]]. | -| final | This flag means that the processing of log messages processed by the log statement ends here, other log statements appearing later in the configuration file will not process the messages processed by the log statement labeled as \'final\'. Note that this does not necessarily mean that matching messages will be stored only once, as there can be matching log statements processed before the current one (syslog-ng OSE evaluates log statements in the order they appear in the configuration file). Processed means that every filter of a log path matched the message. Note that in the case of embedded log paths, the message is considered to be processed if it matches the filters of the outer log path, even if it does not match the filters of the embedded log path. For details, see [[Example: Using log path flags]]. | -| flow-control | Enables flow-control to the log path, meaning that syslog-ng will stop reading messages from the sources of this log statement if the destinations are not able to process the messages at the required speed. If disabled, syslog-ng will drop messages if the destination queues are full. If enabled, syslog-ng will only drop messages if the destination queues/window sizes are improperly sized. For details, see Managing incoming and outgoing messages with flow-control.| +| final | This flag means that the processing of log messages processed by the log statement ends here, other log statements appearing later in the configuration file will not process the messages processed by the log statement labeled as \'final\'. Note that this does not necessarily mean that matching messages will be stored only once, as there can be matching log statements processed before the current one ({{ site.product.short_name }} evaluates log statements in the order they appear in the configuration file). Processed means that every filter of a log path matched the message. Note that in the case of embedded log paths, the message is considered to be processed if it matches the filters of the outer log path, even if it does not match the filters of the embedded log path. For details, see [[Example: Using log path flags]]. | +| flow-control | Enables flow-control to the log path, meaning that {{ site.product.short_name }} will stop reading messages from the sources of this log statement if the destinations are not able to process the messages at the required speed. If disabled, {{ site.product.short_name }} will drop messages if the destination queues are full. If enabled, {{ site.product.short_name }} will only drop messages if the destination queues/window sizes are improperly sized. For details, see Managing incoming and outgoing messages with flow-control.| ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** The final, fallback, and catchall flags apply only for the @@ -26,7 +26,7 @@ top-level log paths, they have no effect on embedded log paths. Let\'s suppose that you have two hosts (myhost\_A and myhost\_B) that run two applications each (application\_A and application\_B), and you -collect the log messages to a central syslog-ng server. On the server, +collect the log messages to a central {{ site.product.short_name }} server. On the server, you create two log paths: - one that processes only the messages sent by myhost\_A, and @@ -47,7 +47,7 @@ running on myhost\_B will not be processed at all. in this case, the messages of application\_B running on myhost\_B. - Adding a fourth log path with the catchall flag would process every - message received by the syslog-ng server. + message received by the {{ site.product.short_name }} server. ```config log { source(s_localhost); destination(d_file); flags(catchall); }; @@ -56,10 +56,10 @@ running on myhost\_B will not be processed at all. The following example shows a scenario that can result in message loss. Do NOT use such a configuration, unless you know exactly what you are doing. The problem is if a message matches the filters in the first part -of the first log path, syslog-ng OSE treats the message as +of the first log path, {{ site.product.short_name }} treats the message as \'processed\'. Since the first log path includes the final flag, -syslog-ng OSE will not pass the message to the second log path (the one -with the fallback flag). As a result, syslog-ng OSE drops messages that +{{ site.product.short_name }} will not pass the message to the second log path (the one +with the fallback flag). As a result, {{ site.product.short_name }} drops messages that do not match the filter of the embedded log path. ```config @@ -90,7 +90,7 @@ log { ## Example: Using the drop-unmatched flag In the following example, if a log message arrives whose ${MSG} part does -not contain the string foo, then syslog-ng OSE will discard the message +not contain the string foo, then {{ site.product.short_name }} will discard the message and will not check compliance with the second if condition. ```config @@ -108,6 +108,6 @@ if { ... ``` -(Without the drop-unmatched flag, syslog-ng OSE would check if the +(Without the drop-unmatched flag, {{ site.product.short_name }} would check if the message complies with the second if condition, that is, whether or not the message contains the string bar .) diff --git a/doc/_admin-guide/080_Log/000_Log_paths/README.md b/doc/_admin-guide/080_Log/000_Log_paths/README.md index 9b2c3082..a5bd61e7 100644 --- a/doc/_admin-guide/080_Log/000_Log_paths/README.md +++ b/doc/_admin-guide/080_Log/000_Log_paths/README.md @@ -7,7 +7,7 @@ description: >- matching all the filters are sent to the listed destinations. --- -To define a log path, add a log statement to the syslog-ng configuration +To define a log path, add a log statement to the {{ site.product.short_name }} configuration file using the following syntax: **Declaration** diff --git a/doc/_admin-guide/080_Log/010_Flow_control/000_Flow_control_multiple_destinations.md b/doc/_admin-guide/080_Log/010_Flow_control/000_Flow_control_multiple_destinations.md index 7021a5ea..238a61b0 100644 --- a/doc/_admin-guide/080_Log/010_Flow_control/000_Flow_control_multiple_destinations.md +++ b/doc/_admin-guide/080_Log/010_Flow_control/000_Flow_control_multiple_destinations.md @@ -6,7 +6,7 @@ description: >- messages of the source are sent to multiple destinations. If flow-control is in use and one of the destinations cannot accept the messages, the other destinations do not receive any messages either, - because syslog-ng stops reading the source. For example, if messages + because {{ site.product.short_name }} stops reading the source. For example, if messages from a source are sent to a remote server and also stored locally in a file, and the network connection to the server becomes unavailable, neither the remote server nor the local file will receive any messages. diff --git a/doc/_admin-guide/080_Log/010_Flow_control/001_Configuring_flow_control.md b/doc/_admin-guide/080_Log/010_Flow_control/001_Configuring_flow_control.md index e1290bf1..7502e20b 100644 --- a/doc/_admin-guide/080_Log/010_Flow_control/001_Configuring_flow_control.md +++ b/doc/_admin-guide/080_Log/010_Flow_control/001_Configuring_flow_control.md @@ -8,10 +8,10 @@ description: >- The summary of the main points is as follows: -- The syslog-ng application normally reads a maximum of +- The {{ site.product.short_name }} application normally reads a maximum of log-fetch-limit() number of messages from a source. -- From TCP and unix-stream sources, syslog-ng reads a maximum of +- From TCP and unix-stream sources, {{ site.product.short_name }} reads a maximum of log-fetch-limit() from every connection of the source. The number of connections to the source is set using the max-connections() parameter. @@ -34,7 +34,7 @@ The summary of the main points is as follows: The dynamic control window is automatically distributed among the active connections of the source. -- If the control window is full, syslog-ng stops reading messages from +- If the control window is full, {{ site.product.short_name }} stops reading messages from the source until some messages are successfully sent to the destination. @@ -48,7 +48,7 @@ do not forget to adjust the log-iw-size() and dynamic-window-size() parameters a ### Example: Sizing parameters for flow-control -Suppose that syslog-ng has a source that must accept up to 300 parallel +Suppose that {{ site.product.short_name }} has a source that must accept up to 300 parallel connections. Such situation can arise when a network source receives connections from many clients, or if many applications log to the same socket. @@ -64,7 +64,7 @@ max-connections()\*log-fetch-limit() messages to be able to read every incoming message of a poll loop. In the current example this means that log-iw-size() should be greater than **300\*10=3000**. If the control window is smaller than this value, the control window might fill up with -messages from the first connections --- causing syslog-ng to read only +messages from the first connections --- causing {{ site.product.short_name }} to read only one message of the last connections in every poll loop. The output buffer of the destination must accommodate at least diff --git a/doc/_admin-guide/080_Log/010_Flow_control/README.md b/doc/_admin-guide/080_Log/010_Flow_control/README.md index 8fabe75a..161adf46 100644 --- a/doc/_admin-guide/080_Log/010_Flow_control/README.md +++ b/doc/_admin-guide/080_Log/010_Flow_control/README.md @@ -4,20 +4,20 @@ short_title: Managing incoming and outgoing messages id: adm-log-flow description: >- This section describes the internal message-processing model of - syslog-ng, as well as the flow-control feature that can prevent message + {{ site.product.short_name }}, as well as the flow-control feature that can prevent message losses. --- -The syslog-ng application monitors (polls) the sources defined in its +The {{ site.product.short_name }} application monitors (polls) the sources defined in its configuration file, periodically checking each source for messages. When -a log message is found in one of the sources, syslog-ng polls every +a log message is found in one of the sources, {{ site.product.short_name }} polls every source and reads the available messages. These messages are processed -and put into the output buffer of syslog-ng (also called fifo). From the +and put into the output buffer of {{ site.product.short_name }} (also called fifo). From the output buffer, the operating system sends the messages to the appropriate destinations. In large-traffic environments many messages can arrive during a single -poll loop, therefore syslog-ng reads only a fixed number of messages +poll loop, therefore {{ site.product.short_name }} reads only a fixed number of messages from each source. The log-fetch-limit() option specifies the number of messages read during a poll loop from a single source. @@ -27,7 +27,7 @@ messages read during a poll loop from a single source. TCP and unix-stream sources can receive the logs from several incoming connections (for example, many different clients or applications). For -such sources, syslog-ng reads messages from every connection, thus the +such sources, {{ site.product.short_name }} reads messages from every connection, thus the log-fetch-limit() parameter applies individually to every connection of the source. @@ -48,7 +48,7 @@ the incoming messages of every source. ## Log paths with flow-control -The syslog-ng application uses flow-control in the following cases: +The {{ site.product.short_name }} application uses flow-control in the following cases: - Hard flow-control: the flow-control flag is enabled for the particular log path. @@ -56,24 +56,24 @@ The syslog-ng application uses flow-control in the following cases: - Soft flow-control: the log path includes a file destination. **NOTE:** The way flow-control works has changed significantly in version -syslog-ng OSE 3.22. If you are using an older version of syslog-ng OSE, +{{ site.product.short_name }} 3.22. If you are using an older version of {{ site.product.short_name }}, consult the documentation of the version you are using for details about flow-control. {: .notice--info} -The flow-control of syslog-ng introduces a control window to the source -that tracks how many messages can syslog-ng accept from the source. -Every message that syslog-ng reads from the source lowers the window -size by one, every message that syslog-ng successfully sends from the +The flow-control of {{ site.product.short_name }} introduces a control window to the source +that tracks how many messages can {{ site.product.short_name }} accept from the source. +Every message that {{ site.product.short_name }} reads from the source lowers the window +size by one, every message that {{ site.product.short_name }} successfully sends from the output buffer increases the window size by one. If the window is full -(that is, its size decreases to zero), syslog-ng stops reading messages +(that is, its size decreases to zero), {{ site.product.short_name }} stops reading messages from the source. The initial size of the control window is by default 100. If a source accepts messages from multiple connections, all messages use the same control window. -When using flow-control, syslog-ng automatically sets the size of the +When using flow-control, {{ site.product.short_name }} automatically sets the size of the output buffer so that it matches the size of the control window of the -sources. Note that starting with syslog-ng OSE 3.22, log-fifo-size() +sources. Note that starting with {{ site.product.short_name }} 3.22, log-fifo-size() only affects log paths that are not flow-controlled. **NOTE:** If the source can handle multiple connections (for example, @@ -86,15 +86,15 @@ window is applied to each connection of the source. In addition to the static control window set using the log-iw-size() option, you can also allocate a dynamic window to the source. The -syslog-ng application uses this window to dynamically increase the +{{ site.product.short_name }} application uses this window to dynamically increase the static window of the active connections. The dynamic window is distributed evenly among the active connections of the source. The -syslog-ng application periodically checks which connections of the +{{ site.product.short_name }} application periodically checks which connections of the source are active, and redistributes the dynamic window. If only one of the connections is active, it receives the entire dynamic window, while other connections receive only their share of the static window. -Using dynamic flow-control on your syslog-ng server is useful when the +Using dynamic flow-control on your {{ site.product.short_name }} server is useful when the source has lots of connections, but only a small subset of the active clients send messages at high rate, and the memory of the syslog-ng server is limited. In other cases, it is currently not recommended, @@ -177,28 +177,28 @@ log { ## Handling outgoing messages -The syslog-ng application handles outgoing messages the following way: +The {{ site.product.short_name }} application handles outgoing messages the following way: -### Figure 16: Handling outgoing messages in syslog-ng OSE +### Figure 16: Handling outgoing messages in {{ site.product.short_name }} ![]({{ adm_img_folder | append: 'disk-buffer-diagram-normal.png'}}) - *Output queue*: Messages from the output queue are sent to the - target syslog-ng server. The syslog-ng application puts the outgoing + target {{ site.product.short_name }} server. The {{ site.product.short_name }} application puts the outgoing messages directly into the output queue, unless the output queue is full. The output queue can hold 64 messages, this is a fixed value and cannot be modified. - *Disk buffer*: If the output queue is full and disk-buffering is - enabled, syslog-ng puts the outgoing messages into the disk buffer + enabled, {{ site.product.short_name }} puts the outgoing messages into the disk buffer of the destination. - *Overflow queue*: If the output queue is full and the disk buffer is - disabled or full, syslog-ng puts the outgoing messages into the + disabled or full, {{ site.product.short_name }} puts the outgoing messages into the overflow queue of the destination. (The overflow queue is identical to the output buffer used by other destinations.) The log-fifo-size() parameter specifies the number of messages stored in the overflow queue, unless flow-control is enabled. When dynamic - flow-control is enabled, syslog-ng sets the size of the overflow + flow-control is enabled, {{ site.product.short_name }} sets the size of the overflow queue automatically. For details on sizing the log-fifo-size() parameter, see Configuring flow-control. diff --git a/doc/_admin-guide/080_Log/020_Buffering/000_Enabling_reliable_diskbuffer.md b/doc/_admin-guide/080_Log/020_Buffering/000_Enabling_reliable_diskbuffer.md index aae803a2..42ba3934 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/000_Enabling_reliable_diskbuffer.md +++ b/doc/_admin-guide/080_Log/020_Buffering/000_Enabling_reliable_diskbuffer.md @@ -6,7 +6,7 @@ id: adm-log-diskbuff-reliable To enable reliable disk-based buffering, use the **disk-buffer(reliable(yes))** parameter in the destination. Use reliable disk-based buffering if you do not want to lose logs in case of -reload/restart, unreachable destination or syslog-ng OSE crash. This +reload/restart, unreachable destination or {{ site.product.short_name }} crash. This solution provides a slower, but reliable disk-buffer option. It is created and initialized at startup and gradually grows as new messages arrive. The filename of the reliable disk buffer file is the following: diff --git a/doc/_admin-guide/080_Log/020_Buffering/001_Enabling_normal_diskbuffer.md b/doc/_admin-guide/080_Log/020_Buffering/001_Enabling_normal_diskbuffer.md index 287537a7..6e8f820b 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/001_Enabling_normal_diskbuffer.md +++ b/doc/_admin-guide/080_Log/020_Buffering/001_Enabling_normal_diskbuffer.md @@ -8,7 +8,7 @@ created. To explicitly enable the normal disk-buffer option, use the disk-buffer(reliable(no)) parameter in the destination. Use the normal disk-buffer option if you want a solution that is faster than the reliable disk-buffer option. In this case, the process will be less -reliable and it is possible to lose logs in case of syslog-ng OSE crash. +reliable and it is possible to lose logs in case of {{ site.product.short_name }} crash. The filename of the normal disk-buffer file is the following: \/var/syslog-ng-00000.qf. diff --git a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/000_Information.md b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/000_Information.md index 1da158aa..fd2a867e 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/000_Information.md +++ b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/000_Information.md @@ -3,11 +3,11 @@ title: Information about disk-buffer files id: adm-log-diskbuff-info description: >- This section describes information about disk-buffer files used in - syslog-ng Open Source Edition (syslog-ng OSE). + {{ site.product.short_name }}. --- The following list contains information about how disk-buffer files are -used in syslog-ng OSE: +used in {{ site.product.short_name }}: - You can configure disk-buffer() for a remote destination in the destination() statement. @@ -16,11 +16,11 @@ used in syslog-ng OSE: for a remote destination in the destination() statement, see disk-buffer(). -- By default, syslog-ng OSE creates disk-buffer files under +- By default, {{ site.product.short_name }} creates disk-buffer files under /opt/syslog-ng/var directory, unless dir() option is set in disk-buffer(). -- The filenames are generated automatically by syslog-ng OSE with the +- The filenames are generated automatically by {{ site.product.short_name }} with the extensions .qf for a normal disk-buffer and .rqf for a reliable disk-buffer. diff --git a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/001_Status_information.md b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/001_Status_information.md index 479c51a1..784e7be3 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/001_Status_information.md +++ b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/001_Status_information.md @@ -3,13 +3,13 @@ title: Getting the status information of disk-buffer files id: adm-log-diskbuff-status description: >- This section describes getting the status information of the disk-buffer - files used in syslog-ng Open Source Edition (syslog-ng OSE). + files used in {{ site.product.short_name }}. --- ## Command syntax The basic command syntax for getting the status information of the -disk-buffer files used in syslog-ng OSE looks like the following: +disk-buffer files used in {{ site.product.short_name }} looks like the following: ```bash dqtoolinfo DISK-BUFFER_FILE diff --git a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/002_List.md b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/002_List.md index 6875beb0..e8bc2abe 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/002_List.md +++ b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/002_List.md @@ -3,10 +3,10 @@ title: Getting the list of disk-buffer files id: adm-log-diskbuff-list description: >- This section describes getting the list of disk-buffer files used in - syslog-ng Open Source Edition(syslog-ng OSE). + {{ site.product.short_name }}. --- -The syslog-ng OSE application stores information (namely, the IP:PORT or +The {{ site.product.short_name }} application stores information (namely, the IP:PORT or DNS:PORT of the destinations, and the name of the disk-buffer file) about disk-buffer files in its persist file. diff --git a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/003_Content.md b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/003_Content.md index ec53fb27..407e27c3 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/003_Content.md +++ b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/003_Content.md @@ -3,22 +3,22 @@ title: Printing the content of disk-buffer files id: adm-log-diskbuff-content description: >- This section describes printing the content of the disk-buffer files - used in syslog-ng Open Source Edition(syslog-ng OSE). + used in {{ site.product.short_name }}. --- ## Command syntax The command syntax for printing the content of the disk-buffer files -used in syslog-ng OSE looks like the following: +used in {{ site.product.short_name }} looks like the following: ```bash dqtool cat DISK-BUFFER_FILE ``` -### Example: short output that shows the printed content of the disk-buffer files used in syslog-ng OSE +### Example: short output that shows the printed content of the disk-buffer files used in {{ site.product.short_name }} The following short output example shows the printed content of the -disk-buffer files used in syslog-ng OSE: +disk-buffer files used in {{ site.product.short_name }}: ```config dqtool cat /opt/syslog-ng/var/syslog-ng-00000.rqf diff --git a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/004_Orphan.md b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/004_Orphan.md index d27471ad..c1a3520d 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/004_Orphan.md +++ b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/004_Orphan.md @@ -2,19 +2,19 @@ title: Orphan disk-buffer files id: adm-log-diskbuff-orphan description: >- - This section describes orphan disk-buffer files used in syslog-ng Open - Source Edition(syslog-ng OSE). + This section describes orphan disk-buffer files used in {{ site.product.short_name }} Open + Source Edition({{ site.product.short_name }}). --- ## Orphan disk-buffer files In certain situations (for example, after modifying the disk-buffer -configuration or losing the persist information), syslog-ng OSE creates +configuration or losing the persist information), {{ site.product.short_name }} creates a new disk-buffer file instead of using the already existing one. In these situations, the already existing disk-buffer file becomes a so-called orphan disk-buffer file. -**NOTE:** The syslog-ng OSE application does not store messages in orphan +**NOTE:** The {{ site.product.short_name }} application does not store messages in orphan disk-buffer files or forward the messages stored in the disk-buffer file. {: .notice--info} @@ -55,6 +55,6 @@ exist in the persist file. These two files are the orphan disk-buffer files. For more information about orphan disk-buffer files and how to process -the messages in orphan disk-buffer files using a separate syslog-ng OSE +the messages in orphan disk-buffer files using a separate {{ site.product.short_name }} instance, see How to process messages from an orphan disk-buffer file using a -separate syslog-ng OSE instance. +separate {{ site.product.short_name }} instance. diff --git a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/005_How_to_process_orphan_diskbuffer.md b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/005_How_to_process_orphan_diskbuffer.md index 18f21bb8..153e3665 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/005_How_to_process_orphan_diskbuffer.md +++ b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/005_How_to_process_orphan_diskbuffer.md @@ -1,43 +1,43 @@ --- -title: How to process messages from an orphan disk-buffer file using a separate syslog-ng OSE instance +title: How to process messages from an orphan disk-buffer file using a separate {{ site.product.short_name }} instance short_title: How to process messages from an orphan disk-buffer file id: adm-log-diskbuff-process description: >- This section describes how to read messages from an orphan disk-buffer - file by using a separate syslog-ng Open Source Edition (syslog-ng OSE) - process running parallel to the already running syslog-ng OSE instance. + file by using a separate {{ site.product.short_name }} + process running parallel to the already running {{ site.product.short_name }} instance. --- ## Orphan disk-buffer files In certain situations (for example, after modifying the disk-buffer -configuration or losing the persist information), syslog-ng OSE creates +configuration or losing the persist information), {{ site.product.short_name }} creates a new disk-buffer file instead of using the already existing one. In these situations, the already existing disk-buffer file becomes a so-called orphan disk-buffer file. -**NOTE:** The syslog-ng OSE application does not store messages in orphan +**NOTE:** The {{ site.product.short_name }} application does not store messages in orphan disk-buffer files or forward the messages stored in the disk-buffer file. {: .notice--info} -## Processing the messages from an orphan disk-buffer file by using a separate syslog-ng OSE instance +## Processing the messages from an orphan disk-buffer file by using a separate {{ site.product.short_name }} instance -When syslog-ng OSE creates orphan disk-buffer files, you can start a -separate syslog-ng OSE instance parallel to the syslog-ng OSE instance +When {{ site.product.short_name }} creates orphan disk-buffer files, you can start a +separate {{ site.product.short_name }} instance parallel to the {{ site.product.short_name }} instance already running, and use the following resolution process to process the messages in the orphan disk-buffer file. >![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** ->Before starting a separate syslog-ng OSE instance to process the messages +>Before starting a separate {{ site.product.short_name }} instance to process the messages >from the orphan disk-buffer file, consider the following: > ->- During the resolution process, a separate syslog-ng OSE +>- During the resolution process, a separate {{ site.product.short_name }} > instance will be started with its temporary files beside -> the syslog-ng OSE instance already running. +> the {{ site.product.short_name }} instance already running. > >- An incorrect startup command and incorrect configurations -> may cause issues for the syslog-ng OSE instance already +> may cause issues for the {{ site.product.short_name }} instance already > running. > >- The disk-buffer file stores processed log messages in the @@ -50,7 +50,7 @@ messages in the orphan disk-buffer file. {: .notice--warning} To process the messages from an orphan disk-buffer file using a separate -syslog-ng OSE instance, +{{ site.product.short_name }} instance, 1. Identify the orphan disk-buffer files and make a record of them. For more information, see @@ -121,7 +121,7 @@ syslog-ng OSE instance, 5. Add your destination statement with disk-buffer() to the configuration file. You can copy the destination statement from your - running syslog-ng OSE configuration. + running {{ site.product.short_name }} configuration. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Add the dir() option and set the disk-buffer file\'s destination directory @@ -140,13 +140,13 @@ syslog-ng OSE instance, ); ``` -6. Start the temporary syslog-ng OSE instance in the foreground. +6. Start the temporary {{ site.product.short_name }} instance in the foreground. ```bash syslog-ng -Fe -f /tmp/qdisk/qdisk.conf -R /tmp/qdisk/qdisk.persist -c /tmp/qdisk/qdisk.ctl ``` - The syslog-ng OSE application will log to the console, so you will + The {{ site.product.short_name }} application will log to the console, so you will see any potential error that may occur during startup. The following example output displays that an empty disk-buffer file @@ -163,7 +163,7 @@ syslog-ng OSE instance, >FIPS information; FIPS-mode='disabled' >Syslog connection established; fd='7', server='AF_INET(10.21.10.20:514)', local='AF_INET(0.0.0.0:0)' -7. To stop syslog-ng OSE, press CTRL+C. +7. To stop {{ site.product.short_name }}, press CTRL+C. 8. Overwrite the empty disk-buffer file with the orphan disk-buffer file. @@ -172,8 +172,8 @@ syslog-ng OSE instance, mv /opt/syslog-ng/var/syslog-ng-00005.rqf /tmp/qdisk/syslog-ng-00000.rqf ``` -9. Start syslog-ng OSE using the command used in Start the temporary - syslog-ng OSE instance in the foreground step. +9. Start {{ site.product.short_name }} using the command used in Start the temporary + {{ site.product.short_name }} instance in the foreground step. ```bash syslog-ng -Fe -f /tmp/qdisk/qdisk.conf -R /tmp/qdisk/qdisk.persist -c /tmp/qdisk/qdisk.ctl @@ -205,14 +205,14 @@ syslog-ng OSE instance, >Reliable disk-buffer state loaded; filename='/tmp/qdisk/syslog-ng-00000.rqf', queue_length='0', size='0' -11. Press CTRL+C to stop syslog-ng OSE. +11. Press CTRL+C to stop {{ site.product.short_name }}. 12. Check the state of the orphan disk-buffer file. For more information, see How to get information about disk-buffer files. 13. If you have more than one orphan disk-buffer file, repeat the steps - following the syslog-ng OSE stop (that is, + following the {{ site.product.short_name }} stop (that is, the steps beginning from overwriting the empty disk-buffer file with the orphan disk-buffer file) for each orphan disk-buffer file. diff --git a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/README.md b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/README.md index a9e2c436..d6dbd104 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/README.md +++ b/doc/_admin-guide/080_Log/020_Buffering/002_How_to_get_information/README.md @@ -3,9 +3,9 @@ title: How to get information about disk-buffer files id: adm-log-diskbuff description: >- This section describes how to get information about disk-buffer files - used in syslog-ng Open Source Edition (syslog-ng OSE). + used in {{ site.product.short_name }}. --- **NOTE:** While reading this section, consider that the default installation -path used in the commands and syslog-ng OSE files is /opt/syslog-ng. +path used in the commands and {{ site.product.short_name }} files is /opt/syslog-ng. {: .notice--info} diff --git a/doc/_admin-guide/080_Log/020_Buffering/003_Enabling_memory_buffering.md b/doc/_admin-guide/080_Log/020_Buffering/003_Enabling_memory_buffering.md index 8978d5e5..041ca707 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/003_Enabling_memory_buffering.md +++ b/doc/_admin-guide/080_Log/020_Buffering/003_Enabling_memory_buffering.md @@ -7,7 +7,7 @@ To enable memory buffering, use the **log-fifo-size()** parameter in the destination. All destination drivers can use memory buffering. Use memory buffering if you want to send logs to destinations where disk-based buffering is not available. Or if you want the fastest -solution, and if syslog-ng OSE crash or network downtime is never +solution, and if {{ site.product.short_name }} crash or network downtime is never expected. In these cases, losing logs is possible. This solution does not use disk-based buffering, logs are stored only in the memory. diff --git a/doc/_admin-guide/080_Log/020_Buffering/004_About_diskbuffer_files.md b/doc/_admin-guide/080_Log/020_Buffering/004_About_diskbuffer_files.md index f05ae520..dbb32e6f 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/004_About_diskbuffer_files.md +++ b/doc/_admin-guide/080_Log/020_Buffering/004_About_diskbuffer_files.md @@ -10,7 +10,7 @@ reliable(yes) option and not is the strategy they employ. Reliable disk queues guarantee that all the messages passing through them are written to disk first, and removed from the queue only after the destination has confirmed that the message has been successfully received. This prevents -message loss, for example, due to syslog-ng OSE crashes if the client +message loss, for example, due to {{ site.product.short_name }} crashes if the client and the destination server communicate using the Advanced Log Transport Protocol (ALTP). Note that the Advanced Log Transport Protocol is available only in syslog-ng Premium Edition version 6 LTS. Of course, using the reliable(yes) option introduces a significant performance penalty as well. @@ -38,14 +38,14 @@ of the queue file. The disk-buffer file\'s size should be considered as the configured disk-buf-size() at any point of time, even if it does not have messages in it. Truncating the disk-buffer file can slow down disk I/O -operations, so syslog-ng OSE does not always truncate the file when it +operations, so {{ site.product.short_name }} does not always truncate the file when it would be possible (see the truncate-size-ratio() option). If a large disk-buffer file is not desirable, you should set the disk-buf-size() option to a smaller value. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** One Identity recommends that you do not build upon the current truncating logic -of the disk-buffer files, because syslog-ng OSE might pre-allocate the disk-buffer +of the disk-buffer files, because {{ site.product.short_name }} might pre-allocate the disk-buffer files and never truncate them in the future. {: .notice--warning} @@ -55,7 +55,7 @@ disk-buffer, use dqtool (for more information, see [Getting the status information of disk-buffer files]). {: .notice--info} -**NOTE:** If a queue file becomes corrupt, syslog-ng OSE starts a new one. +**NOTE:** If a queue file becomes corrupt, {{ site.product.short_name }} starts a new one. This might lead to the queue files consuming more space in total than their maximal configured size and the number of configured queue files multiplied together. diff --git a/doc/_admin-guide/080_Log/020_Buffering/README.md b/doc/_admin-guide/080_Log/020_Buffering/README.md index 481ae6a7..af0a90b9 100644 --- a/doc/_admin-guide/080_Log/020_Buffering/README.md +++ b/doc/_admin-guide/080_Log/020_Buffering/README.md @@ -2,13 +2,13 @@ title: Using disk-based and memory buffering id: adm-log-buff description: >- - The syslog-ng Open Source Edition application can store messages on the + The {{ site.product.name }} application can store messages on the local hard disk if the destination (for example, the central log server) or the network connection to the destination becomes unavailable. The - syslog-ng OSE application automatically sends the stored messages to the + {{ site.product.short_name }} application automatically sends the stored messages to the destination when the connection is reestablished. The disk buffer is used as a queue: when the connection to the destination is - reestablished, syslog-ng OSE sends the messages to the destination in + reestablished, {{ site.product.short_name }} sends the messages to the destination in the order they were received. --- @@ -22,14 +22,14 @@ output buffers controlled by log-fifo-size()). The hard disk space is not pre-allocated, so ensure that there is always enough free space to store the disk buffers even when the disk buffers are full. -If syslog-ng OSE is restarted (using the /etc/init.d/syslog-ng restart +If {{ site.product.short_name }} is restarted (using the /etc/init.d/syslog-ng restart command, or another appropriate command on your platform), it automatically saves any unsent messages from the disk buffer and -in-memory queues. After the restart, syslog-ng OSE sends the saved +in-memory queues. After the restart, {{ site.product.short_name }} sends the saved messages to the destination. In other words, the disk buffer is -persistent. The disk buffer is also resistant to syslog-ng OSE crashes. +persistent. The disk buffer is also resistant to {{ site.product.short_name }} crashes. -The syslog-ng OSE application supports two types of disk buffering: +The {{ site.product.short_name }} application supports two types of disk buffering: reliable and normal. For details, see Enabling reliable disk-based buffering and Enabling normal disk-based buffering, @@ -38,41 +38,41 @@ respectively. ## Message handling and normal disk-based buffering When you use disk-based buffering, and the reliable() option is set to -no, syslog-ng OSE handles outgoing messages the following way: +no, {{ site.product.short_name }} handles outgoing messages the following way: -### Figure 17: Handling outgoing messages in syslog-ng OSE +### Figure 17: Handling outgoing messages in {{ site.product.short_name }} ![]({{ adm_img_folder | append: 'disk-buffer-diagram-normal.png'}}) - *Output queue*: In-memory queue. If there is space left in it, - syslog-ng OSE puts the message into this queue first . Messages - stored here are processed faster, because syslog-ng OSE can skip + {{ site.product.short_name }} puts the message into this queue first . Messages + stored here are processed faster, because {{ site.product.short_name }} can skip writing to, and reading from the disk, as well as serializing or deserializing the message, saving I/O and processor time as a result. The contents of the in-memory output queue are persisted to - the disk-buffer file during syslog-ng OSE reload, restart or stop, + the disk-buffer file during {{ site.product.short_name }} reload, restart or stop, but they cannot be persisted if in the event of power failures, or - if syslog-ng OSE crashes. By default, the output queue can hold 1000 + if {{ site.product.short_name }} crashes. By default, the output queue can hold 1000 messages (you can adjust this number using the quot-size() option). - *Disk-buffer file*: Disk queue. If there is no space left in the output queue, the message is stored on the disk-buffer file. Messages stored here are persisted on the disk, even in case of - power failures or if syslog-ng OSE crashes. Using the disk-buffer + power failures or if {{ site.product.short_name }} crashes. Using the disk-buffer file takes considerable amount of disk I/O and processor time. The size of this queue can be set with the disk-buf-size() option. - *Overflow queue*: In-memory queue. This queue is used to trigger flow-control if it is set. The contents of the in-memory overflow - queue are persisted to the disk-buffer file in case of syslog-ng OSE + queue are persisted to the disk-buffer file in case of {{ site.product.short_name }} reload, restart or stop, but they are not persisted in case of power - failures or if syslog-ng OSE crashes. Setting the size of the + failures or if {{ site.product.short_name }} crashes. Setting the size of the overflow queue can be done with the mem-buf-length() option. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** Hazard of data loss! In case of normal disk-buffers, the messages stored in the output queue and the overflow queue can be lost in case of power -failures or if syslog-ng OSE crashes. +failures or if {{ site.product.short_name }} crashes. {: .notice--danger} **NOTE:** Using disk buffer can significantly decrease performance. @@ -81,7 +81,7 @@ failures or if syslog-ng OSE crashes. ## Message handling and reliable disk-based buffering When you use disk-based buffering, and the reliable() option is set to -yes, syslog-ng OSE handles outgoing messages the following way. +yes, {{ site.product.short_name }} handles outgoing messages the following way. The mem-buf-size() option determines when flow-control is triggered. After the size of the disk-buffer file reaches (disk-buf-size() minus @@ -94,16 +94,16 @@ If the control window is full, the flow-control completely stops reading incoming messages from the source. (As a result, mem-buf-size() must be at least as large as log-iw-size() times the average message size.) -### Figure 18: Handling outgoing messages in syslog-ng OSE with the reliable disk-buffer option +### Figure 18: Handling outgoing messages in {{ site.product.short_name }} with the reliable disk-buffer option ![]({{ adm_img_folder | append: 'disk-buffer-diagram-reliable.png'}}) - *Output queue*: In-memory and disk queue. If there is space left in - it, syslog-ng OSE puts the message into this queue first. In case of + it, {{ site.product.short_name }} puts the message into this queue first. In case of reliable disk-buffer, in addition to storing the message in memory, it is stored directly in the disk-buffer file as well for safety reasons (see the next point). Messages stored here are processed - faster, because syslog-ng OSE can skip reading from the disk, and + faster, because {{ site.product.short_name }} can skip reading from the disk, and deserializing the message, saving I/O and processor time. By default, the output queue can hold 1000 messages (you can adjust it using the quot-size() option). @@ -111,7 +111,7 @@ at least as large as log-iw-size() times the average message size.) - *Disk-buffer file*: Disk queue. If there is no space left in the output queue, the message is stored on the disk-buffer file. Messages stored here are persisted on the disk, and survive - syslog-ng OSE crash or power failure. Using the disk-buffer file + {{ site.product.short_name }} crash or power failure. Using the disk-buffer file takes considerable amount of disk I/O and processor time. The size of this queue can be set with the disk-buf-size() option. diff --git a/doc/_admin-guide/080_Log/030_Filters/002_Comparing_macro_values.md b/doc/_admin-guide/080_Log/030_Filters/002_Comparing_macro_values.md index a7993b76..0ad338ea 100644 --- a/doc/_admin-guide/080_Log/030_Filters/002_Comparing_macro_values.md +++ b/doc/_admin-guide/080_Log/030_Filters/002_Comparing_macro_values.md @@ -2,7 +2,7 @@ title: Comparing macro values in filters id: adm-log-filters-macro description: >- - Starting with syslog-ng OSE version 3.2, it is also possible to compare + Starting with {{ site.product.short_name }} version 3.2, it is also possible to compare macro values and templates as numerical and string values. String comparison is alphabetical: it determines if a string is alphabetically greater or equal to another string. Use the following syntax to compare @@ -19,10 +19,10 @@ filter ## String and numerical comparison -syslog-ng Open Source Edition versions prior to 4.0 used separate +{{ site.product.name }} versions prior to 4.0 used separate operators for string comparisons (for example, eq). In version 4.0 and onwards, mathematical symbols can be used as operators (==, !=, \>=), -and syslog-ng Open Source Edition automatically determines how to +and {{ site.product.name }} automatically determines how to compare the arguments based on their type. - If both sides of the comparison are strings, the comparison is diff --git a/doc/_admin-guide/080_Log/030_Filters/003_Using_wildcard_and_regexp.md b/doc/_admin-guide/080_Log/030_Filters/003_Using_wildcard_and_regexp.md index 4f680df5..fb2869b9 100644 --- a/doc/_admin-guide/080_Log/030_Filters/003_Using_wildcard_and_regexp.md +++ b/doc/_admin-guide/080_Log/030_Filters/003_Using_wildcard_and_regexp.md @@ -6,7 +6,7 @@ id: adm-log-filters-regexp description: >- The host(), match(), and program() filter functions accept regular expressions as parameters. The exact type of the regular expression to - use can be specified with the type() option. By default, syslog-ng OSE + use can be specified with the type() option. By default, {{ site.product.short_name }} uses PCRE regular expressions. --- @@ -30,12 +30,12 @@ string, for example, on myhost-1, myhost-2, and so on. filter f_wildcard {host("myhost*" type(glob));}; ``` -For details on using regular expressions in syslog-ng OSE, see Using +For details on using regular expressions in {{ site.product.short_name }}, see Using wildcards, special characters, and regular expressions in filters. To filter for special control characters like the carriage return (CR), -use the **\\r** escape prefix in syslog-ng OSE version 3.0 and 3.1. In -syslog-ng OSE 3.2 and later, you can also use the \\x escape prefix and +use the **\\r** escape prefix in {{ site.product.short_name }} version 3.0 and 3.1. In +{{ site.product.short_name }} 3.2 and later, you can also use the \\x escape prefix and the ASCII code of the character. For example, to filter on carriage returns, use the following filter: diff --git a/doc/_admin-guide/080_Log/030_Filters/004_Tagging_messages.md b/doc/_admin-guide/080_Log/030_Filters/004_Tagging_messages.md index dd70da23..63ee3fba 100644 --- a/doc/_admin-guide/080_Log/030_Filters/004_Tagging_messages.md +++ b/doc/_admin-guide/080_Log/030_Filters/004_Tagging_messages.md @@ -6,7 +6,7 @@ description: >- identified by their names, which must be unique. --- -Currently syslog-ng OSE can tag a message at two different places: +Currently {{ site.product.short_name }} can tag a message at two different places: - at the source when the message is received, and @@ -14,11 +14,11 @@ Currently syslog-ng OSE can tag a message at two different places: details on using the pattern database, see Using pattern databases, for details on creating tags in the pattern database, see - The syslog-ng pattern database format. + The {{ site.product.short_name }} pattern database format. - Tags can be also added and deleted using rewrite rules. For details, see Adding and deleting tags. - When syslog-ng receives a message, it automatically adds the + When {{ site.product.short_name }} receives a message, it automatically adds the .source.\ tag to the message. Use the tags() option of the source to add custom tags, and the tags() option of the filters to select only specific messages. @@ -33,7 +33,7 @@ Currently syslog-ng OSE can tag a message at two different places: template. Alternatively, if you are using the IETF-syslog message format, you can include the ${TAGS} macro in the .SDATA.meta part of the message. Note that the ${TAGS} macro is available only in - syslog-ng OSE 3.1.1 and later. + {{ site.product.short_name }} 3.1.1 and later. For an example on tagging, see Example: Adding tags and filtering messages with tags. diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/000_facility.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/000_facility.md index f26a385c..89e35135 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/000_facility.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/000_facility.md @@ -21,7 +21,7 @@ You can use the facility filter the following ways: - Use a facility range (works only with facility names), for example, **facility(local0..local5)** -The syslog-ng application recognizes the following facilities: (Note +The {{ site.product.short_name }} application recognizes the following facilities: (Note that some of these facilities are available only on specific platforms.) | Numerical Code |Facility name |Facility| diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/002_host.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/002_host.md index 863aff3c..72a6db0e 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/002_host.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/002_host.md @@ -8,7 +8,7 @@ id: adm-log-filters-host *Description:* Match messages by using a regular expression against the hostname field of log messages. Note that you can filter only on the actual content of the HOST field of the message (or what it was -rewritten to). That is, syslog-ng OSE will compare the filter expression +rewritten to). That is, {{ site.product.short_name }} will compare the filter expression to the content of the ${HOST} macro. This means that for the IP address of a host will not match, even if the IP address and the hostname field refers to the same host. To filter on IP addresses, use the diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/003_inlist.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/003_inlist.md index 9b35975a..aa22557b 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/003_inlist.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/003_inlist.md @@ -8,7 +8,7 @@ id: adm-log-filters-inlist *Description:* Matches the value of the specified field to a list stored in a file, allowing you to do simple, file-based black- and whitelisting. The file must be a plain-text file, containing one entry -per line. The syslog-ng OSE application loads the entire file, and +per line. The {{ site.product.short_name }} application loads the entire file, and compares the value of the specified field (for example, ${PROGRAM}) to entries in the file. When you use the in-list() filter, note the following points: @@ -21,7 +21,7 @@ following points: - If you modify the list file, reload the configuration of syslog-ng OSE for the changes to take effect. -Available in syslog-ng OSE 3.5 and later. +Available in {{ site.product.short_name }} 3.5 and later. ## Example: Selecting messages using the in-list() filter diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/005_match.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/005_match.md index c526b748..46756909 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/005_match.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/005_match.md @@ -7,7 +7,7 @@ id: adm-log-filters-match *Description:* Match a regular expression to the headers and the message itself (that is, the values returned by the MSGHDR and MSG macros). Note -that in syslog-ng version 2.1 and earlier, the match() filter was +that in {{ site.product.short_name }} version 2.1 and earlier, the match() filter was applied only to the text of the message, excluding the headers. This functionality has been moved to the message() filter. diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/006_message.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/006_message.md index d1743282..1e0cdc31 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/006_message.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/006_message.md @@ -7,5 +7,5 @@ id: adm-log-filters-message *Description:* Match a regular expression to the text of the log message, excluding the headers (that is, the value returned by the MSG -macros). Note that in syslog-ng version 2.1 and earlier, this +macros). Note that in {{ site.product.short_name }} version 2.1 and earlier, this functionality was performed by the match() filter. diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/007_netmask.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/007_netmask.md index 79b7d4b1..9abc2f4b 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/007_netmask.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/007_netmask.md @@ -8,7 +8,7 @@ id: adm-log-filters-netmask *Description:* Select only messages sent by a host whose IP address belongs to the specified IPv4 subnet. Note that this filter checks the IP address of the last-hop relay (the host that actually sent the -message to syslog-ng OSE), not the contents of the HOST field of the +message to {{ site.product.short_name }}), not the contents of the HOST field of the message. You can use both the dot-decimal and the CIDR notation to specify the netmask. For example, 192.168.5.0/255.255.255.0 or 192.168.5.0/24. To filter IPv6 addresses, see diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/008_netmask6.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/008_netmask6.md index b1901aee..830abe4a 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/008_netmask6.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/008_netmask6.md @@ -8,7 +8,7 @@ id: adm-log-filters-netmask6 *Description:* Select only messages sent by a host whose IP address belongs to the specified IPv6 subnet. Note that this filter checks the IP address of the last-hop relay (the host that actually sent the -message to syslog-ng OSE), not the contents of the HOST field of the +message to {{ site.product.short_name }}), not the contents of the HOST field of the message. You can use both the regular and the compressed format to specify the IP address, for example, 1080:0:0:0:8:800:200C:417A or 1080::8:800:200C:417A. If you do not specify the address, localhost is @@ -18,14 +18,14 @@ Use the netmask (also called prefix) to specify how many of the leftmost bits of the address comprise the netmask (values 1-128 are valid). For example, the following specify a 60-bit prefix: 12AB:0000:0000:CD30:0000:0000:0000:0000/60 or 12AB::CD30:0:0:0:0/60. -Note that if you set an IP address and a prefix, syslog-ng OSE will +Note that if you set an IP address and a prefix, {{ site.product.short_name }} will ignore the bits of the address after the prefix. To filter IPv4 addresses, see netmask(). -The netmask6() filter is available in syslog-ng OSE 3.7 and later. +The netmask6() filter is available in {{ site.product.short_name }} 3.7 and later. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** If the IP address is not syntactically correct, the filter will never match. -The syslog-ng OSE application currently does not send a warning for such +The {{ site.product.short_name }} application currently does not send a warning for such configuration errors. {: .notice--warning} diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/010_rate-limit.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/010_rate-limit.md index f1aa7d18..6461c70b 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/010_rate-limit.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/010_rate-limit.md @@ -9,14 +9,14 @@ id: adm-log-filters-ratelimit message. The key will be resolved using the template() option. Each resolution will be allowed to have the number of messages each second, set by the rate() option. For example if template(${HOST}) and rate(5000) -are set, and there are 2 hosts sending messages to syslog-ng OSE, a +are set, and there are 2 hosts sending messages to {{ site.product.short_name }}, a total of **10000** messages will be allowed by the rate-limit() filter, **5000** from the first and **5000** from the second host. If template() was not set instead, then **5000** messages would be allowed each second, regardless of their content. -**NOTE:** In syslog-ng OSE version 3.35 the rate-limit() filter was called -throttle(). In syslog-ng OSE version 3.36 it got renamed to +**NOTE:** In {{ site.product.short_name }} version 3.35 the rate-limit() filter was called +throttle(). In {{ site.product.short_name }} version 3.36 it got renamed to rate-limit(), but throttle() is still available for backward compatibility. {: .notice--info} diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/012_tags.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/012_tags.md index 25435aa6..dd929497 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/012_tags.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/012_tags.md @@ -8,7 +8,7 @@ id: adm-log-filters-tags *Description:* Select messages labeled with the specified tag. Every message automatically has the tag of its source in .source.\ format. This option is -available only in syslog-ng 3.1 and later. +available only in {{ site.product.short_name }} 3.1 and later. ## Example: Adding tags and filtering messages with tags @@ -31,7 +31,7 @@ filter f_router { }; ``` -**NOTE:** The syslog-ng OSE application automatically adds the class of the +**NOTE:** The {{ site.product.short_name }} application automatically adds the class of the message as a tag using the .classifier.\ format. For example, messages classified as \"system\" receive the .classifier.system tag. Use the **tags()** filter function to select diff --git a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/README.md b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/README.md index 07c71511..f1b5119f 100644 --- a/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/README.md +++ b/doc/_admin-guide/080_Log/030_Filters/005_Filter_functions/README.md @@ -6,7 +6,7 @@ id: adm-log-filters-functions The following functions may be used in the filter statement, as described in Filters. -## Table 14: Filter functions available in syslog-ng OSE +## Table 14: Filter functions available in {{ site.product.short_name }} |Name|Description| |---|---| @@ -20,5 +20,5 @@ described in Filters. |netmask() or netmask6()|Filter messages based on the IP address of the sending host.| |program()|Filter messages based on the sending application.| |rate-limit() |Limits messages rate based on arbitrary keys in each message. | -|source()|Select messages of the specified syslog-ng OSE source statement.| +|source()|Select messages of the specified {{ site.product.short_name }} source statement.| |tags()|Select messages having the specified tag.| diff --git a/doc/_admin-guide/090_Global_options/000_Global_options.md b/doc/_admin-guide/090_Global_options/000_Global_options.md index de49c880..f8e6c692 100644 --- a/doc/_admin-guide/090_Global_options/000_Global_options.md +++ b/doc/_admin-guide/090_Global_options/000_Global_options.md @@ -12,7 +12,7 @@ id: adm-global-opt The following options can be specified in the options statement, as -described in Global options of syslog-ng OSE. +described in Global options of {{ site.product.short_name }}. ## bad-hostname() @@ -28,10 +28,10 @@ as hostnames. |Default:| no| *Description:* Enable or disable the chained hostname format. If a -client sends the log message directly to the syslog-ng OSE server, the +client sends the log message directly to the {{ site.product.short_name }} server, the chain-hostnames() option is enabled on the server, and the client sends a hostname in the message that is different from its DNS hostname (as -resolved from DNS by the syslog-ng OSE server), then the server can +resolved from DNS by the {{ site.product.short_name }} server), then the server can append the resolved hostname to the hostname in the message (separated with a / character) when the message is written to the destination. @@ -65,10 +65,9 @@ table. -If the log message is forwarded to the syslog-ng OSE server via a -syslog-ng OSE relay, the hostname depends on the settings of the -keep-hostname() and the chain-hostnames() options both on the syslog-ng -OSE relay and the syslog-ng OSE server. +If the log message is forwarded to the {{ site.product.short_name }} server via a +{{ site.product.short_name }} relay, the hostname depends on the settings of the +keep-hostname() and the chain-hostnames() options both on the {{ site.product.short_name }} relay and the {{ site.product.short_name }} server. For example, consider a client-relay-server scenario with the following hostnames: client-hostname-from-the-message, @@ -129,8 +128,8 @@ table. -The chain-hostnames() option can interfere with the way syslog-ng OSE -counts the log source hosts. As a result, syslog-ng OSE falsely +The chain-hostnames() option can interfere with the way {{ site.product.short_name }} +counts the log source hosts. As a result, {{ site.product.short_name }} falsely perceives several hosts logging to the central server, especially if the clients sends a hostname in the message that is different from its real hostname (as resolved from DNS). Disable the **chain-hostnames()** @@ -158,8 +157,7 @@ valid characters. *Description:* Use this option to specify a custom domain name that is appended after the short hostname to receive the fully qualified domain name (FQDN). This option affects every outgoing message: eventlog -sources, file sources, MARK messages and internal messages of syslog-ng -OSE. +sources, file sources, MARK messages and internal messages of {{ site.product.short_name }}. - If the hostname is a short hostname, the custom domain name is appended after the hostname (for example, mypc becomes @@ -206,7 +204,7 @@ OSE. *Description:* Name of a file in /etc/hosts format that contains static IP-\>hostname mappings. Use this option to resolve hostnames locally without using a DNS. Note that any change to this file triggers a reload -in syslog-ng and is instantaneous. +in {{ site.product.short_name }} and is instantaneous. ## dns-cache-size() @@ -255,9 +253,9 @@ with the **-1** value. | Accepted values:| default, verbose, debug, trace| |Default:| default| -This option is available in syslog-ng OSE version 4.0 and later versions. +This option is available in {{ site.product.short_name }} version 4.0 and later versions. -*Description:* Controls the own internal log level of syslog-ng OSE. Corresponds to setting the internal log level using syslog-ng-ctl or the command line options of syslog-ng (the -d, -v, and -t ). Setting the log level in the configuration makes it easier to control logging in containerized environments where changing command line options is more problematic. +*Description:* Controls the own internal log level of {{ site.product.short_name }}. Corresponds to setting the internal log level using syslog-ng-ctl or the command line options of {{ site.product.short_name }} (the -d, -v, and -t ). Setting the log level in the configuration makes it easier to control logging in containerized environments where changing command line options is more problematic. Higher log-levels automatically include messages from lower log-levels: @@ -265,7 +263,7 @@ Higher log-levels automatically include messages from lower log-levels: - verbose: Normal and verbose log messages. -- debug: Include debug messages of syslog-ng OSE. +- debug: Include debug messages of {{ site.product.short_name }}. - trace: Include trace messages of how messages are processed. @@ -283,7 +281,7 @@ Higher log-levels automatically include messages from lower log-levels: |Default:| 1200| *Description:* The mark-freq() option is an alias for the deprecated -mark() option. This is retained for compatibility with syslog-ng version +mark() option. This is retained for compatibility with {{ site.product.short_name }} version 1.6.x. {% include doc/admin-guide/options/mark-freq.md %} @@ -304,7 +302,7 @@ changes the owner of accessed files (for example, /dev/null) to this value, and the permissions to the value set in the perm() option. Starting with version 3.16, the default value of this option is -1, so -syslog-ng OSE does not change the ownership, unless explicitly +{{ site.product.short_name }} does not change the ownership, unless explicitly configured to do so. ## pass-unix-credentials() @@ -312,10 +310,10 @@ configured to do so. | Accepted values:| yes \| no| |Default:| yes| -*Description:* Enable syslog-ng OSE to collect UNIX credential +*Description:* Enable {{ site.product.short_name }} to collect UNIX credential information (that is, the PID, user ID, and group of the sender process) for messages received using UNIX domain sockets. Available only in -syslog-ng Open Source Edition 3.7 and later. Note that collecting UNIX +{{ site.product.name }} 3.7 and later. Note that collecting UNIX credential information from sockets in high-traffic environments can be resource intensive, therefore pass-unix-credentials() can be disabled globally, or separately for each source. @@ -350,7 +348,7 @@ driver. ## stats() -Available in syslog-ng OSE 4.1 and later versions. +Available in {{ site.product.short_name }} 4.1 and later versions. *Description:* The stats() option is an aggregated collection of statistic-related sub-options. @@ -380,7 +378,7 @@ The following sub-options are available within the stats() option: | Accepted values:| 0, 1, 2, 3| |Default:| 0| -*Description:* Specifies the detail of statistics syslog-ng collects about the processed messages. +*Description:* Specifies the detail of statistics {{ site.product.short_name }} collects about the processed messages. - Level 0 collects only statistics about the sources and destinations. @@ -397,7 +395,7 @@ The following sub-options are available within the stats() option: | Accepted values:| number| |Default:| N/A| -*Description:* To avoid performance issues or even overloading syslog-ng OSE (for example, if a script starts to send logs from different IP addresses to syslog-ng OSE), you might want to limit the number of registered dynamic counters in the message statistics. For details on message statistics, see Statistics of syslog-ng. +*Description:* To avoid performance issues or even overloading {{ site.product.short_name }} (for example, if a script starts to send logs from different IP addresses to {{ site.product.short_name }}), you might want to limit the number of registered dynamic counters in the message statistics. For details on message statistics, see Statistics of syslog-ng. - **Unlimited dynamic counters:** @@ -424,14 +422,14 @@ The following sub-options are available within the stats() option: To disable dynamic counters completely, set the value of this option to 0. This is the recommended value if statistics are not used, or if dynamic counters are irrelevant (for example, the number of logs arriving from programs). -**NOTE:** If a lower value is set to stats-max-dynamics() (or, any limiting value, if this option has not been configured before) and syslog-ng OSE is restarted, the changes are only applied after stats-freq() time has passed. That is, the previously allocated dynamic clusters are only removed after this time. +**NOTE:** If a lower value is set to stats-max-dynamics() (or, any limiting value, if this option has not been configured before) and {{ site.product.short_name }} is restarted, the changes are only applied after stats-freq() time has passed. That is, the previously allocated dynamic clusters are only removed after this time. ## syslog-stats() | Accepted values:| yes, no, auto| |Default:| auto| -Available in syslog-ng OSE 4.1 and later versions. +Available in {{ site.product.short_name }} 4.1 and later versions. *Description:* Configures the behavior of counting messages based on different syslog fields, like SEVERITY, FACILITY, ${HOST}. @@ -464,11 +462,10 @@ This is a deprecated legacy option. Use the stats() option. | Accepted values:| yes\|no| |Default:| yes| -*Description:* Enable syslog-ng OSE to run in multithreaded mode and use -multiple CPUs. Available only in syslog-ng Open Source Edition 3.3 and -later. Note that setting **threaded(no)** does not mean that syslog-ng -OSE will use only a single thread. For details, see -Multithreading and scaling in syslog-ng OSE. +*Description:* Enable {{ site.product.short_name }} to run in multithreaded mode and use +multiple CPUs. Available only in {{ site.product.name }} 3.3 and +later. Note that setting **threaded(no)** does not mean that {{ site.product.short_name }} will use only a single thread. For details, see +Multithreading and scaling in {{ site.product.short_name }}. {% include doc/admin-guide/options/time-reap.md %} @@ -498,7 +495,7 @@ of the poll() iteration. |Default:| no| *Description:* When the use-rcptid global option is set to **yes**, -syslog-ng OSE automatically assigns a unique reception ID to every +{{ site.product.short_name }} automatically assigns a unique reception ID to every received message. You can access this ID and use it in templates via the ${RCPTID} macro. The reception ID is a monotonously increasing 48-bit integer number, that can never be zero (if the counter overflows, it @@ -517,7 +514,7 @@ see UNIQID. Enabling this option automatically generates the HOSTID. The HOSTID is a persistent, 32-bits-long cryptographically secure pseudo random number, -that belongs to the host that the syslog-ng is running on. If the +that belongs to the host that the {{ site.product.short_name }} is running on. If the persist file is damaged, the HOSTID might change. Enabling this option automatically enables the RCPTID functionality. For diff --git a/doc/_admin-guide/090_Global_options/README.md b/doc/_admin-guide/090_Global_options/README.md index ff26cdf3..04188175 100644 --- a/doc/_admin-guide/090_Global_options/README.md +++ b/doc/_admin-guide/090_Global_options/README.md @@ -1,13 +1,13 @@ --- -title: Global options of syslog-ng OSE +title: Global options of {{ site.product.short_name }} id: adm-global-options description: >- - The syslog-ng application has a number of global options governing DNS + The {{ site.product.short_name }} application has a number of global options governing DNS usage, the timestamp format used, and other general points. Each option may have parameters, similarly to driver specifications. --- -To set global options, add an options statement to the syslog-ng configuration file +To set global options, add an options statement to the {{ site.product.short_name }} configuration file using the following syntax: ```config @@ -17,7 +17,7 @@ options { option1(params); option2(params); ... }; ### Example: Using global options To disable domain name resolving, add the following line to the -syslog-ng configuration file: +{{ site.product.short_name }} configuration file: ```config options { use-dns(no); }; diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/000_Configuring_TLS_client.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/000_Configuring_TLS_client.md index af635381..6a63107a 100644 --- a/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/000_Configuring_TLS_client.md +++ b/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/000_Configuring_TLS_client.md @@ -1,11 +1,11 @@ --- -title: Configuring TLS on the syslog-ng clients +title: Configuring TLS on the {{ site.product.short_name }} clients id: adm-tls-client-conf --- ## Purpose -Complete the following steps on every syslog-ng client host. Examples +Complete the following steps on every {{ site.product.short_name }} client host. Examples are provided using both the legacy BSD-syslog protocol (using the network() driver) and the new IETF-syslog protocol standard (using the syslog() driver): @@ -13,9 +13,9 @@ syslog() driver): ## Steps 1. Copy the CA certificate (for example, cacert.pem) of the Certificate - Authority that issued the certificate of the syslog-ng server (or - the self-signed certificate of the syslog-ng server) to the - syslog-ng client hosts, for example, into the + Authority that issued the certificate of the {{ site.product.short_name }} server (or + the self-signed certificate of the {{ site.product.short_name }} server) to the + {{ site.product.short_name }} client hosts, for example, into the /opt/syslog-ng/etc/syslog-ng/ca.d directory. Issue the following command on the certificate: `openssl x509 @@ -29,16 +29,16 @@ syslog() driver): `ln -s cacert.pem 6d2962a8.0` -2. Add a destination statement to the syslog-ng configuration file that +2. Add a destination statement to the {{ site.product.short_name }} configuration file that uses the tls( ca-dir(path_to_ca_directory) ) option and specify the directory using the CA certificate. The destination must use the network() or the syslog() destination driver, and the IP address and - port parameters of the driver must point to the syslog-ng server. + port parameters of the driver must point to the {{ site.product.short_name }} server. Example: A destination statement using TLS The following destination encrypts the log messages using TLS and - sends them to the 6514/TCP port of the syslog-ng server having the + sends them to the 6514/TCP port of the {{ site.product.short_name }} server having the 10.1.2.3 IP address. ```config diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/001_Configuring_TLS_server.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/001_Configuring_TLS_server.md index b8d73a72..9997dff8 100644 --- a/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/001_Configuring_TLS_server.md +++ b/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/001_Configuring_TLS_server.md @@ -1,20 +1,20 @@ --- -title: Configuring TLS on the syslog-ng server +title: Configuring TLS on the {{ site.product.short_name }} server id: adm-tls-server-conf --- ## Purpose -Complete the following steps on the syslog-ng server: +Complete the following steps on the {{ site.product.short_name }} server: ## Steps -1. Create an X.509 certificate for the syslog-ng server. +1. Create an X.509 certificate for the {{ site.product.short_name }} server. >**NOTE:** The subject_alt_name parameter (or the Common Name parameter >if the subject_alt_name parameter is empty) of the server\'s >certificate must contain the hostname or the IP address (as resolved - >from the syslog-ng clients and relays) of the server (for example, + >from the {{ site.product.short_name }} clients and relays) of the server (for example, >syslog-ng.example.com). > >Alternatively, the Common Name or the subject_alt__name parameter @@ -26,17 +26,17 @@ Complete the following steps on the syslog-ng server: >{: .notice--info} 2. Copy the certificate (for example, syslog-ng.cert) of the syslog-ng - server to the syslog-ng server host, for example, into the + server to the {{ site.product.short_name }} server host, for example, into the /opt/syslog-ng/etc/syslog-ng/cert.d directory. The certificate must be a valid X.509 certificate in PEM format. 3. Copy the private key (for example, syslog-ng.key) matching the - certificate of the syslog-ng server to the syslog-ng server host, + certificate of the {{ site.product.short_name }} server to the {{ site.product.short_name }} server host, for example, into the /opt/syslog-ng/etc/syslog-ng/key.d directory. The key must be in PEM format. If you want to use a password-protected key, see Password-protected keys. -4. Add a source statement to the syslog-ng configuration file that uses +4. Add a source statement to the {{ site.product.short_name }} configuration file that uses the tls( key-file(key_file_fullpathname) cert-file(cert_file_fullpathname) ) option and specify the key and certificate files. The source must use the source driver (network() @@ -93,7 +93,7 @@ Complete the following steps on the syslog-ng server: The following source receives log messages encrypted using TLS, arriving to the 1999/TCP port of any interface of the syslog-ng - server. The identity of the syslog-ng client is not verified. + server. The identity of the {{ site.product.short_name }} client is not verified. ```config source demo_tls_source { diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/README.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/README.md index 3423383c..05b2cf52 100644 --- a/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/README.md +++ b/doc/_admin-guide/100_TLS-encrypted_message_transfer/001_Encrypting_log_messages_with_TLS/README.md @@ -3,5 +3,5 @@ title: Encrypting log messages with TLS id: adm-tls-encrypt description: >- This section describes how to configure TLS encryption in syslog-ng. For - the concepts of using TLS in syslog-ng, see Secure logging using TLS. + the concepts of using TLS in {{ site.product.short_name }}, see Secure logging using TLS. --- diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/000_Configuring_mutual_TLS_client.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/000_Configuring_mutual_TLS_client.md index f3826fbc..f73b58f8 100644 --- a/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/000_Configuring_mutual_TLS_client.md +++ b/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/000_Configuring_mutual_TLS_client.md @@ -1,18 +1,18 @@ --- -title: Configuring syslog-ng clients with mutual authentication +title: Configuring {{ site.product.short_name }} clients with mutual authentication id: adm-tls-client-conf-mutual --- ## Purpose -Complete the following steps on every syslog-ng client host. Examples +Complete the following steps on every {{ site.product.short_name }} client host. Examples are provided using both the legacy BSD-syslog protocol (using the network() driver) and the new IETF-syslog protocol standard (using the syslog() driver): ## Steps -1. Create an X.509 certificate for the syslog-ng client. +1. Create an X.509 certificate for the {{ site.product.short_name }} client. 2. Copy the certificate (for example, client_cert.pem) and the matching private key (for example, client.key) to the syslog-ng @@ -23,9 +23,9 @@ syslog() driver): Password-protected keys. 3. Copy the CA certificate of the Certificate Authority (for example, - cacert.pem) that issued the certificate of the syslog-ng server (or - the self-signed certificate of the syslog-ng server) to the - syslog-ng client hosts, for example, into the + cacert.pem) that issued the certificate of the {{ site.product.short_name }} server (or + the self-signed certificate of the {{ site.product.short_name }} server) to the + {{ site.product.short_name }} client hosts, for example, into the /opt/syslog-ng/etc/syslog-ng/ca.d directory. Issue the following command on the certificate: **openssl x509 @@ -39,18 +39,18 @@ syslog() driver): `ln -s cacert.pem 6d2962a8.0` -4. Add a destination statement to the syslog-ng configuration file that +4. Add a destination statement to the {{ site.product.short_name }} configuration file that uses the tls( ca-dir(path_to_ca_directory) ) option and specify the directory using the CA certificate. The destination must use the network() or the syslog() destination driver, and the IP address and - port parameters of the driver must point to the syslog-ng server. + port parameters of the driver must point to the {{ site.product.short_name }} server. Include the client\'s certificate and private key in the tls() options. Example: A destination statement using mutual authentication The following destination encrypts the log messages using TLS and - sends them to the 1999/TCP port of the syslog-ng server having the + sends them to the 1999/TCP port of the {{ site.product.short_name }} server having the 10.1.2.3 IP address. The private key and the certificate file authenticating the client is also specified. diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/001_Configuring_mutual_TLS_server.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/001_Configuring_mutual_TLS_server.md index 059a50bc..61226aee 100644 --- a/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/001_Configuring_mutual_TLS_server.md +++ b/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/001_Configuring_mutual_TLS_server.md @@ -1,22 +1,22 @@ --- -title: Configuring syslog-ng servers with mutual authentication +title: Configuring {{ site.product.short_name }} servers with mutual authentication id: adm-tls-server-conf-mutual --- ## Purpose -Complete the following steps on the syslog-ng server: +Complete the following steps on the {{ site.product.short_name }} server: ## Steps 1. Copy the certificate (for example, syslog-ng.cert) of the syslog-ng - server to the syslog-ng server host, for example, into the + server to the {{ site.product.short_name }} server host, for example, into the /opt/syslog-ng/etc/syslog-ng/cert.d directory. The certificate must be a valid X.509 certificate in PEM format. 2. Copy the CA certificate (for example, cacert.pem) of the Certificate - Authority that issued the certificate of the syslog-ng clients to - the syslog-ng server, for example, into the + Authority that issued the certificate of the {{ site.product.short_name }} clients to + the {{ site.product.short_name }} server, for example, into the /opt/syslog-ng/etc/syslog-ng/ca.d directory. Issue the following command on the certificate: **openssl x509 @@ -31,12 +31,12 @@ Complete the following steps on the syslog-ng server: `ln -s cacert.pem 6d2962a8.0` 3. Copy the private key (for example, syslog-ng.key) matching the - certificate of the syslog-ng server to the syslog-ng server host, + certificate of the {{ site.product.short_name }} server to the {{ site.product.short_name }} server host, for example, into the /opt/syslog-ng/etc/syslog-ng/key.d directory. The key must be in PEM format. If you want to use a password-protected key, see Password-protected keys. -4. Add a source statement to the syslog-ng configuration file that uses +4. Add a source statement to the {{ site.product.short_name }} configuration file that uses the tls( key-file(key_file_fullpathname) cert-file(cert_file_fullpathname) ) option and specify the key and certificate files. The source must use the source driver (network() diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/README.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/README.md index 6f6d522e..423d2ad0 100644 --- a/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/README.md +++ b/doc/_admin-guide/100_TLS-encrypted_message_transfer/002_Mutual_authentication_using_TLS/README.md @@ -3,12 +3,12 @@ title: Mutual authentication using TLS id: adm-tls-mutual description: >- This section describes how to configure mutual authentication between - the syslog-ng server and the client. Configuring mutual authentication + the {{ site.product.short_name }} server and the client. Configuring mutual authentication is similar to configuring TLS (for details, see Encrypting log messages with TLS), but the server verifies the identity of the client as well. Therefore, each client must have a certificate, and the server must have the certificate of the CA that issued the certificate of the clients. For the concepts - of using TLS in syslog-ng, see Secure logging using TLS. + of using TLS in {{ site.product.short_name }}, see Secure logging using TLS. --- diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/003_Password_protected_keys.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/003_Password_protected_keys.md index 610ef945..ff6357ad 100644 --- a/doc/_admin-guide/100_TLS-encrypted_message_transfer/003_Password_protected_keys.md +++ b/doc/_admin-guide/100_TLS-encrypted_message_transfer/003_Password_protected_keys.md @@ -2,7 +2,7 @@ title: Password-protected keys id: adm-tls-keys description: >- - Starting with syslog-ng OSE version 3.14, you can use password-protected + Starting with {{ site.product.short_name }} version 3.14, you can use password-protected private keys in the network() and syslog() source and destination drivers. --- @@ -12,10 +12,10 @@ description: >- - ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** *Hazard of data loss!* If you use password-protected keys, you must provide the passphrase of the password-protected keys every - time syslog-ng OSE is restarted (syslog-ng OSE keeps the passphrases + time {{ site.product.short_name }} is restarted ({{ site.product.short_name }} keeps the passphrases over reloads). The sources and destinations that use these keys will not work until you provide the passwords. Other parts of the - syslog-ng OSE configuration will be unaffected. + {{ site.product.short_name }} configuration will be unaffected. {: .notice--danger} This means that if you use a password-protected key in a @@ -27,17 +27,17 @@ description: >- - The path and the filename of the private key cannot contain whitespaces. -- Depending on your platform, the number of passwords syslog-ng OSE +- Depending on your platform, the number of passwords {{ site.product.short_name }} can use at the same time might be limited (for example, on Ubuntu - 16.04 you can store 16 passwords if you are running syslog-ng OSE as + 16.04 you can store 16 passwords if you are running {{ site.product.short_name }} as a non-root user). If you use lots of password-protected private keys - in your syslog-ng OSE configuration, increase this limit using the + in your {{ site.product.short_name }} configuration, increase this limit using the following command: `sudo ulimit -l unlimited` ## Providing the passwords The syslog-ng-ctl credentials status command allows you to query the -status of the private keys that syslog-ng OSE uses in the network() and +status of the private keys that {{ site.product.short_name }} uses in the network() and syslog() drivers. The command returns the list of private keys used, and their status. For example: @@ -49,18 +49,18 @@ syslog-ng-ctl credentials status >/home/user/ssl_test/client-1/client-encrypted.key SUCCESS If the status of a key is PENDING, you must provide the passphrase for -the key, otherwise syslog-ng OSE cannot use it. The sources and +the key, otherwise {{ site.product.short_name }} cannot use it. The sources and destinations that use these keys will not work until you provide the -passwords. Other parts of the syslog-ng OSE configuration will be +passwords. Other parts of the {{ site.product.short_name }} configuration will be unaffected. You must provide the passphrase of the password-protected -keys every time syslog-ng OSE is restarted. +keys every time {{ site.product.short_name }} is restarted. The following log message also notifies you of PENDING passphrases: >Waiting for password; keyfile='private.key' You can add the passphrase to a password-protected private key file -using the following command. syslog-ng OSE will display a prompt for you +using the following command. {{ site.product.short_name }} will display a prompt for you to enter the passphrase. We recommend that you use this method. ```bash @@ -82,4 +82,4 @@ echo "" | syslog-ng-ctl credentials add --id=- - The syslog-ng application can encrypt incoming and outgoing syslog + The {{ site.product.short_name }} application can encrypt incoming and outgoing syslog message flows using TLS if you use the network() or syslog() drivers. --- -**NOTE:** The format of the TLS connections used by syslog-ng is similar to -using syslog-ng and stunnel, but the source IP information is not lost. +**NOTE:** The format of the TLS connections used by {{ site.product.short_name }} is similar to +using {{ site.product.short_name }} and stunnel, but the source IP information is not lost. {: .notice--info} To encrypt connections, use the **transport(\"tls\")** and **tls()** @@ -25,7 +25,7 @@ The tls() option can include the following settings: that this option must be enabled both on the server and the client to have any effect. Enabling compression can significantly reduce the bandwidth required to transport the messages, but can slightly decrease -the performance of syslog-ng OSE, reducing the number of transferred +the performance of {{ site.product.short_name }}, reducing the number of transferred messages during a given period. Available in version 3.19 and later. @@ -54,9 +54,9 @@ of the files must be .r0. | Default:| none| *Description:* Specifies a file containing Diffie-Hellman parameters, -generated using the openssl dhparam utility. Note that syslog-ng OSE +generated using the openssl dhparam utility. Note that {{ site.product.short_name }} supports only DH parameter files in the PEM format. If you do not set -this parameter, syslog-ng OSE uses the 2048-bit MODP Group, as +this parameter, {{ site.product.short_name }} uses the 2048-bit MODP Group, as described in RFC-3526. ## ecdh-curve-list() @@ -68,7 +68,7 @@ described in RFC-3526. permitted in the connection when using Elliptic Curve Cryptography (ECC). -This option is only available when syslog-ng is compiled with OpenSSL +This option is only available when {{ site.product.short_name }} is compiled with OpenSSL version 1.0.2 or later. In the case of older versions, prime256v1 (NIST P-256) is used. @@ -135,9 +135,9 @@ the file after the debugging session is over. | Accepted values:| yes, no| | Default: | no | -This option is available in syslog-ng OSE 4.0 and later versions. +This option is available in {{ site.product.short_name }} 4.0 and later versions. -*Description:* In case the OCSP stapling verification is enabled, syslog-ng OSE requests the server to return its OCSP status. This status response is verified by syslog-ng OSE using the trust store configured by the ca-file(), ca-dir(), or the pkcs12-file() options. +*Description:* In case the OCSP stapling verification is enabled, {{ site.product.short_name }} requests the server to return its OCSP status. This status response is verified by {{ site.product.short_name }} using the trust store configured by the ca-file(), ca-dir(), or the pkcs12-file() options. **NOTE:** RFC-6961 multi-stapling and TLS 1.3-provided multiple responses are currently not validated, only the peer certificate is verified. {: .notice--info} @@ -159,7 +159,7 @@ destination { ## openssl-conf-cmds() -This option is available in syslog-ng OSE 4.0 and later versions. +This option is available in {{ site.product.short_name }} 4.0 and later versions. ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** openssl-conf-cmds() always has the highest priority. It overrides any other option found in the tls() section. @@ -215,7 +215,7 @@ Passphrase is currently not supported. In the following example, the first command creates a single PKCS \#12 file from the private key, X.509 certificate, and CA certificate files. Then, the second half of the example uses the same PKCS \#12 file in the -syslog-ng configuration. +{{ site.product.short_name }} configuration. ```bash openssl pkcs12 -export -inkey server.key -in server.crt -certfile ca.crt -out server.p12 @@ -243,11 +243,11 @@ source s_tls { *Description:* When set to yes in a destination that uses TLS encryption, this option enables Server Name Indication (also called -Server Name Identification, SNI). The syslog-ng OSE sends the hostname +Server Name Identification, SNI). The {{ site.product.short_name }} sends the hostname or the IP address set in the destination to the server during the TLS handshake. -Available in syslog-ng OSE 3.24 and newer. +Available in {{ site.product.short_name }} 3.24 and newer. ### Example: Using Server Name Indication @@ -274,7 +274,7 @@ destination demo_tls_destination_with_sni { | Accepted values:| comma-separated list of the following options: `no-sslv2`, `no-sslv3`, `no-tlsv1`, `no-tlsv11`, `no-tlsv12`, `no-tlsv13`, `none`, `ignore-hostname-mismatch`, `ignore-validity-period`| |Default: | `no-sslv2`| -This option is available in syslog-ng OSE 3.7 and newer. +This option is available in {{ site.product.short_name }} 3.7 and newer. *Description:* Sets the specified options of the SSL/TLS protocols. Currently, you can use it to disable specific protocol versions. Note @@ -287,14 +287,14 @@ TLSv1.1 or newer: ssl-options(no-sslv2, no-sslv3, no-tlsv1) ``` -Using ssl-options(none) means that syslog-ng OSE does not specify any +Using ssl-options(none) means that {{ site.product.short_name }} does not specify any restrictions on the protocol used. However, in this case, the underlying OpenSSL library can restrict the available protocols, for example, certain OpenSSL versions automatically disable SSLv2. -By specifying `ignore-hostname-mismatch`, the subject name of a certificate can be ignored during the validation process. This means that syslog-ng OSE checks only if the certificate itself is trusted by the current set of trust anchors (for example trusted CAs), and ignores the mismatch between the targeted hostname and the certificate subject. `ignore-hostname-mismatch` is available in syslog-ng OSE 4.4 and newer versions. +By specifying `ignore-hostname-mismatch`, the subject name of a certificate can be ignored during the validation process. This means that {{ site.product.short_name }} checks only if the certificate itself is trusted by the current set of trust anchors (for example trusted CAs), and ignores the mismatch between the targeted hostname and the certificate subject. `ignore-hostname-mismatch` is available in {{ site.product.short_name }} 4.4 and newer versions. -By specifying `ignore-validity-period`, the validity periods of a certificate can be ignored during the certificate validation process. `ignore-validity-period` is available in syslog-ng OSE 4.5 and newer. +By specifying `ignore-validity-period`, the validity periods of a certificate can be ignored during the certificate validation process. `ignore-validity-period` is available in {{ site.product.short_name }} 4.5 and newer. ### Example: Using ssl-options @@ -320,7 +320,7 @@ destination demo_tls_destination { |Type:| string| |Default: | None, uses the libcurl default| -Available in syslog-ng OSE 4.5 and later versions. +Available in {{ site.product.short_name }} 4.5 and later versions. *Description:* This option specifies the allowed SSL/TLS version. The available values are the following: `sslv2`, `sslv3`, `tlsv1`, `tlsv1_0`, `tlsv1_1`, `tlsv1_2`, `tlsv1_3`. diff --git a/doc/_admin-guide/100_TLS-encrypted_message_transfer/README.md b/doc/_admin-guide/100_TLS-encrypted_message_transfer/README.md index 3757793b..8b4e8028 100644 --- a/doc/_admin-guide/100_TLS-encrypted_message_transfer/README.md +++ b/doc/_admin-guide/100_TLS-encrypted_message_transfer/README.md @@ -2,7 +2,7 @@ title: TLS-encrypted message transfer id: adm-tls description: >- - The syslog-ng application can send and receive log messages securely + The {{ site.product.short_name }} application can send and receive log messages securely over the network using the Transport Layer Security (TLS) protocol using the network() and syslog() drivers. --- @@ -11,8 +11,8 @@ description: >- **NOTE:** This chapter describes how to use TLS encryption when using the standard syslog protocols, that is, the network() and syslog() drivers, -for example, to forward log messages between two syslog-ng nodes, or to -send log data to syslog-ng Store Box or another log server. Other +for example, to forward log messages between two {{ site.product.short_name }} nodes, or to +send log data to {{ site.product.short_name }} Store Box or another log server. Other destinations that support TLS-encryption are not discussed in this chapter (for example, [[http())|adm-dest-http-nonjava]]). {: .notice--info} @@ -28,30 +28,30 @@ The client authenticates the server by requesting its certificate and public key. Optionally, the server can also request a certificate from the client, thus mutual authentication is also possible. -In order to use TLS encryption in syslog-ng, the following elements are +In order to use TLS encryption in {{ site.product.short_name }}, the following elements are required: -- A certificate on the syslog-ng server that identifies the syslog-ng +- A certificate on the {{ site.product.short_name }} server that identifies the syslog-ng server. - The certificate of the Certificate Authority that issued the - certificate of the syslog-ng server (or the self-signed certificate - of the syslog-ng server) must be available on the syslog-ng client. + certificate of the {{ site.product.short_name }} server (or the self-signed certificate + of the {{ site.product.short_name }} server) must be available on the {{ site.product.short_name }} client. When using mutual authentication to verify the identity of the clients, the following elements are required: -- A certificate must be available on the syslog-ng client. This - certificate identifies the syslog-ng client. +- A certificate must be available on the {{ site.product.short_name }} client. This + certificate identifies the {{ site.product.short_name }} client. - The certificate of the Certificate Authority that issued the - certificate of the syslog-ng client must be available on the - syslog-ng server. + certificate of the {{ site.product.short_name }} client must be available on the + {{ site.product.short_name }} server. -Mutual authentication ensures that the syslog-ng server accepts log +Mutual authentication ensures that the {{ site.product.short_name }} server accepts log messages only from authorized clients. -For more information about configuring TLS communication in syslog-ng, +For more information about configuring TLS communication in {{ site.product.short_name }}, see Encrypting log messages with TLS. For more information about TLS-related error messages, see Error messages. diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/000_Formatting_messages.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/000_Formatting_messages.md index b2cb13d4..190400ed 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/000_Formatting_messages.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/000_Formatting_messages.md @@ -2,12 +2,12 @@ title: Formatting messages, filenames, directories, and tablenames id: adm-temp-format description: >- - The syslog-ng OSE application can dynamically create filenames, + The {{ site.product.short_name }} application can dynamically create filenames, directories, or names of database tables using macros that help you organize your log messages. Macros refer to a property or a part of the log message, for example, the ${HOST} macro refers to the name or IP address of the client that sent the log message, while ${DAY} is the - day of the month when syslog-ng has received the message. Using these + day of the month when {{ site.product.short_name }} has received the message. Using these macros in the path of the destination log files allows you for example, to collect the logs of every host into separate files for every day. --- @@ -26,8 +26,8 @@ log), the structure of the header is fixed. - For details on using templates and macros, see Templates and macros. -- For a list and description of the macros available in syslog-ng OSE, - see Macros of syslog-ng OSE. +- For a list and description of the macros available in {{ site.product.short_name }}, + see Macros of {{ site.product.short_name }}. - For details on using custom macros created with CSV parsers and pattern databases, see [[parser: Parse and segment structured messages]] and Using parser results in filters and templates, respectively. diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/001_Templates_and_macros.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/001_Templates_and_macros.md index 624da3a5..9d3fd1e6 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/001_Templates_and_macros.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/001_Templates_and_macros.md @@ -2,12 +2,12 @@ title: Templates and macros id: adm-temp-macros description: >- - The syslog-ng OSE application allows you to define message templates, + The {{ site.product.short_name }} application allows you to define message templates, and reference them from every object that can use a template. Templates can include strings, macros (for example, date, the hostname, and so on), and template functions. For example, you can use templates to create standard message formats or filenames. For a list of macros - available in syslog-ng Open Source Edition, see Macros of syslog-ng OSE. + available in {{ site.product.name }}, see Macros of {{ site.product.short_name }}. Fields from the structured data (SD) part of messages using the new IETF-syslog standard can also be used as macros. --- @@ -24,7 +24,7 @@ Template objects have a single option called template-escape(), which is disabled by default (template-escape(no)). This behavior is useful when the messages are passed to an application that cannot handle escaped characters properly. Enabling template escaping (template-escape(yes)) -causes syslog-ng to escape the \', \", and backslash characters from the +causes {{ site.product.short_name }} to escape the \', \", and backslash characters from the messages. If you do not want to enable the template-escape() option (which is @@ -62,7 +62,7 @@ Macro names are case-sensitive, that is, "$message" and "${MESSAGE}" are not the same. To use a literal $ character in a template, you have to escape it. In -syslog-ng OSE versions 3.4 and earlier, use a backslash (**\\$**). In +{{ site.product.short_name }} versions 3.4 and earlier, use a backslash (**\\$**). In version 3.5 and later, use **$$**. **NOTE:** To use a literal @ character in a template, use **@@**. @@ -79,7 +79,7 @@ hostname. ${HOST:-default_hostname} ``` -By default, syslog-ng sends messages using the following template: +By default, {{ site.product.short_name }} sends messages using the following template: ${ISODATE} ${HOST} ${MSGHDR}${MESSAGE}\\n. (The ${MSGHDR}${MESSAGE} part is written together because the ${MSGHDR} macro includes a trailing whitespace.) diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/002_Date_related_macros.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/002_Date_related_macros.md index 517b28ed..7500cff2 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/002_Date_related_macros.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/002_Date_related_macros.md @@ -12,14 +12,14 @@ ${HOUR}, and so on) have three further variants each: ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** To use the S\_ macros, the keep-timestamp() option must be enabled - (this is the default behavior of syslog-ng OSE). + (this is the default behavior of {{ site.product.short_name }}). {: .notice--warning} - R_ prefix, for example, ${R_DATE}: ${R_DATE} is the date when - syslog-ng OSE has received the message. + {{ site.product.short_name }} has received the message. - C_ prefix, for example, ${C_DATE}: ${C_DATE} is the current - date, that is when syslog-ng OSE processes the message and resolves + date, that is when {{ site.product.short_name }} processes the message and resolves the macro. The ${DATE} macro equals the ${S_DATE} macro. diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/003_Hard_vs_soft_macros.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/003_Hard_vs_soft_macros.md index e8468e28..9d5ca9e2 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/003_Hard_vs_soft_macros.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/003_Hard_vs_soft_macros.md @@ -7,9 +7,9 @@ description: >- Hard macros are read-only. Soft macros (sometimes also called name-value pairs) are either built-in macros automatically generated from the log message (for example, ${HOST}), or custom user-created macros generated - by using the syslog-ng pattern database or a CSV-parser. In contrast to + by using the {{ site.product.short_name }} pattern database or a CSV-parser. In contrast to hard macros, soft macros are writable and can be modified within - syslog-ng OSE, for example, using rewrite rules. + {{ site.product.short_name }}, for example, using rewrite rules. --- Hard and soft macros are rather similar and often treated as equivalent. @@ -18,7 +18,7 @@ modify the value of the macro, so both soft and hard macros can be used. However, it is not possible to change the values of hard macros in rewrite rules or via any other means. -The following macros in syslog-ng OSE are hard macros and cannot be +The following macros in {{ site.product.short_name }} are hard macros and cannot be modified: BSDTAG, CONTEXT\_ID, DATE, DAY, FACILITY\_NUM, FACILITY, FULLDATE, HOUR, ISODATE, ISOWEEK, LEVEL\_NUM, LEVEL, MIN, MONTH\_ABBREV, MONTH\_NAME, MONTH, MONTH\_WEEK, PRIORITY, PRI, RCPTID, SDATA, SEC, diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/004_Macros_of_syslog-ng.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/004_Macros_of_syslog-ng.md index 47c1c92b..d6c43477 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/004_Macros_of_syslog-ng.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/004_Macros_of_syslog-ng.md @@ -1,12 +1,12 @@ --- -title: Macros of syslog-ng OSE +title: Macros of {{ site.product.short_name }} id: adm-temp-macro-ose description: >- - The following macros are available in syslog-ng OSE. + The following macros are available in {{ site.product.short_name }}. --- > ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** -> These macros are available when syslog-ng OSE successfully +> These macros are available when {{ site.product.short_name }} successfully > parses the incoming message as a syslog message, or you use > some other parsing method and map the parsed values to these > macros. @@ -14,7 +14,7 @@ description: >- > If you are using the flags(no-parse) option, then syslog message parsing is > completely disabled, and the entire incoming message is treated as > the ${MESSAGE} part of a syslog message. -> In this case, syslog-ng OSE generates a new syslog header +> In this case, {{ site.product.short_name }} generates a new syslog header > (timestamp, host, and so on) automatically. Note that even > though flags(no-parse) disables message parsing, some flags can > still be used, for example, the no-multi-line flag. @@ -26,7 +26,7 @@ Typically used together with the ${HOUR12} macro, ${AMPM} returns the period of the day: AM for hours before mid day and PM for hours after mid day. In reference to a 24-hour clock format, AM is between 00:00-12:00 and PM is between 12:00-24:00. 12AM is midnight. -Available in syslog-ng OSE 3.4 and later. +Available in {{ site.product.short_name }} 3.4 and later. ## ${BSDTAG} @@ -87,7 +87,7 @@ sent the message. ## ${FILE_NAME} Name of the log file (including its path) from where -syslog-ng OSE received the message (only available if syslog-ng OSE +{{ site.product.short_name }} received the message (only available if {{ site.product.short_name }} received the message from a [[file|adm-src-file]] or a [[wildcard-file|adm-src-wild]]). If you need only the path or the filename, use the @@ -115,7 +115,7 @@ The hour of day the message was sent. The hour of day the message was sent in 12-hour clock format. See also the ${AMPM} macro. 12AM is midnight. Available in -syslog-ng OSE 3.4 and later. +{{ site.product.short_name }} 3.4 and later. ## ${HOST} @@ -130,12 +130,12 @@ syslog-ng OSE 3.4 and later. Date of the message in the ISO 8601 compatible standard timestamp format (yyyy-mm-ddThh:mm:ss+-ZONE), for example: 2006-06-13T15:58:00.123+01:00. If possible, it is recommended to use -${ISODATE} for timestamping. Note that syslog-ng can produce fractions +${ISODATE} for timestamping. Note that {{ site.product.short_name }} can produce fractions of a second (for example, milliseconds) in the timestamp by using the frac-digits() global or per-destination option. -**NOTE:** As syslog-ng OSE is precise up to the microsecond, when the -frac-digits() option is set to a value higher than 6, syslog-ng OSE will +**NOTE:** As {{ site.product.short_name }} is precise up to the microsecond, when the +frac-digits() option is set to a value higher than 6, {{ site.product.short_name }} will truncate the fraction seconds in the timestamps after 6 digits. {: .notice--info} @@ -157,7 +157,7 @@ LEVEL for details. ## ${LOGHOST} -The hostname of the computer running syslog-ng OSE. +The hostname of the computer running {{ site.product.short_name }}. - In version 3.24 and later: the ${LOGHOST} macro returns the fully-qualified domain name (FQDN) only if the use-fqdn() option is @@ -174,17 +174,17 @@ MSGHDR and ${PID} macros. If you are using the flags(no-parse) option, then syslog message parsing is completely disabled, and the entire incoming message is treated as -the ${MESSAGE} part of a syslog message. In this case, syslog-ng OSE +the ${MESSAGE} part of a syslog message. In this case, {{ site.product.short_name }} generates a new syslog header (timestamp, host, and so on) automatically. Note that even though flags(no-parse) disables message parsing, some flags can still be used, for example, the no-multi-line flag. The ${MSG} macro is an alias of the ${MESSAGE} macro: using ${MSG} in -syslog-ng OSE is equivalent to ${MESSAGE}. +{{ site.product.short_name }} is equivalent to ${MESSAGE}. -Note that before syslog-ng version 3.0, the ${MESSAGE} macro included -the program name and the pid. In syslog-ng 3.0, the ${MESSAGE} macro +Note that before {{ site.product.short_name }} version 3.0, the ${MESSAGE} macro included +the program name and the pid. In {{ site.product.short_name }} 3.0, the ${MESSAGE} macro became equivalent with the ${MSGONLY} macro. ## ${MIN}, ${C_MIN}, ${R_MIN}, ${S_MIN} @@ -216,12 +216,12 @@ and the end of the month (the 30th and 31st) is week 5. The millisecond the message was sent. -Available in syslog-ng OSE version 3.4 and later. +Available in {{ site.product.short_name }} version 3.4 and later. ## ${MSG} The ${MSG} macro is an alias of the ${MESSAGE} macro, using ${MSG} in -syslog-ng OSE is equivalent to ${MESSAGE}. For details on this macro, +{{ site.product.short_name }} is equivalent to ${MESSAGE}. For details on this macro, see MESSAGE. ## ${MSGHDR} @@ -236,7 +236,7 @@ of the message are empty. A string specifying the type of the message in IETF-syslog (RFC-5424 formatted) messages. For example, a firewall might use the ${MSGID} \"TCPIN\" for incoming TCP traffic and the ${MSGID} -\"TCPOUT\" for outgoing TCP traffic. By default, syslog-ng OSE does not +\"TCPOUT\" for outgoing TCP traffic. By default, {{ site.product.short_name }} does not specify this value, but uses a dash (-) character instead. If an incoming message includes the ${MSGID} value, it is retained and relayed without modification. @@ -244,7 +244,7 @@ relayed without modification. ## ${MSGONLY} Message contents without the program name or pid. -Starting with syslog-ng OSE 3.0, the following macros are equivalent: +Starting with {{ site.product.short_name }} 3.0, the following macros are equivalent: ${MSGONLY}, ${MSG}, ${MESSAGE}. For consistency, use the ${MESSAGE} macro. For details, see MESSAGE. @@ -281,7 +281,7 @@ For an example use case when using the macro is recommended, see The original message as received from the client. Note that this macro is available only in 3.16 and later, and only if -syslog-ng received the message using the +{{ site.product.short_name }} received the message using the [[default-network-drivers()|adm-src-def-netw]] source, or the source receiving the message has the store-raw-message flag set. @@ -289,7 +289,7 @@ store-raw-message flag set. ## ${RCPTID} When the use-rcptid global option is set to **yes**, -syslog-ng OSE automatically assigns a unique reception ID to every +{{ site.product.short_name }} automatically assigns a unique reception ID to every received message. You can access this ID and use it in templates via the ${RCPTID} macro. The reception ID is a monotonously increasing 48-bit integer number, that can never be zero (if the counter overflows, it @@ -297,12 +297,12 @@ restarts with 1). ## ${RUNID} -An ID that changes its value every time syslog-ng OSE is +An ID that changes its value every time {{ site.product.short_name }} is restarted, but not when reloaded. ## ${SDATA}, ${.SDATA.SDID.SDNAME} -The syslog-ng application automatically parses the +The {{ site.product.short_name }} application automatically parses the STRUCTURED-DATA part of IETF-syslog messages, which can be referenced in macros. The ${SDATA} macro references the entire STRUCTURED-DATA part of the message, while structured data elements can be referenced using @@ -338,14 +338,14 @@ The ${SEQNUM} macro contains a sequence number for the log message. The value of the macro depends on the scenario, and can be one of the following: -- If syslog-ng OSE receives a message via the IETF-syslog protocol +- If {{ site.product.short_name }} receives a message via the IETF-syslog protocol that includes a sequence ID, this ID is automatically available in the ${SEQNUM} macro. - If the message is a Cisco IOS log message using the extended - timestamp format, then syslog-ng OSE stores the sequence number from + timestamp format, then {{ site.product.short_name }} stores the sequence number from the message in this macro. If you forward this message the - IETF-syslog protocol, syslog-ng OSE includes the sequence number + IETF-syslog protocol, {{ site.product.short_name }} includes the sequence number received from the Cisco device in the ${.SDATA.meta.sequenceId} part of the message. @@ -365,22 +365,20 @@ one of the following: destination. - This sequence number increases by one for every message sent to - the destination. It not lost when syslog-ng OSE is reloaded, but - it is reset when syslog-ng OSE is restarted. + the destination. It not lost when {{ site.product.short_name }} is reloaded, but + it is reset when {{ site.product.short_name }} is restarted. - This sequence number is added to every message that uses the IETF-syslog protocol (**${.SDATA.meta.sequenceId}**), and can be added to BSD-syslog messages using the **${SEQNUM}** macro. -**NOTE:** If you need a sequence number for every log message that syslog-ng -OSE receives, use the RCPTID macro. +**NOTE:** If you need a sequence number for every log message that {{ site.product.short_name }} receives, use the RCPTID macro. {: .notice--info} ## ${SOURCE} -The identifier of the source statement in the syslog-ng -OSE configuration file that received the message. For example, if -syslog-ng OSE received the log message from the source s_local { +The identifier of the source statement in the {{ site.product.short_name }} configuration file that received the message. For example, if +{{ site.product.short_name }} received the log message from the source s_local { internal(); }; source statement, the value of the ${SOURCE} macro is s_local. This macro is mainly useful for debugging and troubleshooting purposes. @@ -399,11 +397,11 @@ Global options global or per-destination option. ## ${SYSUPTIME} -The time elapsed since the syslog-ng OSE instance was -started (that is, the uptime of the syslog-ng OSE process). The value of +The time elapsed since the {{ site.product.short_name }} instance was +started (that is, the uptime of the {{ site.product.short_name }} process). The value of this macro is an integer containing the time in 1/100th of the second. -Available in syslog-ng OSE version 3.4 and later. +Available in {{ site.product.short_name }} version 3.4 and later. ## ${TAG} @@ -435,7 +433,7 @@ An alias of the ${TZOFFSET} macro. ## ${TZOFFSET}, ${C_TZOFFSET}, ${R_TZOFFSET}, ${S_TZOFFSET} The time-zone as hour offset from GMT, for example: --07:00. In syslog-ng 1.6.x this used to be -0700 but as ${ISODATE} +-07:00. In {{ site.product.short_name }} 1.6.x this used to be -0700 but as ${ISODATE} requires the colon it was added to ${TZOFFSET} as well. ## ${UNIXTIME}, ${C_UNIXTIME}, ${R_UNIXTIME}, ${S_UNIXTIME} @@ -450,7 +448,7 @@ contain information about the peer\'s certificate. That way, you can use information from the client certificate in filenames, database values, or as other metadata. If you clients have their own certificates, then these values are unique per client, but unchangeable by the client. The -following macros are available in syslog-ng OSE version 3.9 and later. +following macros are available in {{ site.product.short_name }} version 3.9 and later. - .tls.x509_cn: The Common Name of the certificate. @@ -465,13 +463,13 @@ RCPTID in the format of HOSTID@RCPTID. For details, see use-uniqid() and RCPTID. -Available in syslog-ng OSE version 3.7 and later. +Available in {{ site.product.short_name }} version 3.7 and later. ## ${USEC}, ${C_USEC}, ${R_USEC}, ${S_USEC} The microsecond the message was sent. -Available in syslog-ng OSE version 3.4 and later. +Available in {{ site.product.short_name }} version 3.4 and later. ## ${YEAR}, ${C_YEAR}, ${R_YEAR}, ${S_YEAR} diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/005_Example.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/005_Example.md index 7389901f..54cf24b5 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/005_Example.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/005_Example.md @@ -9,13 +9,13 @@ ${DESTIP}, the ${DESTPORT}, and the ${PROTO} macros. Using the ${DESTIP}, the ${DESTPORT}, and the ${PROTO} macros is relevant when multiple sources are configured to receive messages on the -syslog-ng OSE side. In this case, the hostname and IP address on the -sender\'s side and the syslog-ng OSE side is the same, and at a later -point in the pipeline, syslog-ng OSE can not by default specify which +{{ site.product.short_name }} side. In this case, the hostname and IP address on the +sender\'s side and the {{ site.product.short_name }} side is the same, and at a later +point in the pipeline, {{ site.product.short_name }} can not by default specify which source received the message. The ${DESTIP}, the ${DESTPORT}, and the ${PROTO} macros solve this issue by specifying the local IP address and local port of the original message source, and the protocol used on the -original message source on the syslog-ng OSE side. +original message source on the {{ site.product.short_name }} side. ## When to use the ${DESTIP}, the ${DESTPORT}, and the ${PROTO} macros @@ -28,18 +28,18 @@ ${PROTO} macros in either of the following scenarios: different, and instead of using complex filters, you want to capture either of them, preferably with the simplest possible filter. -- The IP addresses on the sender\'s side and the syslog-ng OSE side +- The IP addresses on the sender\'s side and the {{ site.product.short_name }} side are the same, therefore the netmask() option doesn\'t work in your configuration. -- The hostnames on the sender\'s side and the syslog-ng OSE side are +- The hostnames on the sender\'s side and the {{ site.product.short_name }} side are the same, therefore the host() option doesn\'t work in your configuration. ## Macros: ${DESTIP}, ${DESTPORT}, and ${PROTO} -To solve either of the challenges listed previously, syslog-ng Open -Source Edition (syslog-ng OSE) supports the following macros that you +To solve either of the challenges listed previously, {{ site.product.short_name }} Open +Source Edition ({{ site.product.short_name }}) supports the following macros that you can include in your configuration: - ${DESTIP} @@ -51,13 +51,12 @@ can include in your configuration: ## Configuration and output The following configuration example illustrates how you can use the -${DESTIP}, the ${DESTPORT}, and the ${PROTO} macros in your syslog-ng OSE +${DESTIP}, the ${DESTPORT}, and the ${PROTO} macros in your {{ site.product.short_name }} configuration. ### Example: using the ${DESTIP}, the ${DESTPORT}, and the ${PROTO} macros in your configuration -The ${DESTIP}, the ${DESTPORT}, and the ${PROTO} macros in your syslog-ng -OSE configuration: +The ${DESTIP}, the ${DESTPORT}, and the ${PROTO} macros in your {{ site.product.short_name }} configuration: ```config log{ diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/006_Using_template_functions.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/006_Using_template_functions.md index b3a52adb..fec783f7 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/006_Using_template_functions.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/006_Using_template_functions.md @@ -5,7 +5,7 @@ description: >- A template function is a transformation: it modifies the way macros or name-value pairs are expanded. Template functions can be used in template definitions, or when macros are used in the configuration of - syslog-ng OSE. + {{ site.product.short_name }}. --- Template functions use the following syntax: @@ -35,7 +35,7 @@ $(echo $(echo ${HOST})) ``` For details on the available template functions, see the descriptions of -the individual template functions in Template functions of syslog-ng OSE. +the individual template functions in Template functions of {{ site.product.short_name }}. You can define your own template function as a regular configuration object (for example, to reuse the same function in different places in diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/007_Template_functions_of_syslog-ng.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/007_Template_functions_of_syslog-ng.md index 4b76f986..409fc5d6 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/007_Template_functions_of_syslog-ng.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/007_Template_functions_of_syslog-ng.md @@ -1,8 +1,8 @@ --- -title: Template functions of syslog-ng OSE +title: Template functions of {{ site.product.short_name }} id: adm-temp-func description: >- - The following template functions are available in syslog-ng OSE. + The following template functions are available in {{ site.product.short_name }}. --- ## $(base64-encode) @@ -12,11 +12,11 @@ description: >- *Description:* You can use the base64-encode template function to base64-encode strings and macros. The template function can receive multiple parameters (maximum 64). In -this case, syslog-ng OSE joins the parameters into a single string and +this case, {{ site.product.short_name }} joins the parameters into a single string and encodes this string. For example, $(base64-encode string1 string2) is equivalent to $(base64-encode string1string2). -Available in syslog-ng OSE version 3.18 and later. +Available in {{ site.product.short_name }} version 3.18 and later. ## $(basename) @@ -27,7 +27,7 @@ macro) that contains a filename with a path. For example, $(basename \"/var/log/messages.log\") returns messages.log. To extract the path, use the dirname template function. -Available in syslog-ng OSE version 3.10 and later. +Available in {{ site.product.short_name }} version 3.10 and later. ## $(dirname) @@ -38,7 +38,7 @@ Available in syslog-ng OSE version 3.10 and later. example, $(dirname \"/var/log/messages.log\") returns /var/log path. To extract the filename, use the basename template function. -Available in syslog-ng OSE version 3.10 and later. +Available in {{ site.product.short_name }} version 3.10 and later. ## $(echo) @@ -52,11 +52,11 @@ ${HOST}) is equivalent to ${HOST}. |*Syntax:*|$(env \)| *Description:* Returns the value of the specified environment variable. -Available in syslog-ng OSE 3.5 and later. +Available in {{ site.product.short_name }} 3.5 and later. ## $(format-cef-extension) -syslog-ng OSE includes a template function (format-cef-extension) to +{{ site.product.short_name }} includes a template function (format-cef-extension) to format name-value pairs as ArcSight Common Event Format extensions. Note that the template function only formats the selected name-value pairs, it does not provide any mapping. There is no special support for @@ -64,7 +64,7 @@ creating the prefix part of a Common Event Format (CEF) message. Note that the order of the elements is random. For details on the CEF extension escaping rules format, see the ArcSight Common Event Format. -You can use the value-pairs that syslog-ng OSE stores about +You can use the value-pairs that {{ site.product.short_name }} stores about the log message as CEF fields. Using value-pairs, you can: - select which value-pairs to use as CEF fields, @@ -89,7 +89,7 @@ prerequisites: - Set the on-error global option to **drop-property**, otherwise if the name of a name-value pair includes an invalid character, - syslog-ng OSE drops the entire message. (Key name in CEF extensions + {{ site.product.short_name }} drops the entire message. (Key name in CEF extensions can contain only the A-Z, a-z and 0-9 characters.) ```config @@ -147,10 +147,10 @@ destination d_cim { ``` You can find the exact source of the CIM template in the -syslog-ng OSE GitHub repository. +{{ site.product.short_name }} GitHub repository. -**NOTE:** To use the format-cim() template function, syslog-ng OSE must be -compiled with JSON support. To see if your syslog-ng OSE binary was +**NOTE:** To use the format-cim() template function, {{ site.product.short_name }} must be +compiled with JSON support. To see if your {{ site.product.short_name }} binary was compiled with JSON support, execute the **syslog-ng \--version** command. {: .notice--info} @@ -221,7 +221,7 @@ message does not have to be in JSON format to use format-json, you can reformat any incoming message as JSON. You can use the value-pairs -that syslog-ng OSE stores about the log message as JSON fields. Using +that {{ site.product.short_name }} stores about the log message as JSON fields. Using value-pairs, you can: - select which value-pairs to use as JSON fields, @@ -230,11 +230,11 @@ value-pairs, you can: - rename value-pairs, and so on. -**NOTE:** Prior to version 4.0, syslog-ng OSE handled all data as strings, +**NOTE:** Prior to version 4.0, {{ site.product.short_name }} handled all data as strings, and allowed the strings to be converted into other types of data that only data formats of certain destinations supported. -In syslog-ng OSE 4.0 and later versions, each name-value pair is a -(name, type, value) triplet, and several components of syslog-ng OSE 4.0 support +In {{ site.product.short_name }} 4.0 and later versions, each name-value pair is a +(name, type, value) triplet, and several components of {{ site.product.short_name }} 4.0 support this format. For details, see Specifying data types in value-pairs. {: .notice--info} @@ -266,7 +266,7 @@ destination d_json { }; ``` -**NOTE:** In case of syslog-ng macros starting with a dot (for example, +**NOTE:** In case of {{ site.product.short_name }} macros starting with a dot (for example, \".SDATA.meta.sequenceID\") an empty key name is added at the top level of the JSON structure. You can work around this by adding \--shift 1 as a parameter to the template function. @@ -330,14 +330,14 @@ destination d_welf { mmdb database using the \--field parameter. If you omit this parameter, it returns the 2-letter country code of any IPv4/IPv6 address or host. -**NOTE:** This template function is available only if syslog-ng OSE has been +**NOTE:** This template function is available only if {{ site.product.short_name }} has been compiled with geoip2 support. To enable it, use the **\--enable-geoip** compiling option. {: .notice--info} To retrieve additional GeoIP information, see Looking up GeoIP2 data from IP addresses. -Starting with version 3.24, syslog-ng OSE tries to automatically detect +Starting with version 3.24, {{ site.product.short_name }} tries to automatically detect the location of the database. If that is successful, the database() option is not mandatory. @@ -345,13 +345,13 @@ option is not mandatory. |*Syntax:*|$(graphite-output parameters)| -*Description:* Available in syslog-ng OSE 3.6 and later (Originally -appeared in the syslog-ng OSE incubator for syslog-ng 3.5). This +*Description:* Available in {{ site.product.short_name }} 3.6 and later (Originally +appeared in the {{ site.product.short_name }} incubator for {{ site.product.short_name }} 3.5). This template function converts value-pairs from the incoming message to the Graphite plain text protocol format. It is ideal to use with the -messages generated by the monitor-source plugin (currently available in the syslog-ng incubator project). +messages generated by the monitor-source plugin (currently available in the {{ site.product.short_name }} incubator project). -For details on selecting value-pairs in syslog-ng OSE and for +For details on selecting value-pairs in {{ site.product.short_name }} and for possibilities to specify which information to convert to Graphite plain text protocol format, see Structuring macros, metadata, and other value-pairs. Note that the syntax of graphite-output is different from the syntax of value-pairs(): @@ -423,7 +423,7 @@ using the \--length option. This way, IDs will be shorter than a regular hash, but there is a very small possibility of them not being as unique as a non-truncated hash. -**NOTE:** These template functions are available only if syslog-ng OSE has +**NOTE:** These template functions are available only if {{ site.product.short_name }} has been compiled with the \--enable-ssl compile option and the tfhash module has been loaded. {: .notice--info} @@ -531,7 +531,7 @@ module has been loaded. ## List manipulation The list-\* template functions allow you to manipulate comma-separated -lists. Such lists represent a simple array type in syslog-ng OSE. Note +lists. Such lists represent a simple array type in {{ site.product.short_name }}. Note the following about formatting lists: - Values are separated by commas, for example, @@ -548,7 +548,7 @@ and quoting all elements. If a template function returns a single element, all quotation is decoded and the value contains the literal value. -Starting with syslog-ng OSE version 3.10, the following list-related +Starting with {{ site.product.short_name }} version 3.10, the following list-related template functions are available. Certain functions allow you to reference an element using its number: note that the list index starts with zero, so the index of the first element is 0, the second element is @@ -652,7 +652,7 @@ destination d_file { }; ``` -Available in syslog-ng OSE 3.5 and later. +Available in {{ site.product.short_name }} 3.5 and later. ## Numerical operations @@ -724,69 +724,69 @@ Output: foofoofoofmymessage *Description:* This template function enables you to write a custom template function in Python. You can define a Python block in your -syslog-ng OSE configuration file, define one or more Python functions in +{{ site.product.short_name }} configuration file, define one or more Python functions in it, and use the methods as template functions. If you use a Python -block, syslog-ng OSE embeds a Python interpreter to process the +block, {{ site.product.short_name }} embeds a Python interpreter to process the messages. -The following points apply to using Python blocks in syslog-ng OSE in +The following points apply to using Python blocks in {{ site.product.short_name }} in general: -- Python parsers and template functions are available in syslog-ng OSE +- Python parsers and template functions are available in {{ site.product.short_name }} version 3.10 and later. - Python destinations and sources are available in syslog-ng OSE + Python destinations and sources are available in {{ site.product.short_name }} version 3.18 and later. - Supported Python versions: 2.7 and 3.4+ (if you are using pre-built binaries, check the dependencies of the package to find out which Python version it was compiled with). -- The Python block must be a top-level block in the syslog-ng OSE +- The Python block must be a top-level block in the {{ site.product.short_name }} configuration file. - If you store the Python code in a separate Python file and only - include it in the syslog-ng OSE configuration file, make sure that + include it in the {{ site.product.short_name }} configuration file, make sure that the PYTHON\_PATH environment variable includes the path to the Python file, and export the PYTHON\_PATH environment variable. For - example, if you start syslog-ng OSE manually from a terminal and you + example, if you start {{ site.product.short_name }} manually from a terminal and you store your Python files in the /opt/syslog-ng/etc directory, use the following command: **export PYTHONPATH=/opt/syslog-ng/etc**. - In production, when syslog-ng OSE starts on boot, you must configure + In production, when {{ site.product.short_name }} starts on boot, you must configure your startup script to include the Python path. The exact method depends on your operating system. For recent Red Hat Enterprise Linux, Fedora, and CentOS distributions that use systemd, the systemctl command sources the /etc/sysconfig/syslog-ng file before - starting syslog-ng OSE. (On openSUSE and SLES, /etc/sysconfig/syslog + starting {{ site.product.short_name }}. (On openSUSE and SLES, /etc/sysconfig/syslog file.) Append the following line to the end of this file: **PYTHONPATH=\"\\"**, for example, **PYTHONPATH=\"/opt/syslog-ng/etc\"**. -- The Python object is initiated every time when syslog-ng OSE is +- The Python object is initiated every time when {{ site.product.short_name }} is started or reloaded. {% include doc/admin-guide/warnings/python-reload.md %} - The Python block can contain multiple Python functions. -- Using Python code in syslog-ng OSE can significantly decrease the - performance of syslog-ng OSE, especially if the Python code is slow. - In general, the features of syslog-ng OSE are implemented in C, and +- Using Python code in {{ site.product.short_name }} can significantly decrease the + performance of {{ site.product.short_name }}, especially if the Python code is slow. + In general, the features of {{ site.product.short_name }} are implemented in C, and are faster than implementations of the same or similar features in Python. -- Validate and lint the Python code before using it. The syslog-ng OSE +- Validate and lint the Python code before using it. The {{ site.product.short_name }} application does not do any of this. - Python error messages are available in the internal() source of - syslog-ng OSE. + {{ site.product.short_name }}. -- You can access the name-value pairs of syslog-ng OSE directly +- You can access the name-value pairs of {{ site.product.short_name }} directly through a message object or a dictionary. - To help debugging and troubleshooting your Python code, you can send - log messages to the internal() source of syslog-ng OSE. For details, + log messages to the internal() source of {{ site.product.short_name }}. For details, see Logging from your Python code. The following points apply to Python parsers. @@ -864,7 +864,7 @@ message with semicolons (;): $(replace-delimiter "\t" ";" "${MESSAGE}") ``` -Available in syslog-ng OSE 3.5 and later. +Available in {{ site.product.short_name }} 3.5 and later. ## $(sanitize) @@ -996,7 +996,7 @@ template t_truncate_messages { ## $(tag) -Available in syslog-ng OSE 4.6 and later versions. +Available in {{ site.product.short_name }} 4.6 and later versions. *Syntax:* @@ -1011,7 +1011,7 @@ $(tag ) ## $(tags-head) -Available in syslog-ng OSE 4.7 and later versions. +Available in {{ site.product.short_name }} 4.7 and later versions. *Syntax:* @@ -1042,7 +1042,7 @@ file ("/var/log/${MONTH}/${DAY}/$(uppercase "${HOST}")/messages"); }; ``` -Available in syslog-ng OSE 3.5 and later. +Available in {{ site.product.short_name }} 3.5 and later. ## $(url-decode) @@ -1054,7 +1054,7 @@ yields \<\>. The url-decode can receive multiple parameters (maximum 64). In this case, each parameter is decoded separately, and simply concatenated. -Available in syslog-ng OSE version 3.18 and later. +Available in {{ site.product.short_name }} version 3.18 and later. ## $(url-encode) @@ -1066,7 +1066,7 @@ Telegram. The url-encode template function escapes strings. All input characters that are not a-z, A-Z, 0-9, \'-\', \'.\', \'\_\' or \'\~\' are converted to their \"URL escaped\" version. -Available in syslog-ng OSE version 3.18 and later. (In version +Available in {{ site.product.short_name }} version 3.18 and later. (In version 3.16-3.17, this template function was called urlencode.) ## $(uuid) diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/008_Modifying_the_on-the-wire_message_format.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/008_Modifying_the_on-the-wire_message_format.md index ab71798b..f6b42f73 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/008_Modifying_the_on-the-wire_message_format.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/008_Modifying_the_on-the-wire_message_format.md @@ -4,14 +4,13 @@ id: adm-temp-modify-otw description: >- Macros, templates, and template functions allow you to fully customize the format of the message. This flexibility makes it possible to use - syslog-ng OSE in some unexpected way if needed, for example, to emulate + {{ site.product.short_name }} in some unexpected way if needed, for example, to emulate simple, plain-text protocols. The following example shows you how to send LPUSH commands to a Redis server. --- **NOTE:** The purpose of this example is to demonstrate the flexibility of -syslog-ng OSE. A dedicated Redis destination is available in syslog-ng -OSE version 3.5. For details, see +{{ site.product.short_name }}. A dedicated Redis destination is available in {{ site.product.short_name }} version 3.5. For details, see [[redis: Storing name-value pairs in Redis]]. {: .notice--info} @@ -25,7 +24,7 @@ template t_redis_lpush { }; ``` -If you use this template in a network() destination, syslog-ng OSE +If you use this template in a network() destination, {{ site.product.short_name }} formats the message according to the template, and sends it to the Redis server. diff --git a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/README.md b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/README.md index 482005af..3281e4ff 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/README.md +++ b/doc/_admin-guide/110_Template_and_rewrite/000_Customize_message_format/README.md @@ -13,11 +13,11 @@ and also how to use templates, macros, and template functions. describes how to use macros and templates to format log messages or change the names of logfiles and database tables. -- Macros of syslog-ng OSE lists the different - types of macros available in syslog-ng OSE. +- Macros of {{ site.product.short_name }} lists the different + types of macros available in {{ site.product.short_name }}. - Using template functions explains what template functions are and how to use them. -- Template functions of syslog-ng OSE - lists the template functions available in syslog-ng OSE. +- Template functions of {{ site.product.short_name }} + lists the template functions available in {{ site.product.short_name }}. diff --git a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/005_Setting_match.md b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/005_Setting_match.md index f9b67383..7ec2c40c 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/005_Setting_match.md +++ b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/005_Setting_match.md @@ -12,9 +12,9 @@ set, or the JSON parser produces match variables if the parsed JSON data is an array. It is possible to set match variables in a single operation with the -set-matches() rewrite function. set-matches() uses syslog-ng OSE list +set-matches() rewrite function. set-matches() uses {{ site.product.short_name }} list expressions to set **$1, $2, \... $255**, so it can be considered as -a conversion function between syslog-ng OSE lists and match variables. +a conversion function between {{ site.product.short_name }} lists and match variables. {% include doc/admin-guide/notes/convert-match-var.md %} diff --git a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/008_Custom_SDATA_fields.md b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/008_Custom_SDATA_fields.md index e30830c9..e5736e2f 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/008_Custom_SDATA_fields.md +++ b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/008_Custom_SDATA_fields.md @@ -13,7 +13,7 @@ following format: .SDATA.group-name@\.field-name, for example, .SDATA.mySDATA-field-group@18372.4.mySDATA-field. (18372.4 is the private enterprise number of One Identity LLC, the developer of -syslog-ng OSE.) +{{ site.product.short_name }}.) ### Example: Rewriting custom SDATA fields diff --git a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/010_map-value_pairs.md b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/010_map-value_pairs.md index 86895ed5..5f6d9ec5 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/010_map-value_pairs.md +++ b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/010_map-value_pairs.md @@ -11,7 +11,7 @@ description: >- similarly to value-pairs based destinations. --- -Available in syslog-ng OSE version 3.10 and later. +Available in {{ site.product.short_name }} version 3.10 and later. **Declaration** diff --git a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/011_Conditional_rewrite.md b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/011_Conditional_rewrite.md index 998f5fd0..aa9d9ef1 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/011_Conditional_rewrite.md +++ b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/011_Conditional_rewrite.md @@ -14,7 +14,7 @@ description: >- details on filters, see Filters. --- -**TIP:** Using conditions in rewrite rules can simplify your syslog-ng OSE +**TIP:** Using conditions in rewrite rules can simplify your {{ site.product.short_name }} configuration file, as you do not need to create separate log paths to modify certain messages. {: .notice--info} @@ -46,7 +46,7 @@ To configure condtional rewrite 2. The rewrite rule (r\_rewrite\_set) evaluates the condition. If the message matches the condition (the PROGRAM field of the message is - \"myapplication\"), syslog-ng OSE rewrites the log message (sets the + \"myapplication\"), {{ site.product.short_name }} rewrites the log message (sets the value of the HOST field to \"myhost\"), otherwise it is not modified. diff --git a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/013_Rewrite_timezone.md b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/013_Rewrite_timezone.md index 55891ae1..f6d8b462 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/013_Rewrite_timezone.md +++ b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/013_Rewrite_timezone.md @@ -2,8 +2,8 @@ title: Rewrite the timezone of a message id: adm-temp-rewrite-tz description: >- - Starting with version 3.24 of the syslog-ng Open Source Edition - (syslog-ng OSE) application, you can manipulate the timezone information + Starting with version 3.24 of the {{ site.product.name }} + ({{ site.product.short_name }}) application, you can manipulate the timezone information of messages using rewrite rules. --- @@ -18,7 +18,7 @@ You can: By default, these operations modify the date-related macros of the message that correspond to the date the message was sent (that is, the -S\_ macros). You can modify the dates when syslog-ng OSE has received +S\_ macros). You can modify the dates when {{ site.product.short_name }} has received the messages (that is, the R\_ macros), but this is rarely needed. To do so, include the time-stamp(recvd) option in the operation, for example: @@ -40,7 +40,7 @@ rewrite { fix-time-zone("EST5EDT"); }; If you have lots of clients that do not send timezone information in the log messages, you can create a database file that stores the timezone of -the clients, and feed this data to syslog-ng OSE using the +the clients, and feed this data to {{ site.product.short_name }} using the add-contextual-data() feature. For details, see Adding metadata from an external file. @@ -48,7 +48,7 @@ Adding metadata from an external file. Use the guess-time-zone() operation attempts to set the timezone of the message automatically, using heuristics on the timestamps. Normally the -syslog-ng OSE application performs this operation automatically when it +{{ site.product.short_name }} application performs this operation automatically when it parses the incoming message. Using this operation in a rewrite rule can be useful if you cannot parse the incoming message for some reason (and use the **flags(no-parse)** option in your source, but you want to set diff --git a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/014_Anonymizing_credit_card_numbers.md b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/014_Anonymizing_credit_card_numbers.md index 683f9eb6..194aec80 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/014_Anonymizing_credit_card_numbers.md +++ b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/014_Anonymizing_credit_card_numbers.md @@ -6,7 +6,7 @@ description: >- card numbers (Primary Account Number or PAN). According to privacy best practices and the requirements of the Payment Card Industry Data Security Standards (PCI-DSS), PAN must be rendered unreadable. The - syslog-ng OSE application uses a regular expression to detect credit + {{ site.product.short_name }} application uses a regular expression to detect credit card numbers, and provides two ways to accomplish this: you can either mask the credit card numbers, or replace them with a hash. To mask the credit card numbers, use the credit-card-mask() or the @@ -44,5 +44,5 @@ characters. *Description:* Process the specified message field (by default, ${MESSAGE}), and replace the 7-12th character of any credit card numbers (Primary Account Number or PAN) with asterisks (**\***). For -example, syslog-ng OSE replaces the number 5542043004559005 with +example, {{ site.product.short_name }} replaces the number 5542043004559005 with 554204\*\*\*\*\*\*9005. diff --git a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/README.md b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/README.md index 31e8eb79..0a19c095 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/README.md +++ b/doc/_admin-guide/110_Template_and_rewrite/001_Modifying_messages/README.md @@ -2,9 +2,9 @@ title: Modifying messages using rewrite rules id: adm-temp-rewrite description: >- - The syslog-ng application can rewrite parts of the messages using + The {{ site.product.short_name }} application can rewrite parts of the messages using rewrite rules. Rewrite rules are global objects similar to parsers and - filters and can be used in log paths. The syslog-ng application has two + filters and can be used in log paths. The {{ site.product.short_name }} application has two methods to rewrite parts of the log messages: substituting (setting) a part of the message to a fix value, and a general search-and-replace mode. @@ -22,7 +22,7 @@ Rewriting messages is often used in conjunction with message parsing [[parser: Parse and segment structured messages]]. Rewrite rules are similar to filters: they must be defined in the -syslog-ng configuration file and used in the log statement. You can also +{{ site.product.short_name }} configuration file and used in the log statement. You can also define the rewrite rule inline in the log path. {% include doc/admin-guide/notes/parser-order.md %} diff --git a/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/000_type_options.md b/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/000_type_options.md index be1b0c36..13c81d99 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/000_type_options.md +++ b/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/000_type_options.md @@ -2,18 +2,18 @@ title: The type() options of regular expressions id: adm-temp-regexp-type description: >- - By default, syslog-ng OSE uses PCRE-style regular expressions, which are - supported on every platform starting with syslog-ng OSE version 3.1. To + By default, {{ site.product.short_name }} uses PCRE-style regular expressions, which are + supported on every platform starting with {{ site.product.short_name }} version 3.1. To use other expression types, add the type() option after the regular expression. --- -The syslog-ng OSE application supports the following type() options: +The {{ site.product.short_name }} application supports the following type() options: ## Perl Compatible Regular Expressions (pcre) *Description:* Uses Perl Compatible Regular Expressions (PCRE). If the -type() parameter is not specified, syslog-ng OSE uses PCRE regular +type() parameter is not specified, {{ site.product.short_name }} uses PCRE regular expressions by default. For more information about the flags() options of PCRE regular diff --git a/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/001_flags_options.md b/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/001_flags_options.md index b75048a6..f7cf2b81 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/001_flags_options.md +++ b/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/001_flags_options.md @@ -57,9 +57,8 @@ identical with the given literal string. ## Perl Compatible Regular Expressions (PCRE) -Starting with syslog-ng OSE version 3.1, PCRE expressions are supported -on every platform. If the type() parameter is not specified, syslog-ng -OSE uses PCRE regular expressions by default. +Starting with {{ site.product.short_name }} version 3.1, PCRE expressions are supported +on every platform. If the type() parameter is not specified, {{ site.product.short_name }} uses PCRE regular expressions by default. The following example shows the structure of PCRE-style regular expressions in use. diff --git a/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/README.md b/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/README.md index ee7d895b..72275c87 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/README.md +++ b/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/000_Options_of_regular_expressions/README.md @@ -2,16 +2,16 @@ title: Options of regular expressions id: adm-temp-regexp-opt description: >- - This chapter lists regular expressions supported by syslog-ng Open - Source Edition (syslog-ng OSE) and their available supported type() and + This chapter lists regular expressions supported by {{ site.product.short_name }} Open + Source Edition ({{ site.product.short_name }}) and their available supported type() and flags() options. --- -By default, syslog-ng OSE uses PCRE-style regular expressions. To use +By default, {{ site.product.short_name }} uses PCRE-style regular expressions. To use other expression types, add the **type()** option after the regular expression. -The syslog-ng OSE application supports the following regular expression +The {{ site.product.short_name }} application supports the following regular expression type() options: - Perl Compatible Regular Expressions (pcre) diff --git a/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/001_Optimizing_regexp.md b/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/001_Optimizing_regexp.md index a6b4d812..8455d477 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/001_Optimizing_regexp.md +++ b/doc/_admin-guide/110_Template_and_rewrite/002_Regular_expressions/001_Optimizing_regexp.md @@ -3,7 +3,7 @@ title: Optimizing regular expressions id: adm-temp-regexp-optimize description: >- The host(), match(), and program() filter functions and some other - syslog-ng objects accept regular expressions as parameters. But + {{ site.product.short_name }} objects accept regular expressions as parameters. But evaluating general regular expressions puts a high load on the CPU, which can cause problems when the message traffic is very high. Often the regular expression can be replaced with simple filter functions and diff --git a/doc/_admin-guide/110_Template_and_rewrite/README.md b/doc/_admin-guide/110_Template_and_rewrite/README.md index 8816046e..ec3b230a 100644 --- a/doc/_admin-guide/110_Template_and_rewrite/README.md +++ b/doc/_admin-guide/110_Template_and_rewrite/README.md @@ -5,7 +5,7 @@ short_title: Template and rewrite id: adm-temp description: >- This chapter explains the methods that you can use to customize, - reformat, and modify log messages using syslog-ng Open Source Edition. + reformat, and modify log messages using {{ site.product.name }}. --- - Customize message format using macros and templates @@ -16,5 +16,5 @@ description: >- how to use rewrite rules to search and replace certain parts of the message content. - Regular expressions lists the different types of - regular expressions that can be used in various syslog-ng OSE objects + regular expressions that can be used in various {{ site.product.short_name }} objects like filters and rewrite rules. diff --git a/doc/_admin-guide/120_Parser/000_Parsing_syslog_messages/README.md b/doc/_admin-guide/120_Parser/000_Parsing_syslog_messages/README.md index b5a0d9e9..b18856ee 100644 --- a/doc/_admin-guide/120_Parser/000_Parsing_syslog_messages/README.md +++ b/doc/_admin-guide/120_Parser/000_Parsing_syslog_messages/README.md @@ -2,7 +2,7 @@ title: Parsing syslog messages id: adm-parser-parsing description: >- - By default, syslog-ng OSE parses every message using the syslog-parser + By default, {{ site.product.short_name }} parses every message using the syslog-parser as a syslog message, and fills the macros with values of the message. The syslog-parser does not discard messages: the message cannot be parsed as a syslog message, the entire message (including its header) is @@ -20,7 +20,7 @@ standards). For example, suppose that you have a single network source that receives log messages from different devices, and some devices send messages that are not RFC-compliant (some routers are notorious for that). To solve -this problem in earlier versions of syslog-ng OSE, you had to create two +this problem in earlier versions of {{ site.product.short_name }}, you had to create two different network sources using different IP addresses or ports: one that received the RFC-compliant messages, and one that received the improperly formatted messages (for example, using the @@ -90,8 +90,8 @@ log { }; ``` -**NOTE:** syslog-ng OSE has several parsers that you can use to parse -non-compliant messages. You can even [[write a custom syslog-ng parser in Python|adm-parser-python]]. +**NOTE:** {{ site.product.short_name }} has several parsers that you can use to parse +non-compliant messages. You can even [[write a custom {{ site.product.short_name }} parser in Python|adm-parser-python]]. For details, see [[parser: Parse and segment structured messages]]. {: .notice--info} diff --git a/doc/_admin-guide/120_Parser/001_Parsing_messages_with_comma/000_CSV_parser_options.md b/doc/_admin-guide/120_Parser/001_Parsing_messages_with_comma/000_CSV_parser_options.md index 23634a9f..011f6c16 100644 --- a/doc/_admin-guide/120_Parser/001_Parsing_messages_with_comma/000_CSV_parser_options.md +++ b/doc/_admin-guide/120_Parser/001_Parsing_messages_with_comma/000_CSV_parser_options.md @@ -33,12 +33,12 @@ If you have to use a string as a delimiter, list your string delimiters in the delimiters(strings(\"\\", \"\\", \...)\") format. -By default, syslog-ng OSE uses space as a delimiter. If you want to use +By default, {{ site.product.short_name }} uses space as a delimiter. If you want to use only the strings as delimiters, you have to disable the space delimiter, for example: **delimiters(chars(\"\"), strings(\"\\"))** -Otherwise, syslog-ng OSE will use the string delimiters in addition to +Otherwise, {{ site.product.short_name }} will use the string delimiters in addition to the default character delimiter, so delimiters(strings(\"==\")) actually equals delimiters(chars(\" \"), strings(\"==\")), and not delimiters(chars(\"\"), strings(\"==\")) @@ -47,7 +47,7 @@ delimiters(chars(\"\"), strings(\"==\")) If you use more than one delimiter, note the following points: -- syslog-ng OSE will split the message at the nearest possible +- {{ site.product.short_name }} will split the message at the nearest possible delimiter. The order of the delimiters in the configuration file does not matter. @@ -58,7 +58,7 @@ If you use more than one delimiter, note the following points: character delimiters. - If a string delimiter and a character delimiter both match at the - same position of the message, syslog-ng OSE uses the string + same position of the message, {{ site.product.short_name }} uses the string delimiter. ## dialect() @@ -127,7 +127,7 @@ following flags are available: Example: Adding the end of the message to the last column - If the greedy option is enabled, the syslog-ng application adds the + If the greedy option is enabled, the {{ site.product.short_name }} application adds the not-yet-parsed part of the message to the last column, ignoring any delimiter characters that may appear in this part of the message. @@ -164,7 +164,7 @@ following flags are available: |Synopsis: | string| *Description:* If the value of a column is the value of the null() -parameter, syslog-ng OSE changes the value of the column to an empty +parameter, {{ site.product.short_name }} changes the value of the column to an empty string. For example, if the columns of the message contain the \"N/A\" string to represent empty values, you can use the null(\"N/A\") option to change these values to empty stings. diff --git a/doc/_admin-guide/120_Parser/001_Parsing_messages_with_comma/README.md b/doc/_admin-guide/120_Parser/001_Parsing_messages_with_comma/README.md index be9a1666..d2d5cfba 100644 --- a/doc/_admin-guide/120_Parser/001_Parsing_messages_with_comma/README.md +++ b/doc/_admin-guide/120_Parser/001_Parsing_messages_with_comma/README.md @@ -3,7 +3,7 @@ title: Parsing messages with comma-separated and similar values short_title: CSV parser id: adm-parser-csv description: >- - The syslog-ng OSE application can separate parts of log messages (that + The {{ site.product.short_name }} application can separate parts of log messages (that is, the contents of the ${MESSAGE} macro) at delimiter characters or strings to named fields (columns). One way to achieve this is to use a csv (comma-separated-values) parser (for other methods and @@ -13,8 +13,7 @@ description: >- referenced in message templates, file- and tablenames, and so on. --- -Parsers are similar to filters: they must be defined in the syslog-ng -OSE configuration file and used in the log statement. You can also +Parsers are similar to filters: they must be defined in the {{ site.product.short_name }} configuration file and used in the log statement. You can also define the parser inline in the log path. {% include doc/admin-guide/notes/parser-order.md %} @@ -38,14 +37,14 @@ parser { Column names work like macros. Names starting with a dot (for example, .example) are reserved for use -by syslog-ng OSE. If you use such a macro name as the name of a parsed +by {{ site.product.short_name }}. If you use such a macro name as the name of a parsed value, it will attempt to replace the original value of the macro (note that only soft macros can be overwritten, see Hard versus soft macros. To avoid such problems, use a prefix when naming the parsed values, for example, prefix(my-parsed-data.) -In syslog-ng OSE version 4.5 and later versions, the `columns()` option can be omitted, and extract the values into matches ($1, $2, $3, etc.), which are available as the anonymous list $*. +In {{ site.product.short_name }} version 4.5 and later versions, the `columns()` option can be omitted, and extract the values into matches ($1, $2, $3, etc.), which are available as the anonymous list $*. ### Example: omission of the columns() option diff --git a/doc/_admin-guide/120_Parser/002_Parsing_key-value_pairs/000_kv_parser_options.md b/doc/_admin-guide/120_Parser/002_Parsing_key-value_pairs/000_kv_parser_options.md index 0fa704d7..9f3b774d 100644 --- a/doc/_admin-guide/120_Parser/002_Parsing_key-value_pairs/000_kv_parser_options.md +++ b/doc/_admin-guide/120_Parser/002_Parsing_key-value_pairs/000_kv_parser_options.md @@ -11,10 +11,10 @@ The kv-parser has the following options. | Synopsis: |extract-stray-words-into(\"\\")| -*Description:* Specifies the name-value pair where syslog-ng OSE stores +*Description:* Specifies the name-value pair where {{ site.product.short_name }} stores any stray words that appear before or between the parsed key-value pairs (mainly when the pair-separator(). If multiple -stray words appear in a message, then syslog-ng OSE stores them as a +stray words appear in a message, then {{ site.product.short_name }} stores them as a comma-separated list. Note that the prefix() option does not affect the name-value pair storing the stray words. Default value:**N/A** diff --git a/doc/_admin-guide/120_Parser/002_Parsing_key-value_pairs/README.md b/doc/_admin-guide/120_Parser/002_Parsing_key-value_pairs/README.md index 474be9d5..6bdeabce 100644 --- a/doc/_admin-guide/120_Parser/002_Parsing_key-value_pairs/README.md +++ b/doc/_admin-guide/120_Parser/002_Parsing_key-value_pairs/README.md @@ -2,14 +2,14 @@ title: Parsing key=value pairs id: adm-parser-kv description: >- - The syslog-ng OSE application can separate a message consisting of + The {{ site.product.short_name }} application can separate a message consisting of whitespace or comma-separated key=value pairs (for example, Postfix log messages) into name-value pairs. You can also specify other separator character instead of the equal sign, for example, colon (:) to parse - MySQL log messages. The syslog-ng OSE application automatically trims + MySQL log messages. The {{ site.product.short_name }} application automatically trims any leading or trailing whitespace characters from the keys and values, and also parses values that contain unquoted whitespace. For details on - using value-pairs in syslog-ng OSE see + using value-pairs in {{ site.product.short_name }} see Structuring macros, metadata, and other value-pairs. --- @@ -20,8 +20,8 @@ KEY1=value1,KEY2=value2, you can refer to the values as **${KEY1}** and **NOTE:** If a log message contains the same key multiple times (for example, key1=value1, key2=value2, key1=value3, key3=value4, -key1=value5), then syslog-ng OSE stores only the last (rightmost) value -for the key. Using the previous example, syslog-ng OSE will store the +key1=value5), then {{ site.product.short_name }} stores only the last (rightmost) value +for the key. Using the previous example, {{ site.product.short_name }} will store the following pairs: key1=value5, key2=value2, key3=value4. {: .notice--info} diff --git a/doc/_admin-guide/120_Parser/003_JSON_parser/README.md b/doc/_admin-guide/120_Parser/003_JSON_parser/README.md index 6646825a..132fc0ec 100644 --- a/doc/_admin-guide/120_Parser/003_JSON_parser/README.md +++ b/doc/_admin-guide/120_Parser/003_JSON_parser/README.md @@ -8,9 +8,9 @@ description: >- for human-readable data interchange. It is used primarily to transmit data between a server and web application, serving as an alternative to XML. It is described in RFC-4627. - The syslog-ng OSE application can separate parts of incoming + The {{ site.product.short_name }} application can separate parts of incoming JSON-encoded log messages to name-value pairs. For details on using - value-pairs in syslog-ng OSE see + value-pairs in {{ site.product.short_name }} see Structuring macros, metadata, and other value-pairs. --- @@ -18,22 +18,22 @@ You can refer to the separated parts of the JSON message using the key of the JSON object as a macro. For example, if the JSON contains {\"KEY1\":\"value1\",\"KEY2\":\"value2\"}, you can refer to the values as **${KEY1}** and **${KEY2}**. If the JSON content is structured, -syslog-ng OSE converts it to dot-notation-format. For example, to access +{{ site.product.short_name }} converts it to dot-notation-format. For example, to access the value of the following structure {\"KEY1\": {\"KEY2\": \"VALUE\"}}, use the **${KEY1.KEY2}** macro. {% include doc/admin-guide/warnings/macro-overwrite.md %} -**NOTE:** When using the json-parser(), syslog-ng OSE converts all elements +**NOTE:** When using the json-parser(), {{ site.product.short_name }} converts all elements of the JSON object to name-value pairs. Any type information carried by the incoming JSON object is preserved, and automatically propagated to -other syslog-ng OSE components (for example, a destination) if the +other {{ site.product.short_name }} components (for example, a destination) if the component supports types. Elements without a type are handled as strings. JSON lists (arrays) are converted to lists, and can be manipulated using the List manipulation template functions. {: .notice--info} -Prior to version 4.0, syslog-ng OSE handled all data as string. +Prior to version 4.0, {{ site.product.short_name }} handled all data as string. The JSON parser discards messages if they cannot be parsed as JSON messages, therefore acting as a JSON-filter as well. @@ -58,7 +58,7 @@ parser parser_name { ### Example: Using a JSON parser In the following example, the source is a JSON encoded log message. The -syslog parser is disabled, so that syslog-ng OSE does not parse the +syslog parser is disabled, so that {{ site.product.short_name }} does not parse the message: **flags(no-parse)**. The json-parser inserts \".json.\" prefix before all extracted name-value pairs. The destination is a file, that uses the format-json template function. Every name-value pair that diff --git a/doc/_admin-guide/120_Parser/004_XML_parser/000_Limitations.md b/doc/_admin-guide/120_Parser/004_XML_parser/000_Limitations.md index 72364bee..2b5a431f 100644 --- a/doc/_admin-guide/120_Parser/004_XML_parser/000_Limitations.md +++ b/doc/_admin-guide/120_Parser/004_XML_parser/000_Limitations.md @@ -54,7 +54,7 @@ GMarkup parser, which is not a full-scale XML parser. It is intended to parse a ## No support for long keys -If the key is longer than 255 characters, syslog-ng drops the entry and +If the key is longer than 255 characters, {{ site.product.short_name }} drops the entry and an error log is emitted. There is no chunking or any other way of recovering data, not even partial data. The entry will be replaced by an empty string. diff --git a/doc/_admin-guide/120_Parser/004_XML_parser/README.md b/doc/_admin-guide/120_Parser/004_XML_parser/README.md index 4d5bc7ed..6512a335 100644 --- a/doc/_admin-guide/120_Parser/004_XML_parser/README.md +++ b/doc/_admin-guide/120_Parser/004_XML_parser/README.md @@ -150,7 +150,7 @@ any of the following options: - Unless the opening and closing tags are fixed and known, stream-based sources are currently not supported. -In case you experience issues, start syslog-ng with debug logs enabled. +In case you experience issues, start {{ site.product.short_name }} with debug logs enabled. There will be a debug log about the incoming log entry, which shows the complete message to be parsed. The entry should contain the entire XML document. diff --git a/doc/_admin-guide/120_Parser/005_Parsing_dates/000_Date_parser_options.md b/doc/_admin-guide/120_Parser/005_Parsing_dates/000_Date_parser_options.md index 79db48ad..aec96fb0 100644 --- a/doc/_admin-guide/120_Parser/005_Parsing_dates/000_Date_parser_options.md +++ b/doc/_admin-guide/120_Parser/005_Parsing_dates/000_Date_parser_options.md @@ -24,7 +24,7 @@ date-parser(flags(guess-timezone)); | Synopsis:| format(string)| |Default:| | -*Description:* Specifies the format how syslog-ng OSE should parse the +*Description:* Specifies the format how {{ site.product.short_name }} should parse the date. You can use the following format elements: |%%| PERCENT| @@ -78,9 +78,9 @@ format string: **format(\"%d/%b/%Y:%H:%M:%S %Z\")** |Default:| stamp| *Description:* Determines if the parsed date values are treated as sent -or received date. If you use time-stamp(), syslog-ng OSE adds the parsed +or received date. If you use time-stamp(), {{ site.product.short_name }} adds the parsed date to the S\_ macros (corresponding to the sent date). If you use -**time-zone(recvd)**, syslog-ng OSE adds the parsed date to the R\_ +**time-zone(recvd)**, {{ site.product.short_name }} adds the parsed date to the R\_ macros (corresponding to the received date). {% include doc/admin-guide/options/time-zone.md %} @@ -90,7 +90,7 @@ macros (corresponding to the received date). | Type:| string| |Default:| | -This option is only available in syslog-ng OSE 4.0 and later versions. +This option is only available in {{ site.product.short_name }} 4.0 and later versions. *Description:* This option instructs the date-parser() to store the timestamp in a name-value pair specified in value(), instead of editing diff --git a/doc/_admin-guide/120_Parser/005_Parsing_dates/README.md b/doc/_admin-guide/120_Parser/005_Parsing_dates/README.md index c792492f..5460c989 100644 --- a/doc/_admin-guide/120_Parser/005_Parsing_dates/README.md +++ b/doc/_admin-guide/120_Parser/005_Parsing_dates/README.md @@ -11,8 +11,7 @@ description: >- --- **NOTE:** Note that parsing will fail if the format string does not match -the entire template or field. Since by default syslog-ng Open Source -Edition (syslog-ng OSE) uses the ${MESSAGE} part of the log message, +the entire template or field. Since by default {{ site.product.short_name }}({{ site.product.short_name }}) uses the ${MESSAGE} part of the log message, parsing will fail, unless the log message contains only a date, but that is unlikely, so practically you will have to segment the message (for example, using a [[csv-parser()|adm-parser-csv]]. @@ -33,13 +32,13 @@ parser parser_name { ### Example: Using the date-parser() -In the following example, syslog-ng OSE parses dates like +In the following example, {{ site.product.short_name }} parses dates like 01/Jan/2016:13:05:05 PST from a field called MY\_DATE using the following format string: format(\"%d/%b/%Y:%H:%M:%S %Z\") (how you create this field from the incoming message is not shown in the example). In the destination template every message will begin with the timestamp in ISODATE format. Since the syslog parser is disabled, -syslog-ng OSE will include the entire original message (including the +{{ site.product.short_name }} will include the entire original message (including the original timestamp) in the ${MESSAGE} macro. ```config @@ -69,7 +68,7 @@ example selects the first 24 characters of the ${MESSAGE} macro. date-parser(format("%d/%b/%Y:%H:%M:%S %Z") template("$(substr ${MESSAGE} 0 24)") ); ``` -In syslog-ng OSE version 3.23 and later, you can specify a +In {{ site.product.short_name }} version 3.23 and later, you can specify a comma-separated list of formats to parse multiple date formats with a single parser. For example: diff --git a/doc/_admin-guide/120_Parser/006_Python_parser.md b/doc/_admin-guide/120_Parser/006_Python_parser.md index 2b61ead1..5c133fa9 100644 --- a/doc/_admin-guide/120_Parser/006_Python_parser.md +++ b/doc/_admin-guide/120_Parser/006_Python_parser.md @@ -2,7 +2,7 @@ title: Python parser id: adm-parser-python description: >- - The Python log parser (available in syslog-ng OSE version 3.10 and + The Python log parser (available in {{ site.product.short_name }} version 3.10 and later) allows you to write your own parser in Python. Practically, that way you can process the log message (or parts of the log message) any way you need. For example, you can import external Python modules to @@ -14,8 +14,8 @@ description: >- **Declaration** -Python parsers consist of two parts. The first is a syslog-ng OSE parser -object that you use in your syslog-ng OSE configuration, for example, in +Python parsers consist of two parts. The first is a {{ site.product.short_name }} parser +object that you use in your {{ site.product.short_name }} configuration, for example, in the log path. This parser references a Python class, which is the second part of the Python parsers. The Python class processes the log messages it receives, and can do virtually anything that you can code in Python. @@ -30,10 +30,10 @@ parser { python { class MyParser(object): def init(self, options): - '''Optional. This method is executed when syslog-ng is started or reloaded.''' + '''Optional. This method is executed when {{ site.product.short_name }} is started or reloaded.''' return True def deinit(self): - '''Optional. This method is executed when syslog-ng is stopped or reloaded.''' + '''Optional. This method is executed when {{ site.product.short_name }} is stopped or reloaded.''' pass def parse(self, msg): '''Required. This method receives and processes the log message.''' @@ -65,10 +65,10 @@ class MyParser(object): The parse() method processes the log messages it receives, and can do virtually anything that you can code in Python. This method is required, -otherwise syslog-ng OSE will not start. +otherwise {{ site.product.short_name }} will not start. The return value of the parse() method must be True. If it returns -False, or raises an exception, syslog-ng OSE will drop the message. +False, or raises an exception, {{ site.product.short_name }} will drop the message. - To reference a name-value pair or a macro in the Python code, use the following format. For example, if the first argument in the @@ -86,7 +86,7 @@ False, or raises an exception, syslog-ng OSE will drop the message. Note that the names of the name-value pairs are case-sensitive. If you create a new name-value pair called new-macro-name in Python, - and want to reference it in another part of the syslog-ng OSE + and want to reference it in another part of the {{ site.product.short_name }} configuration file (for example, in a template), use the **${new-macro-name}** macro. @@ -106,12 +106,12 @@ The following is a sample loggen message: ><38>2017-04-05T12:16:46 localhost prg00000[1234]: seq: 0000000000, thread: 0000, >runid: 1491387406, stamp: 2017-04-05T12:16:46 >PADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADDPADD -The syslog-ng OSE parser object references the LoggenParser class and +The {{ site.product.short_name }} parser object references the LoggenParser class and passes a set of regular expressions to parse the loggen messages. The init() method of the LoggenParser class compiles these expressions into a pattern. The parse method uses these patterns to extract the fields of the message into name-value pairs. The destination template of the -syslog-ng OSE log statement uses the extracted fields to format the +{{ site.product.short_name }} log statement uses the extracted fields to format the output message. ```config @@ -155,10 +155,10 @@ output message. ## Example: Parse Windows eventlogs in Python - performance The following example uses regular expressions to process Windows log -messages received in XML format from the syslog-ng Agent for Windows +messages received in XML format from the {{ site.product.short_name }} Agent for Windows application. The parser extracts different fields from messages received from the Security and the Application eventlog containers. Using the -following configuration file, syslog-ng OSE could process about 25000 +following configuration file, {{ site.product.short_name }} could process about 25000 real-life Windows log messages per second. ```config diff --git a/doc/_admin-guide/120_Parser/007_Parsing_tags.md b/doc/_admin-guide/120_Parser/007_Parsing_tags.md index 0375a233..a3865828 100644 --- a/doc/_admin-guide/120_Parser/007_Parsing_tags.md +++ b/doc/_admin-guide/120_Parser/007_Parsing_tags.md @@ -2,11 +2,11 @@ title: Parsing tags id: adm-parser-tags description: >- - The syslog-ng Open Source Edition (syslog-ng OSE) application can tag + The {{ site.product.short_name }} application can tag log messages, and can include these tags in the log messages, as described in Tagging messages can parse these tags from the incoming messages - and re-tag them. That way if you add tags to a log message on a syslog-ng OSE - client, the message will have the same tags on the syslog-ng OSE server. + and re-tag them. That way if you add tags to a log message on a {{ site.product.short_name }} + client, the message will have the same tags on the {{ site.product.short_name }} server. --- Available in version 3.23 and later. diff --git a/doc/_admin-guide/120_Parser/008_Apache_access_log_parser/README.md b/doc/_admin-guide/120_Parser/008_Apache_access_log_parser/README.md index f9dbcf42..6cf23171 100644 --- a/doc/_admin-guide/120_Parser/008_Apache_access_log_parser/README.md +++ b/doc/_admin-guide/120_Parser/008_Apache_access_log_parser/README.md @@ -3,9 +3,9 @@ title: Apache access log parser id: adm-parser-apache description: >- The Apache access log parser can parse the access log messages of the - Apache HTTP Server. The syslog-ng OSE application can separate these log + Apache HTTP Server. The {{ site.product.short_name }} application can separate these log messages to name-value pairs. For details on using value-pairs in - syslog-ng OSE see Structuring macros, metadata, and other value-pairs. + {{ site.product.short_name }} see Structuring macros, metadata, and other value-pairs. The apache-accesslog-parser() supports both the Common Log Format and the Combined Log Format of Apache (for details, see the Apache HTTP Server documentation. @@ -21,7 +21,7 @@ Starting with version 3.21, virtualhost and the port of the virtualhost >foo.com:443 1.2.3.4 - - [15/Apr/2019:14:30:16 -0400] "GET /bar.html HTTP/2.0" >500 - "https://foo.com/referer.html" "Mozilla/5.0 ..." -The syslog-ng OSE application extracts every field into name-value +The {{ site.product.short_name }} application extracts every field into name-value pairs, and adds the .apache. prefix to the name of the field. **Declaration** @@ -37,7 +37,7 @@ parser parser_name { The parser extracts the following fields from the messages: vhost, port, clientip, ident, auth, timestamp, rawrequest, response, bytes, referrer, and agent. The rawrequest field is further segmented into the verb, -request, and httpversion fields. The syslog-ng OSE +request, and httpversion fields. The {{ site.product.short_name }} apache-accesslog-parser() parser uses the same naming convention as Logstash. @@ -69,8 +69,7 @@ log { }; ``` -To use this parser, the scl.conf file must be included in your syslog-ng -OSE configuration: +To use this parser, the scl.conf file must be included in your {{ site.product.short_name }} configuration: ```config @include "scl.conf" diff --git a/doc/_admin-guide/120_Parser/009_Linux_audit_parser/README.md b/doc/_admin-guide/120_Parser/009_Linux_audit_parser/README.md index 11804667..68e06fba 100644 --- a/doc/_admin-guide/120_Parser/009_Linux_audit_parser/README.md +++ b/doc/_admin-guide/120_Parser/009_Linux_audit_parser/README.md @@ -3,9 +3,9 @@ title: Linux audit parser id: adm-parser-linux description: >- The Linux audit parser can parse the log messages of the Linux Audit - subsystem (auditd). The syslog-ng OSE application can separate these log + subsystem (auditd). The {{ site.product.short_name }} application can separate these log messages to name-value pairs. For details on using value-pairs in - syslog-ng OSE see Structuring macros, metadata, and other value-pairs. + {{ site.product.short_name }} see Structuring macros, metadata, and other value-pairs. --- The following is a sample log message of auditd: @@ -19,10 +19,10 @@ The following is a sample log message of auditd: Certain fields of the audit log can be encoded in hexadecimal format, for example, the arch field, or the a\ fields in the previous -example. The syslog-ng OSE application automatically decodes these +example. The {{ site.product.short_name }} application automatically decodes these fields (for example, the c000003e value becomes x86\_64). -The syslog-ng OSE application extracts every field into name-value +The {{ site.product.short_name }} application extracts every field into name-value pairs. It automatically decodes the following fields: - name @@ -64,7 +64,7 @@ parser parser_name { In the following example, the source is a log file created by auditd. Since the audit log format is not a syslog format, the syslog parser is -disabled, so that syslog-ng OSE does not parse the message: +disabled, so that {{ site.product.short_name }} does not parse the message: flags(no-parse). The parser inserts \".auditd.\" prefix before all extracted name-value pairs. The destination is a file, that uses the format-json template function. Every name-value pair that begins with a diff --git a/doc/_admin-guide/120_Parser/010_Cisco_parser.md b/doc/_admin-guide/120_Parser/010_Cisco_parser.md index fad3e75f..54e64995 100644 --- a/doc/_admin-guide/120_Parser/010_Cisco_parser.md +++ b/doc/_admin-guide/120_Parser/010_Cisco_parser.md @@ -24,7 +24,7 @@ For example: **NOTE:** Not every Cisco log message conforms to this format. If you find a message that the cisco-parser() cannot properly parse, contact Support, so we can improve the parser. {: .notice--info} -The syslog-ng OSE application normalizes the parsed log messages into +The {{ site.product.short_name }} application normalizes the parsed log messages into the following format: >${MESSAGE}=%FAC-SEV-MNEMONIC: message diff --git a/doc/_admin-guide/120_Parser/011_EWMM_parser.md b/doc/_admin-guide/120_Parser/011_EWMM_parser.md index d8785086..8443779e 100644 --- a/doc/_admin-guide/120_Parser/011_EWMM_parser.md +++ b/doc/_admin-guide/120_Parser/011_EWMM_parser.md @@ -4,7 +4,7 @@ short_title: Parsing EWWM messages id: adm-parser-ewmm description: >- The ewmm-parser() can be used to parse messages sent by another - syslog-ng host using the enterprise-wide message model (EWMM) format. + {{ site.product.short_name }} host using the enterprise-wide message model (EWMM) format. Available in version 3.16 and later. Note that usually you do not have to use this parser directly, because the default-network-drivers() source automatically parses such messages. diff --git a/doc/_admin-guide/120_Parser/013_netskope_parser.md b/doc/_admin-guide/120_Parser/013_netskope_parser.md index f34ab31b..43bc1523 100644 --- a/doc/_admin-guide/120_Parser/013_netskope_parser.md +++ b/doc/_admin-guide/120_Parser/013_netskope_parser.md @@ -18,7 +18,7 @@ For example: {% include doc/admin-guide/parser-support.md %} -The syslog-ng OSE application sets the ${PROGRAM} field to Netskope. +The {{ site.product.short_name }} application sets the ${PROGRAM} field to Netskope. By default, the Netskope-specific fields are extracted into name-value pairs prefixed with .netskope. For example, the organization\_unit in diff --git a/doc/_admin-guide/120_Parser/014_panos_parser/000_Message_format.md b/doc/_admin-guide/120_Parser/014_panos_parser/000_Message_format.md index 7e3d626b..8e4752ac 100644 --- a/doc/_admin-guide/120_Parser/014_panos_parser/000_Message_format.md +++ b/doc/_admin-guide/120_Parser/014_panos_parser/000_Message_format.md @@ -3,7 +3,7 @@ title: Message format parsed by panos-parser() id: adm-parser-panos-format description: >- This section illustrates the most commonly used PAN-OS log format on the - syslog-ng Open Source Edition (syslog-ng OSE) side. + {{ site.product.short_name }} side. --- For information about customizing log format on the PAN-OS side, see @@ -11,14 +11,14 @@ the relevant section of the PAN-OS^®^ Administrator's Guide. ## Message format and log format -Using the panos-parser(), the parsed messages in syslog-ng OSE have the +Using the panos-parser(), the parsed messages in {{ site.product.short_name }} have the following general format: >\\ \ \ There are several \"types\" of log formats in Palo Alto Networks PAN-OS. For example, the most commonly used SYSTEM type -has the following message format on the syslog-ng OSE side after +has the following message format on the {{ site.product.short_name }} side after parsing: ><12>Apr 14 16:48:54 paloalto.test.net 1,2020/04/14 16:48:54,unknown,SYSTEM,auth,0,2020/04/14 16:48:54,,auth-fail,,0,0,general,medium,failed authentication for user 'admin'. Reason: Invalid username/password. From: 10.0.10.55.,1718,0x0,0,0,0,0,,paloalto diff --git a/doc/_admin-guide/120_Parser/014_panos_parser/README.md b/doc/_admin-guide/120_Parser/014_panos_parser/README.md index 4c15dec0..e82d0ca0 100644 --- a/doc/_admin-guide/120_Parser/014_panos_parser/README.md +++ b/doc/_admin-guide/120_Parser/014_panos_parser/README.md @@ -11,30 +11,30 @@ description: >- a data structure that requires additional parsing. --- -The panos-parser() of syslog-ng Open Source Edition (syslog-ng OSE) +The panos-parser() of {{ site.product.short_name }} solves this problem, and can separate PAN-OS log messages to name-value pairs. -For details on using value-pairs in syslog-ng OSE, see +For details on using value-pairs in {{ site.product.short_name }}, see Structuring macros, metadata, and other value-pairs. ## Prerequisites -- Version 3.29 of syslog-ng OSE or later. +- Version 3.29 of {{ site.product.short_name }} or later. - **NOTE:** Most Linux distributions feature syslog-ng OSE versions - earlier than version 3.29. For up-to-date binaries, visit the syslog-ng Open Source Edition installation packages page. + **NOTE:** Most Linux distributions feature {{ site.product.short_name }} versions + earlier than version 3.29. For up-to-date binaries, visit the {{ site.product.name }} installation packages page. {: .notice--info} - PAN-OS log messages from Palo Alto Networks devices. ## Limitations -The panos-parser() only works on syslog-ng OSE version 3.29 or later. +The panos-parser() only works on {{ site.product.short_name }} version 3.29 or later. ## Configuration -You can include the panos-parser() in your syslog-ng OSE configuration +You can include the panos-parser() in your {{ site.product.short_name }} configuration like this: ```config @@ -43,8 +43,7 @@ parser p_parser{ }; ``` -To use this parser, the scl.conf file must be included in your syslog-ng -OSE configuration: +To use this parser, the scl.conf file must be included in your {{ site.product.short_name }} configuration: ```config @include "scl.conf" diff --git a/doc/_admin-guide/120_Parser/017_metrics_probe_parser/000_metrics_probe_options.md b/doc/_admin-guide/120_Parser/017_metrics_probe_parser/000_metrics_probe_options.md index 981d6b6c..bcfa5180 100644 --- a/doc/_admin-guide/120_Parser/017_metrics_probe_parser/000_metrics_probe_options.md +++ b/doc/_admin-guide/120_Parser/017_metrics_probe_parser/000_metrics_probe_options.md @@ -8,7 +8,7 @@ id: adm-parser-metrics-opt | Type: | integer or template | | Default: | 1 | -Available in syslog-ng OSE 4.2 and later versions. +Available in {{ site.product.short_name }} 4.2 and later versions. This option sets a template, which resolves to a number that defines the increment of the counter. The following example defines a counter called @@ -71,7 +71,7 @@ syslogng_classified_events_total{app="example-app", host="localhost", program="b ## Dynamic labels -Available in syslog-ng OSE 4.4 and later versions. +Available in {{ site.product.short_name }} 4.4 and later versions. Dynamic labelling makes it possible to use every available value-pairs() option in the labels, for example, key(), rekey(), pair(), or scope(). @@ -97,7 +97,7 @@ syslogng_foo{static_label="bar",my_prefix_baz="anotherlabel",my_prefix_foo="bar" | Type: | integer (0-3) | | Default: | 0 | -Available in syslog-ng OSE 4.2 or later versions. +Available in {{ site.product.short_name }} 4.2 or later versions. This option sets the stats level of the generated metrics. diff --git a/doc/_admin-guide/120_Parser/017_metrics_probe_parser/README.md b/doc/_admin-guide/120_Parser/017_metrics_probe_parser/README.md index c7f4106a..a12ed33e 100644 --- a/doc/_admin-guide/120_Parser/017_metrics_probe_parser/README.md +++ b/doc/_admin-guide/120_Parser/017_metrics_probe_parser/README.md @@ -3,7 +3,7 @@ title: 'metrics-probe' short_title: metrics-probe() id: adm-metrics-probe description: >- - Available in syslog-ng OSE 4.1.1 or later versions. + Available in {{ site.product.short_name }} 4.1.1 or later versions. metrics-probe() is a special parser that counts the messages passing through the log path, and creates labeled stat-counters based on the fields of these messages. @@ -76,5 +76,5 @@ syslogng_custom_key{custom_label_name_1="foobar", custom_label_name_2="foo"} 1 syslogng_custom_key{custom_label_name_1="foobar", custom_label_name_2="baz"} 3 ``` -In syslog-ng OSE 4.4 and later versions, it is possible to create Dynamic labels +In {{ site.product.short_name }} 4.4 and later versions, it is possible to create Dynamic labels as well. diff --git a/doc/_admin-guide/120_Parser/018_websense_parser.md b/doc/_admin-guide/120_Parser/018_websense_parser.md index dbed957f..47fbf8de 100644 --- a/doc/_admin-guide/120_Parser/018_websense_parser.md +++ b/doc/_admin-guide/120_Parser/018_websense_parser.md @@ -19,7 +19,7 @@ For example: {% include doc/admin-guide/parser-support.md %} -The syslog-ng OSE application sets the ${PROGRAM} field to Websense. +The {{ site.product.short_name }} application sets the ${PROGRAM} field to Websense. By default, the websense-specific fields are extracted into name-value pairs prefixed with .websense. For example, the product\_version in the diff --git a/doc/_admin-guide/120_Parser/019_windows_xml_parser.md b/doc/_admin-guide/120_Parser/019_windows_xml_parser.md index 9de45da9..02abea6d 100644 --- a/doc/_admin-guide/120_Parser/019_windows_xml_parser.md +++ b/doc/_admin-guide/120_Parser/019_windows_xml_parser.md @@ -6,7 +6,7 @@ description: >- The `windows-eventlog-xml-parser()` can parse messages in the Windows XML Event Log (EVTX) format. --- -Available in syslog-ng 4.5 and later versions. +Available in {{ site.product.short_name }} 4.5 and later versions. ### Example: Windows XML Event Log parser configuration diff --git a/doc/_admin-guide/120_Parser/022_regexp_parser/README.md b/doc/_admin-guide/120_Parser/022_regexp_parser/README.md index ae3de2a0..637c5547 100644 --- a/doc/_admin-guide/120_Parser/022_regexp_parser/README.md +++ b/doc/_admin-guide/120_Parser/022_regexp_parser/README.md @@ -3,7 +3,7 @@ title: Regular expression (regexp) parser short_title: Regular expression parser id: adm-parser-regexp description: >- - The syslog-ng OSE application can parse fields from a message with the + The {{ site.product.short_name }} application can parse fields from a message with the help of regular expressions. This can be also achieved with the match() filter, by setting the store-matches flag, but the regexp-parser() offers more flexibility, like multiple patterns and setting the prefix @@ -16,7 +16,7 @@ description: >- groups\" in PCRE documentation. {: .notice--info} -For more information about regular expressions in syslog-ng OSE, see +For more information about regular expressions in {{ site.product.short_name }}, see Regular expressions. For example: diff --git a/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/000_Structure_of_a_patterndb.md b/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/000_Structure_of_a_patterndb.md index f5af8f10..47f2eedc 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/000_Structure_of_a_patterndb.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/000_Structure_of_a_patterndb.md @@ -23,7 +23,7 @@ The pattern database is organized as follows: application or the beginning of its name (for example, to match for sendmail, the program pattern can be sendmail, or just send), and the Program Pattern can contain pattern parsers. Note that pattern - parsers are completely independent from the syslog-ng parsers used + parsers are completely independent from the {{ site.product.short_name }} parsers used to segment messages. Additionally, every rule has a unique identifier: if a message matches a rule, the identifier of the rule is stored together with the message. @@ -38,7 +38,7 @@ The pattern database is organized as follows: - Rules can also contain additional information about the matching messages, such as the description of the rule, an URL, name-value pairs, or free-form tags. This information is displayed by the - syslog-ng Open Source Edition in the email alerts (if alerts are + {{ site.product.name }} in the email alerts (if alerts are requested for the rule), and are also displayed on the search interface. diff --git a/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/001_How_pattern_matching_works.md b/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/001_How_pattern_matching_works.md index 1f6e06a4..4170ff04 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/001_How_pattern_matching_works.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/001_How_pattern_matching_works.md @@ -18,12 +18,12 @@ characters according to certain rules. NOTE: Wildcards and regular expressions cannot be used in patterns. The @ character must be escaped, that is, to match for this character, you have to write **@@** in your pattern. This is required because pattern -parsers of syslog-ng are enclosed between @ characters. +parsers of {{ site.product.short_name }} are enclosed between @ characters. {: .notice--info} -When a new message arrives, syslog-ng attempts to classify it using the +When a new message arrives, {{ site.product.short_name }} attempts to classify it using the pattern database. The available patterns are organized alphabetically -into a tree, and syslog-ng inspects the message character-by-character, +into a tree, and {{ site.product.short_name }} inspects the message character-by-character, starting from the beginning. This approach ensures that only a small subset of the rules must be evaluated at any given step, resulting in high processing speed. Note that the speed of classifying messages is @@ -31,8 +31,8 @@ practically independent from the total number of rules. For example, if the message begins with the Apple string, only patterns beginning with the character A are considered. In the next step, -syslog-ng selects the patterns that start with Ap, and so on, until -there is no more specific pattern left. The syslog-ng application has a +{{ site.product.short_name }} selects the patterns that start with Ap, and so on, until +there is no more specific pattern left. The {{ site.product.short_name }} application has a strong preference for rules that match the input string completely. Note that literal matches take precedence over pattern parser matches: @@ -41,7 +41,7 @@ literal, and another pattern that would match it with a parser, the pattern with the literal match is selected. Using the previous example, if at the third step there is the literal pattern Apport and a pattern parser Ap@STRING@, the Apport pattern is matched. If the literal does -not match the incoming string (for example, Apple), syslog-ng attempts +not match the incoming string (for example, Apple), {{ site.product.short_name }} attempts to match the pattern with the parser. However, if there are two or more parsers on the same level, only the first one will be applied, even if it does not perfectly match the message. diff --git a/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/002_Artificial_ignorance.md b/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/002_Artificial_ignorance.md index 55244614..39327e66 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/002_Artificial_ignorance.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/002_Artificial_ignorance.md @@ -11,11 +11,11 @@ description: >- never seen before is anomalous\" (Marcus J. Ranum). --- -The syslog-ng application can classify messages using a pattern +The {{ site.product.short_name }} application can classify messages using a pattern database: messages that do not match any pattern are classified as unknown. This provides a way to use artificial ignorance to review your log messages. You can periodically review the unknown messages --- -syslog-ng can send them to a separate destination, and add patterns for +{{ site.product.short_name }} can send them to a separate destination, and add patterns for them to the pattern database. By reviewing and manually classifying the unknown messages, you can iteratively classify more and more messages, until only the really anomalous messages show up as unknown. diff --git a/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/README.md b/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/README.md index 7d51c311..1cda824d 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/000_Classifying_log_messages/README.md @@ -2,9 +2,9 @@ title: Classifying log messages id: adm-parser-db-class description: >- - The syslog-ng application can compare the contents of the received log + The {{ site.product.short_name }} application can compare the contents of the received log messages to predefined message patterns. By comparing the messages to - the known patterns, syslog-ng is able to identify the exact type of the + the known patterns, {{ site.product.short_name }} is able to identify the exact type of the messages, and sort them into message classes. The message classes can be used to classify the type of the event described in the log message. The message classes can be customized, and for example, can label the @@ -12,13 +12,13 @@ description: >- events. --- -To find the pattern that matches a particular message, syslog-ng uses a +To find the pattern that matches a particular message, {{ site.product.short_name }} uses a method called longest prefix match radix tree. This means that syslog-ng creates a tree structure of the available patterns, where the different characters available in the patterns for a given position are the branches of the tree. -To classify a message, syslog-ng selects the first character of the +To classify a message, {{ site.product.short_name }} selects the first character of the message (the text of message, not the header), and selects the patterns starting with this character, other patterns are ignored for the rest of the process. After that, the second character of the message is compared @@ -38,13 +38,13 @@ details of available pattern parsers, see Using pattern parsers. The functionality of the pattern database is similar to that of the logcheck project, but it is much easier to write and maintain the -patterns used by syslog-ng, than the regular expressions used by -logcheck. Also, it is much easier to understand syslog-ng pattens than +patterns used by {{ site.product.short_name }}, than the regular expressions used by +logcheck. Also, it is much easier to understand {{ site.product.short_name }} pattens than regular expressions. Pattern matching based on regular expressions is computationally very intensive, especially when the number of patterns increases. The -solution used by syslog-ng can be performed real-time, and is +solution used by {{ site.product.short_name }} can be performed real-time, and is independent from the number of patterns, so it scales much better. The following patterns describe the same message: Accepted password for bazsi from 10.50.0.247 port 42156 ssh2 @@ -55,7 +55,7 @@ Accepted for \[\^\[:space:\]\]+ from \[\^\[:space:\]\]+ port \[0-9\]+( (ssh\|ssh2))? -A syslog-ng database pattern for this message: Accepted +A {{ site.product.short_name }} database pattern for this message: Accepted @QSTRING:auth\_method: @ for@QSTRING:username: @from @QSTRING:client\_addr: @port @NUMBER:port:@ ssh2 diff --git a/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/000_Using_parser_results.md b/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/000_Using_parser_results.md index c737610f..77075e82 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/000_Using_parser_results.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/000_Using_parser_results.md @@ -64,7 +64,7 @@ filter fi_class_rule { Pattern database rules can assign tags to messages. These tags can be used to select tagged messages using the tags() filter function. -NOTE: The syslog-ng OSE application automatically adds the class of the +NOTE: The {{ site.product.short_name }} application automatically adds the class of the message as a tag using the .classifier.\ format. For example, messages classified as \"system\" receive the .classifier.system tag. Use the **tags()** filter function to select diff --git a/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/001_Downloading_sample_patterndb.md b/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/001_Downloading_sample_patterndb.md index 84f83835..984c0014 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/001_Downloading_sample_patterndb.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/001_Downloading_sample_patterndb.md @@ -11,7 +11,7 @@ Note that these pattern databases are only samples and experimental databases. They are not officially supported, and may or may not work in your environment. -The syslog-ng pattern databases are available under the Creative Commons +The {{ site.product.short_name }} pattern databases are available under the Creative Commons Attribution-Share Alike 3.0 (CC by-SA) license. This includes every pattern database written by community contributors or the One Identity staff. It means that: @@ -22,9 +22,9 @@ staff. It means that: modifications under the same license. - If you redistribute the pattern databases, you must make it obvious - that the source of the original syslog-ng pattern databases is the + that the source of the original {{ site.product.short_name }} pattern databases is the One Identity patterndb GitHub page. If you create patterns that are not available in the GitHub repository, -consider sharing them with us and the syslog-ng community. To do this, -open a GitHub issue, or send them to the syslog-ng mailing list. +consider sharing them with us and the {{ site.product.short_name }} community. To do this, +open a GitHub issue, or send them to the {{ site.product.short_name }} mailing list. diff --git a/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/002_Correlating_log_messages.md b/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/002_Correlating_log_messages.md index 756a8ccc..c4020605 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/002_Correlating_log_messages.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/002_Correlating_log_messages.md @@ -2,7 +2,7 @@ title: Correlating log messages using pattern databases id: adm-parser-db-correlate description: >- - The syslog-ng OSE application can correlate log messages identified + The {{ site.product.short_name }} application can correlate log messages identified using pattern databases. Alternatively, you can also correlate log messages using the grouping-by() parser. For details, see Correlating messages using the grouping-by() parser. @@ -17,7 +17,7 @@ authentication failure, and the reason of the failure in the next message. Of course, messages that are not so directly related can be correlated as well, for example, login-logout messages, and so on. -To correlate log messages with syslog-ng OSE, you can add messages into +To correlate log messages with {{ site.product.short_name }}, you can add messages into message-groups called contexts. A context consists of a series of log messages that are related to each other in some way, for example, the log messages of an SSH session can belong to the same context. As new @@ -37,43 +37,42 @@ is identical), application (${HOST}${PROGRAM} is identical), or host, while the context-id actually adds the message to the context specified in the id. The context-id can be a simple string, or can contain macros or values extracted from the log messages for further filtering. -Starting with syslog-ng OSE version 3.5, if a message is added to a -context, syslog-ng OSE automatically adds the identifier of the context +Starting with {{ site.product.short_name }} version 3.5, if a message is added to a +context, {{ site.product.short_name }} automatically adds the identifier of the context to the .classifier.context\_id macro of the message. -**NOTE:** Message contexts are persistent and are not lost when syslog-ng -OSE is reloaded (SIGHUP), but are lost when syslog-ng OSE is restarted. +**NOTE:** Message contexts are persistent and are not lost when {{ site.product.short_name }} is reloaded (SIGHUP), but are lost when {{ site.product.short_name }} is restarted. {: .notice--info} Another parameter of a rule is the context-timeout attribute, which -determines how long a context is stored, that is, how long syslog-ng OSE +determines how long a context is stored, that is, how long {{ site.product.short_name }} waits for related messages to arrive. Note the following points about timeout values: -- When a new message is added to a context, syslog-ng OSE will restart +- When a new message is added to a context, {{ site.product.short_name }} will restart the timeout using the context-timeout set for the new message. - When calculating if the timeout has already expired or not, - syslog-ng OSE uses the timestamps of the incoming messages, not + {{ site.product.short_name }} uses the timestamps of the incoming messages, not system time elapsed between receiving the two messages (unless the messages do not include a timestamp, or the **keep-timestamp(no)** - option is set). That way syslog-ng OSE can be used to process and + option is set). That way {{ site.product.short_name }} can be used to process and correlate already existing log messages offline. However, the timestamps of the messages must be in chronological order (that is, a new message cannot be older than the one already processed), and if a message is newer than the current system time (that is, it - seems to be coming from the future), syslog-ng OSE will replace its + seems to be coming from the future), {{ site.product.short_name }} will replace its timestamp with the current system time. - Example: How syslog-ng OSE calculates context-timeout + Example: How {{ site.product.short_name }} calculates context-timeout Consider the following two messages: ><38>1990-01-01T14:45:25 customhostname program6[1234]: program6 testmessage ><38>1990-01-01T14:46:25 customhostname program6[1234]: program6 testmessage - If the context-timeout is 10 seconds and syslog-ng OSE receives the + If the context-timeout is 10 seconds and {{ site.product.short_name }} receives the messages within 1 second, the timeout event will occour immediately, because the difference of the two timestamp (60 seconds) is larger than the timeout value (10 seconds). diff --git a/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/README.md b/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/README.md index e471289c..1e80d43d 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/001_Using_pattern_databases/README.md @@ -4,7 +4,7 @@ id: adm-parser-db-patterndb --- To classify messages using a pattern database, include a db-parser() -statement in your syslog-ng configuration file using the following +statement in your {{ site.product.short_name }} configuration file using the following syntax: **Declaration** @@ -43,7 +43,7 @@ log { }; ``` -By default, syslog-ng tries to apply the patterns to the body of the +By default, {{ site.product.short_name }} tries to apply the patterns to the body of the incoming messages, that is, to the value of the ${MESSAGE} macro. If you want to apply patterns to a specific field, or to an expression created from the log message (for example, using template functions or other @@ -58,7 +58,7 @@ parser pattern_db { }; ``` -By default, syslog-ng uses the name of the application (content of the +By default, {{ site.product.short_name }} uses the name of the application (content of the ${PROGRAM} macro) to select which rules to apply to the message. If the content of the ${PROGRAM} macro is not the proper name of the application, you can use the program-template() option to specify it. @@ -73,7 +73,7 @@ parser pattern_db { }; ``` -Note that the program-template() option is available in syslog-ng OSE +Note that the program-template() option is available in {{ site.product.short_name }} version 3.21 and later. **NOTE:** The default location of the pattern database file is @@ -133,7 +133,7 @@ log { ``` For details on how to create your own pattern databases see -The syslog-ng pattern database format. +The {{ site.product.short_name }} pattern database format. ## Drop unmatched messages @@ -151,5 +151,5 @@ parser pattern_db { }; ``` -Note that the drop-unmatched() option is available in syslog-ng OSE +Note that the drop-unmatched() option is available in {{ site.product.short_name }} version 3.11 and later. diff --git a/doc/_admin-guide/120_Parser/023_db_parser/002_Triggering_actions/002_Actions_and_message_correlation.md b/doc/_admin-guide/120_Parser/023_db_parser/002_Triggering_actions/002_Actions_and_message_correlation.md index b49374e6..aed1aef5 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/002_Triggering_actions/002_Actions_and_message_correlation.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/002_Triggering_actions/002_Actions_and_message_correlation.md @@ -7,7 +7,7 @@ description: >- Correlating log messages using pattern databases. --- -- The syslog-ng OSE application automatically fills the fields for the +- The {{ site.product.short_name }} application automatically fills the fields for the generated message based on the scope of the context, for example, the HOST and PROGRAM fields if the context-scope is program. @@ -37,7 +37,7 @@ description: >- - You can use the name-value pairs of other messages of the context. If you set the inherit-properties attribute of the generated message - to **context**, syslog-ng OSE collects every name-value pair from + to **context**, {{ site.product.short_name }} collects every name-value pair from each message stored in the context, and includes them in the generated message. This means that you can refer to a name-value pair without having to know which message of the context included @@ -126,15 +126,15 @@ description: >- Example: Sending alert when a client disappears The following example shows how to combine various features of - syslog-ng OSE to send an email alert if a client stops sending + {{ site.product.short_name }} to send an email alert if a client stops sending messages. - Configure your clients to send MARK messages periodically. It is enough to configure MARK messages for the destination that - forwards your log messages to your syslog-ng OSE server + forwards your log messages to your {{ site.product.short_name }} server (mark-mode(periodical)). - - On your syslog-ng OSE server, create a pattern database rule + - On your {{ site.product.short_name }} server, create a pattern database rule that matches on the incoming MARK messages. In the rule, set the context-scope attribute to **host**, and the context-timeout attribute to a value that is higher than the mark-freq value set @@ -146,5 +146,5 @@ description: >- context-timeout expires, and the server does not receive a new MARK message (\). - - On your syslog-ng OSE server, use the pattern database in the + - On your {{ site.product.short_name }} server, use the pattern database in the log path that handles incoming log messages. diff --git a/doc/_admin-guide/120_Parser/023_db_parser/002_Triggering_actions/README.md b/doc/_admin-guide/120_Parser/023_db_parser/002_Triggering_actions/README.md index 57bf6e9d..78cc9685 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/002_Triggering_actions/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/002_Triggering_actions/README.md @@ -2,7 +2,7 @@ title: Triggering actions for identified messages id: adm-parser-db-trigger description: >- - The syslog-ng OSE application can generate (trigger) messages + The {{ site.product.short_name }} application can generate (trigger) messages automatically if certain events occur, for example, a specific log message is received, or the correlation timeout of a message expires. Basically, you can define messages for every pattern database rule that @@ -90,7 +90,7 @@ overriding-original-program-name ### Example: Creating a new context from an action -In syslog-ng OSE version 3.8 and newer, you can create a new context as +In {{ site.product.short_name }} version 3.8 and newer, you can create a new context as an action. For details, see [[Element: create-context]]. The following example creates a new context whenever the rule matches. diff --git a/doc/_admin-guide/120_Parser/023_db_parser/003_Creating_pattern_databases/001_Pattern_parsers.md b/doc/_admin-guide/120_Parser/023_db_parser/003_Creating_pattern_databases/001_Pattern_parsers.md index b12940ea..b0db9616 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/003_Creating_pattern_databases/001_Pattern_parsers.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/003_Creating_pattern_databases/001_Pattern_parsers.md @@ -1,9 +1,9 @@ --- -title: Pattern parsers of syslog-ng OSE +title: Pattern parsers of {{ site.product.short_name }} id: adm-parser-db-pattern-parsers --- -The following parsers are available in syslog-ng OSE. +The following parsers are available in {{ site.product.short_name }}. ## @ANYSTRING@ @@ -43,7 +43,7 @@ be a stopcharacter, nor can line-breaks or tabs. ## @FLOAT@ A floating-point number that may contain a dot (.) character. (Up to -syslog-ng 3.1, the name of this parser was @DOUBLE@.) +{{ site.product.short_name }} 3.1, the name of this parser was @DOUBLE@.) ## @HOSTNAME@ @@ -128,7 +128,7 @@ application have whitespace padding after the username). For example, the @OPTIONALSET:: \"@ parser will parse any combination of whitespaces and double-quotes. -Available in syslog-ng OSE 3.31 and later. +Available in {{ site.product.short_name }} 3.31 and later. **NOTE:** The @OPTIONALSET@ parser works almost exactly like the [[@SET@]] parser, but the @OPTIONALSET@ parser @@ -163,7 +163,7 @@ padding after the username). For example, the @SET:: \"@ parser will parse any combination of whitespaces and double-quotes. -Available in syslog-ng OSE 3.4 and later. +Available in {{ site.product.short_name }} 3.4 and later. ## @STRING@ diff --git a/doc/_admin-guide/120_Parser/023_db_parser/003_Creating_pattern_databases/002_Whatsnew_in_patterndb_v5.md b/doc/_admin-guide/120_Parser/023_db_parser/003_Creating_pattern_databases/002_Whatsnew_in_patterndb_v5.md index 878115d0..6a747b68 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/003_Creating_pattern_databases/002_Whatsnew_in_patterndb_v5.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/003_Creating_pattern_databases/002_Whatsnew_in_patterndb_v5.md @@ -1,5 +1,5 @@ --- -title: "What's new in the syslog-ng pattern database format V5" +title: "What's new in the {{ site.product.short_name }} pattern database format V5" id: adm-parser-db-whatsnew --- diff --git a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/000_patterns/README.md b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/000_patterns/README.md index bf507782..e0e6658c 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/000_patterns/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/000_patterns/README.md @@ -19,7 +19,7 @@ N/A ## Children -- *pattern*: The name of the application --- syslog-ng matches this +- *pattern*: The name of the application --- {{ site.product.short_name }} matches this value to the ${PROGRAM} header of the syslog message to find the rulesets applicable to the syslog message. @@ -38,9 +38,9 @@ N/A \postfix\\@ESTRING:.postfix.component:\[@\ NOTE: If the \ element of a ruleset is not specified, - syslog-ng OSE will use this ruleset as a fallback ruleset: it will - apply the ruleset to messages that have an empty PROGRAM header, or - if none of the program patterns matched the PROGRAM header of the + {{ site.product.short_name }} will use this ruleset as a fallback ruleset: it will + apply the ruleset to messages that have an empty ${PROGRAM} header, or + if none of the program patterns matched the ${PROGRAM} header of the incoming message. ### Example diff --git a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/001_rules/000_rule/README.md b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/001_rules/000_rule/README.md index 7047fdd4..02f1f09f 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/001_rules/000_rule/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/001_rules/000_rule/README.md @@ -34,7 +34,7 @@ The *\* element may contain any number of *\* elements. - *id*: The globally unique ID of the rule. -- *class*: The class of the rule --- syslog-ng assigns this class to +- *class*: The class of the rule --- {{ site.product.short_name }} assigns this class to the messages matching a pattern of this rule. - *context-id*: OPTIONAL --- An identifier to group related log @@ -43,13 +43,13 @@ The *\* element may contain any number of *\* elements. message (for example, ssh-sessions for log messages related to SSH traffic), but can also contain macros to generate IDs dynamically. When using macros in IDs, see also the context-scope attribute. - Starting with syslog-ng OSE version 3.5, if a message is added to a - context, syslog-ng OSE automatically adds the identifier of the + Starting with {{ site.product.short_name }} version 3.5, if a message is added to a + context, {{ site.product.short_name }} automatically adds the identifier of the context to the .classifier.context\_id macro of the message. For details on correlating messages, see Correlating log messages using pattern databases. - NOTE: The syslog-ng OSE application determines the context of the + NOTE: The {{ site.product.short_name }} application determines the context of the message *after* the pattern matching is completed. This means that macros and name-value pairs created by the matching pattern database rule can be used as context-id macros. @@ -70,7 +70,7 @@ The *\* element may contain any number of *\* elements. - *process*: Only messages that are generated by the same process of a client belong to the same context, that is, messages that have identical ${HOST}, ${PROGRAM} and ${PID} values. This is - the default behavior of syslog-ng OSE if context-scope is not + the default behavior of {{ site.product.short_name }} if context-scope is not specified. - *program*: Messages that are generated by the same application diff --git a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/002_actions/000_action/000_create_context/README.md b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/002_actions/000_action/000_create_context/README.md index 9326716d..8fbc7a9e 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/002_actions/000_action/000_create_context/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/002_actions/000_action/000_create_context/README.md @@ -13,7 +13,7 @@ id: adm-parser-db-elem-create-context OPTIONAL --- Creates a new correlation context from the current message and its associated context. This can be used to \"split\" a context. -Available in syslog-ng OSE version 3.8 and later. +Available in {{ site.product.short_name }} version 3.8 and later. ## Attributes @@ -23,13 +23,13 @@ Available in syslog-ng OSE version 3.8 and later. message (for example, ssh-sessions for log messages related to SSH traffic), but can also contain macros to generate IDs dynamically. When using macros in IDs, see also the context-scope attribute. - Starting with syslog-ng OSE version 3.5, if a message is added to a - context, syslog-ng OSE automatically adds the identifier of the + Starting with {{ site.product.short_name }} version 3.5, if a message is added to a + context, {{ site.product.short_name }} automatically adds the identifier of the context to the .classifier.context\_id macro of the message. For details on correlating messages, see Correlating log messages using pattern databases. - **NOTE:** The syslog-ng OSE application determines the context of the + **NOTE:** The {{ site.product.short_name }} application determines the context of the message *after* the pattern matching is completed. This means that macros and name-value pairs created by the matching pattern database rule can be used as context-id macros. @@ -51,7 +51,7 @@ Available in syslog-ng OSE version 3.8 and later. - *process*: Only messages that are generated by the same process of a client belong to the same context, that is, messages that have identical ${HOST}, ${PROGRAM} and ${PID} values. This is - the default behavior of syslog-ng OSE if context-scope is not + the default behavior of {{ site.product.short_name }} if context-scope is not specified. - *program*: Messages that are generated by the same application @@ -79,7 +79,7 @@ Available in syslog-ng OSE version 3.8 and later. - *inherit-mode*: This attribute controls which name-value pairs and tags are propagated to the newly generated message. - - context: syslog-ng OSE collects every name-value pair from + - context: {{ site.product.short_name }} collects every name-value pair from each message stored in the context, and includes them in the generated message. If a name-value pair appears in multiple messages of the context, the value in the latest message diff --git a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/002_actions/000_action/README.md b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/002_actions/000_action/README.md index b141a5e4..cb8f6763 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/002_actions/000_action/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/002_actions/000_action/README.md @@ -15,7 +15,7 @@ when a message matching the rule is received. ## Attributes -- *condition*: A syslog-ng filter expression. The action is performed +- *condition*: A {{ site.product.short_name }} filter expression. The action is performed only if the message matches the filter. The filter can include macros and name-value pairs extracted from the message. When using actions together with message-correlation, you can also use the @@ -32,7 +32,7 @@ when a message matching the rule is received. maximum one message is generated per minute for every host that sends a log message matching the rule. Excess messages are dropped. Note that when applying the rate to the generated messages, - syslog-ng OSE uses the timestamps of the log messages, similarly to + {{ site.product.short_name }} uses the timestamps of the log messages, similarly to calculating the context-timeout. That way rate is applied correctly even if the log messages are processed offline. @@ -52,7 +52,7 @@ when a message matching the rule is received. - *create-context* - *message*: A container element storing the message to be sent when - the action is executed. Currently syslog-ng OSE sends these messages + the action is executed. Currently {{ site.product.short_name }} sends these messages to the internal() destination. - For details on the message context, see @@ -64,7 +64,7 @@ when a message matching the rule is received. - *inherit-mode*: This attribute controls which name-value pairs and tags are propagated to the newly generated message. - - context: syslog-ng OSE collects every name-value pair from + - context: {{ site.product.short_name }} collects every name-value pair from each message stored in the context, and includes them in the generated message. If a name-value pair appears in multiple messages of the context, the value in the latest message @@ -80,7 +80,7 @@ when a message matching the rule is received. - none: An empty message is created, without inheriting any tags or name-value pairs. - This option is available in syslog-ng OSE 3.8 and later. + This option is available in {{ site.product.short_name }} 3.8 and later. - *inherit-properties*: This attribute is deprecated. Use the **inherit-mode** attribute instead. @@ -88,7 +88,7 @@ when a message matching the rule is received. If set to **TRUE**, the original message that triggered the action is cloned, including its name-value pairs and tags. - If set to **context**, syslog-ng OSE collects every name-value + If set to **context**, {{ site.product.short_name }} collects every name-value pair from each message stored in the context, and includes them in the generated message. If a name-value pair appears in multiple messages of the context, the value in the latest @@ -117,7 +117,7 @@ when a message matching the rule is received. SEVERITY fields to the message. When the action is used together with message correlation, the - syslog-ng OSE application automatically adds fields to the + {{ site.product.short_name }} application automatically adds fields to the message based on the context-scope parameter. For example, using context-scope=\"process\" automatically fills the HOST, PROGRAM, and PID fields of the generated message. diff --git a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/003_tags/README.md b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/003_tags/README.md index c2e7dc1b..94df2199 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/003_tags/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/003_tags/README.md @@ -14,7 +14,7 @@ OPTIONAL --- An element containing custom keywords (tags) about the messages matching the patterns. The tags can be used to label specific events (for example, user logons). It is also possible to filter on these tags later (for details, see Tagging messages). Starting with -syslog-ng Open Source Edition 3.2, the list of tags assigned to a +{{ site.product.name }} 3.2, the list of tags assigned to a message can be referenced with the ${TAGS} macro. ## Attributes diff --git a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/README.md b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/README.md index 3dbacb1b..f8d77595 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/000_patterndb/000_ruleset/README.md @@ -16,7 +16,7 @@ A \ element may contain any number of \ elements. ## Attributes - *name*: The name of the application. Note that the function of this - attribute is to make the database more readable, syslog-ng uses the + attribute is to make the database more readable, {{ site.product.short_name }} uses the \ element to identify the applications sending log messages. diff --git a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/README.md b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/README.md index 4c117234..b97ab872 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/004_The_syslog-ng_patterndb_format/README.md @@ -1,5 +1,5 @@ --- -title: The syslog-ng pattern database format +title: The {{ site.product.short_name }} pattern database format id: adm-parser-db-patterndb-format description: >- Pattern databases are XML files that contain rules describing the @@ -11,7 +11,7 @@ description: >- For a sample database containing only a single pattern, see Example: A pattern database containing a single rule. -**TIP:** Use the **pdbtool** utility that is bundled with syslog-ng to test +**TIP:** Use the **pdbtool** utility that is bundled with {{ site.product.short_name }} to test message patterns and convert existing databases to the latest format. For details, see The pdbtool manual page. To automatically create an initial pattern database from an existing log diff --git a/doc/_admin-guide/120_Parser/023_db_parser/README.md b/doc/_admin-guide/120_Parser/023_db_parser/README.md index 99aa996f..aeab0514 100644 --- a/doc/_admin-guide/120_Parser/023_db_parser/README.md +++ b/doc/_admin-guide/120_Parser/023_db_parser/README.md @@ -23,6 +23,6 @@ Actions and message correlation Creating pattern databases Using pattern parsers -[[What’s new in the syslog-ng pattern database format V5|adm-parser-db-whatsnew]] +[[What’s new in the {{ site.product.short_name }} pattern database format V5|adm-parser-db-whatsnew]] -The syslog-ng pattern database format +The {{ site.product.short_name }} pattern database format diff --git a/doc/_admin-guide/120_Parser/README.md b/doc/_admin-guide/120_Parser/README.md index 41a2f792..9d985d99 100644 --- a/doc/_admin-guide/120_Parser/README.md +++ b/doc/_admin-guide/120_Parser/README.md @@ -3,7 +3,7 @@ title: 'parser: Parse and segment structured messages' short_title: Parse and segment structured messages id: adm-parser description: >- - The filters and default macros of syslog-ng work well on the headers and + The filters and default macros of {{ site.product.short_name }} work well on the headers and metainformation of the log messages, but are rather limited when processing the content of the messages. Parsers can segment the content of the messages into name-value pairs, and these names can be used as @@ -13,10 +13,10 @@ description: >- filters and rewrite rules. --- -The syslog-ng OSE application provides the following possibilities to +The {{ site.product.short_name }} application provides the following possibilities to parse the messages, or parts of the messages: -- By default, syslog-ng OSE parses every message as a syslog message. +- By default, {{ site.product.short_name }} parses every message as a syslog message. To disable message parsing, use the **flags(no-parse)** option of the source. To explicitly parse a message as a syslog message, use the **syslog** parser. For details, see @@ -38,10 +38,10 @@ parse the messages, or parts of the messages: Parsing dates and timestamps. - To write a custom parser in Python or Hy, see Python parser. -- To parse the tags sent by another syslog-ng host. For details, see +- To parse the tags sent by another {{ site.product.short_name }} host. For details, see Parsing tags. -The syslog-ng OSE application provides built-in parsers for the +The {{ site.product.short_name }} application provides built-in parsers for the following application logs: - Apache HTTP server access logs. For details, see @@ -49,7 +49,7 @@ following application logs: - Cisco devices. For details, see Cisco parser. - Messages formatted using the enterprise-wide message model (EWMM) of - syslog-ng OSE. For details, see + {{ site.product.short_name }}. For details, see Parsing enterprise-wide message model (EWMM) messages. - Iptables logs. For details, see iptables parser. diff --git a/doc/_admin-guide/130_Correlating_log_messages/000_Correlating_messages_with_grouping-by.md b/doc/_admin-guide/130_Correlating_log_messages/000_Correlating_messages_with_grouping-by.md index 55befdaf..f24bb93f 100644 --- a/doc/_admin-guide/130_Correlating_log_messages/000_Correlating_messages_with_grouping-by.md +++ b/doc/_admin-guide/130_Correlating_log_messages/000_Correlating_messages_with_grouping-by.md @@ -2,7 +2,7 @@ title: Correlating messages using the grouping-by() parser id: adm-cor-grouping-by description: >- - The syslog-ng OSE application can correlate log messages that match a + The {{ site.product.short_name }} application can correlate log messages that match a set of filters. This works similarly to SQL GROUP BY statements. Alternatively, you can also correlate log messages using pattern databases. For details, see Correlating log messages using pattern databases. @@ -17,7 +17,7 @@ authentication failure, and the reason of the failure in the next message. Of course, messages that are not so directly related can be correlated as well, for example, login-logout messages, and so on. -To correlate log messages with syslog-ng OSE, you can add messages into +To correlate log messages with {{ site.product.short_name }}, you can add messages into message-groups called contexts. A context consists of a series of log messages that are related to each other in some way, for example, the log messages of an SSH session can belong to the same context. As new @@ -44,16 +44,15 @@ is added to a context: scope(), key(), and where(). context, you can use the **where()** option. The timeout() option determines how long a context is stored, that is, -how long syslog-ng OSE waits for related messages to arrive. If the +how long {{ site.product.short_name }} waits for related messages to arrive. If the group has a specific log message that ends the context (for example, a logout message), you can specify it using the **trigger()** option. When the context is closed, and the messages match the filter set in the -having() option (or the having() option is not set), syslog-ng OSE +having() option (or the having() option is not set), {{ site.product.short_name }} generates and sends the message set in the aggregate() option. -**NOTE:** Message contexts are persistent and are not lost when syslog-ng -OSE is reloaded (SIGHUP), but are lost when syslog-ng OSE is restarted. +**NOTE:** Message contexts are persistent and are not lost when {{ site.product.short_name }} is reloaded (SIGHUP), but are lost when {{ site.product.short_name }} is restarted. {: .notice--info} **Declaration** @@ -74,29 +73,29 @@ key(), aggregate(), and timeout(). Note the following points about timeout values: -- When a new message is added to a context, syslog-ng OSE will restart +- When a new message is added to a context, {{ site.product.short_name }} will restart the timeout using the context-timeout set for the new message. - When calculating if the timeout has already expired or not, - syslog-ng OSE uses the timestamps of the incoming messages, not + {{ site.product.short_name }} uses the timestamps of the incoming messages, not system time elapsed between receiving the two messages (unless the messages do not include a timestamp, or the **keep-timestamp(no)** - option is set). That way syslog-ng OSE can be used to process and + option is set). That way {{ site.product.short_name }} can be used to process and correlate already existing log messages offline. However, the timestamps of the messages must be in chronological order (that is, a new message cannot be older than the one already processed), and if a message is newer than the current system time (that is, it - seems to be coming from the future), syslog-ng OSE will replace its + seems to be coming from the future), {{ site.product.short_name }} will replace its timestamp with the current system time. - Example: How syslog-ng OSE calculates context-timeout + Example: How {{ site.product.short_name }} calculates context-timeout Consider the following two messages: ><38>1990-01-01T14:45:25 customhostname program6[1234]: program6 testmessage ><38>1990-01-01T14:46:25 customhostname program6[1234]: program6 testmessage - If the context-timeout is 10 seconds and syslog-ng OSE receives the + If the context-timeout is 10 seconds and {{ site.product.short_name }} receives the messages within 1 second, the timeout event will occour immediately, because the difference of the two timestamp (60 seconds) is larger than the timeout value (10 seconds). @@ -124,7 +123,7 @@ running ntpdate: These lines are connected by their second field: `msg=audit(1440927434.124:40347)`. You can parse such messages using the -Linux audit parser of syslog-ng OSE, and then +Linux audit parser of {{ site.product.short_name }}, and then use the parsed .auditd.msg field to group the messages. ```config @@ -139,5 +138,4 @@ parser auditd_groupingby { }; ``` -For another example, see [The grouping-by() parser in syslog-ng blog -post](https://www.syslog-ng.com/community/b/blog/posts/the-grouping-by-parser-in-syslog-ng-3-8) +For another example, see The grouping-by() parser in syslog-ng blog post. diff --git a/doc/_admin-guide/130_Correlating_log_messages/002_grouping-by_options.md b/doc/_admin-guide/130_Correlating_log_messages/002_grouping-by_options.md index 2992350a..97bdb7ba 100644 --- a/doc/_admin-guide/130_Correlating_log_messages/002_grouping-by_options.md +++ b/doc/_admin-guide/130_Correlating_log_messages/002_grouping-by_options.md @@ -7,7 +7,7 @@ The grouping-by has the following options. ## aggregate() -*Description:* Specifies the message that syslog-ng OSE generates when +*Description:* Specifies the message that {{ site.product.short_name }} generates when the context is closed. This option is mandatory. Note that the aggregate() option has access to every message of the @@ -16,7 +16,7 @@ context, and has the following options: - *inherit-mode*: This attribute controls which name-value pairs and tags are propagated to the newly generated message. - - context: syslog-ng OSE collects every name-value pair from each + - context: {{ site.product.short_name }} collects every name-value pair from each message stored in the context, and includes them in the generated message. If a name-value pair appears in multiple messages of the context, the value in the latest message will be @@ -45,7 +45,7 @@ context, and has the following options: ## having() -*Description:* Specifies a filter: syslog-ng OSE generates the aggregate +*Description:* Specifies a filter: {{ site.product.short_name }} generates the aggregate message only if the result of the filter expression is true. Note that the having() filter has access to every message of the context. For details on accessing other messages of the context, see @@ -53,7 +53,7 @@ Referencing earlier messages of the context. ## inject-mode() -*Description:* By default, the aggregated message that syslog-ng OSE +*Description:* By default, the aggregated message that {{ site.product.short_name }} generates is injected into the same place where the grouping-by() statement is referenced in the log path. To post the generated message into the internal() source instead, use the **inject-mode()** option in @@ -132,18 +132,18 @@ works similarly to the SQL ORDER BY keyword. NOTE: -- Sorting is done by syslog-ng OSE when the context is about to be - closed by trigger() or timeout(), but before syslog-ng OSE evaluates +- Sorting is done by {{ site.product.short_name }} when the context is about to be + closed by trigger() or timeout(), but before {{ site.product.short_name }} evaluates the having() option. -- syslog-ng OSE can slow down if you specify several sort-key macro or +- {{ site.product.short_name }} can slow down if you specify several sort-key macro or template options, for example, sort-key(\"${3}${4}\"). ## timeout() *Description:* Specifies the maximum time to wait for all messages of the context to arrive. If no new message is added to the context during -this period, the context is assumed to be complete and syslog-ng OSE +this period, the context is assumed to be complete and {{ site.product.short_name }} generates and sends the triggered message (specified in the aggregate(), and clears the context. If a new message is added to the context, the timeout period is @@ -155,7 +155,7 @@ This option is mandatory, and its value must be equal to or greater than ## trigger() *Description:* A filter that specifies the final message of the context. -If the filter matches the incoming message, syslog-ng OSE generates and +If the filter matches the incoming message, {{ site.product.short_name }} generates and sends the triggered message (specified in the aggregate(), and clears the context. diff --git a/doc/_admin-guide/130_Correlating_log_messages/README.md b/doc/_admin-guide/130_Correlating_log_messages/README.md index 3fc534c9..7a346b85 100644 --- a/doc/_admin-guide/130_Correlating_log_messages/README.md +++ b/doc/_admin-guide/130_Correlating_log_messages/README.md @@ -2,7 +2,7 @@ title: Correlating log messages id: adm-correlate description: >- - The syslog-ng OSE application can correlate log messages. Alternatively, + The {{ site.product.short_name }} application can correlate log messages. Alternatively, you can also correlate log messages using pattern databases. For details, see Correlating log messages using pattern databases. --- @@ -24,7 +24,7 @@ authentication failure, and the reason of the failure in the next message. Of course, messages that are not so directly related can be correlated as well, for example, login-logout messages, and so on. -To correlate log messages with syslog-ng OSE, you can add messages into +To correlate log messages with {{ site.product.short_name }}, you can add messages into message-groups called contexts. A context consists of a series of log messages that are related to each other in some way, for example, the log messages of an SSH session can belong to the same context. As new diff --git a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/000_Using_filters_as_selector.md b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/000_Using_filters_as_selector.md index 897ca6cf..4b73a51a 100644 --- a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/000_Using_filters_as_selector.md +++ b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/000_Using_filters_as_selector.md @@ -5,8 +5,8 @@ description: >- To better control to which log messages you add contextual data, you can use filters as selectors. In this case, the first column of the CSV database file must contain the name of a filter. For each message, - syslog-ng OSE evaluates the filters in the order they appear in the - database file. If a filter matches the message, syslog-ng OSE adds the + {{ site.product.short_name }} evaluates the filters in the order they appear in the + database file. If a filter matches the message, {{ site.product.short_name }} adds the name-value pair related to the filter. --- @@ -19,9 +19,9 @@ f_localhost,source,localhost f_kern,domain,kernel ``` -Note that syslog-ng OSE does not evaluate other filters after the first +Note that {{ site.product.short_name }} does not evaluate other filters after the first match. For example, if you use the previous database file, and a message -matches both the f_auth and f_localhost filters, syslog-ng OSE adds +matches both the f_auth and f_localhost filters, {{ site.product.short_name }} adds only the name-value pair of f_auth to the message. To add multiple name-value pairs to a message, include a separate line @@ -37,7 +37,7 @@ You can also add data to messages that do not have a matching selector entry in the database using the default-selector() option. You must store the filters you reference in a database in a separate -file. This file is similar to a syslog-ng OSE configuration file, but +file. This file is similar to a {{ site.product.short_name }} configuration file, but must contain only a version string and filters (and optionally comments). You can use the **syslog-ng \--syntax-only \** command to ensure that the file is valid. For example, the content of @@ -63,6 +63,5 @@ parser p_add_context_data_filter { ``` If you modify the database file, or the file that contains the filters, -you have to reload syslog-ng OSE for the changes to take effect. If -reloading syslog-ng OSE or the files fails for some reason, syslog-ng -OSE will keep using the last working version of the file. +you have to reload {{ site.product.short_name }} for the changes to take effect. If +reloading {{ site.product.short_name }} or the files fails for some reason, {{ site.product.short_name }} will keep using the last working version of the file. diff --git a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/001_Shell_style_globbing.md b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/001_Shell_style_globbing.md index fd039b70..a51f6dde 100644 --- a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/001_Shell_style_globbing.md +++ b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/001_Shell_style_globbing.md @@ -2,14 +2,14 @@ title: Shell-style globbing in the selector id: adm-enrich-shell description: >- - Starting with in syslog-ng OSE 3.24 and later, you can use shell-style + Starting with in {{ site.product.short_name }} 3.24 and later, you can use shell-style globbing (* and ? wildcards) in the selector. --- To use globs in a selector 1. Use the **glob()** option within the selector() option in your - syslog-ng OSE configuration file, for example: + {{ site.product.short_name }} configuration file, for example: ```config parser p_add_context_data { @@ -41,7 +41,7 @@ Note the following points when using globbing in the selector: OSE appication does not evaluate other entries after the first match. -- In debug mode, syslog-ng OSE sends log messages to its internal() +- In debug mode, {{ site.product.short_name }} sends log messages to its internal() destination to help troubleshooting. For example: >[2019-09-21T06:01:10.748237] add-contextual-data(): Evaluating glob against message; glob-template='${PROGRAM}', string='postfix/smtpd', pattern='example-glob-entry1*', matched='0' diff --git a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/002_add-contextual-data_options.md b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/002_add-contextual-data_options.md index e85a6185..e290fc1a 100644 --- a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/002_add-contextual-data_options.md +++ b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/002_add-contextual-data_options.md @@ -17,7 +17,7 @@ The following options are required: selector(), database(). *Description:* Specifies the path to the CSV file, for example, /opt/syslog-ng/my-csv-database.csv. The extension of the file must be .csv, and can include Windows-style (CRLF) or UNIX-style (LF) -linebreaks. You can use absolute path, or relative to the syslog-ng OSE +linebreaks. You can use absolute path, or relative to the {{ site.product.short_name }} binary. ## default-selector() @@ -34,7 +34,7 @@ file: unknown-hostname,host-role,unknown ``` -In the syslog-ng OSE configuration file: +In the {{ site.product.short_name }} configuration file: ```config add-contextual-data( @@ -61,9 +61,9 @@ to help further processing. ## selector() -*Description:* Specifies the string or macro that syslog-ng OSE +*Description:* Specifies the string or macro that {{ site.product.short_name }} evaluates for each message, and if its value matches the ID of an entry -in the database, syslog-ng OSE adds the name-value pair of every +in the database, {{ site.product.short_name }} adds the name-value pair of every matching database entry to the log message. You can use the following in the selector() option. diff --git a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/README.md b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/README.md index 40ee2fe3..1a169193 100644 --- a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/README.md +++ b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/000_Adding_metadata_from_external_file/README.md @@ -2,7 +2,7 @@ title: Adding metadata from an external file id: adm-enrich-meta-ext description: >- - In syslog-ng OSE version 3.8 and later, you can use an external database + In {{ site.product.short_name }} version 3.8 and later, you can use an external database file to add additional metadata to your log messages. For example, you can create a database (or export it from an existing tool) that contains a list of hostnames or IP addresses, and the department of your @@ -19,10 +19,10 @@ format, where each line contains the following information: You can also reference the name of a filter that matches the messages, see Using filters as selector. -- The name of the name-value pair that syslog-ng OSE adds to matching +- The name of the name-value pair that {{ site.product.short_name }} adds to matching log messages. -- The value of the name-value pairs. Starting with syslog-ng OSE +- The value of the name-value pairs. Starting with {{ site.product.short_name }} version 3.22, the value of the name-value pair can be a template or a template function, for example, \"selector3,name,$(echo ${HOST_FROM})\"; @@ -52,7 +52,7 @@ in the database for each name-value pair, for example: 192.168.1.1,contact-email,johndoe@example.com ``` -Technically, add-contextual-data() is a parser in syslog-ng OSE so you +Technically, add-contextual-data() is a parser in {{ site.product.short_name }} so you have to define it as a parser object. **Declaration** @@ -69,9 +69,9 @@ parser p_add_context_data { You can also add data to messages that do not have a matching selector entry in the database using the **default-selector()** option. -If you modify the database file, you have to reload syslog-ng OSE for -the changes to take effect. If reloading syslog-ng OSE or the database -file fails for some reason, syslog-ng OSE will keep using the last +If you modify the database file, you have to reload {{ site.product.short_name }} for +the changes to take effect. If reloading {{ site.product.short_name }} or the database +file fails for some reason, {{ site.product.short_name }} will keep using the last working database file. ### Example: Adding metadata from a CSV file diff --git a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/000_Referring_to_parts_of_the_message_as_a_macro.md b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/000_Referring_to_parts_of_the_message_as_a_macro.md index 134aacf7..421f0ad3 100644 --- a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/000_Referring_to_parts_of_the_message_as_a_macro.md +++ b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/000_Referring_to_parts_of_the_message_as_a_macro.md @@ -29,6 +29,6 @@ To look up all keys: For a more complete list of keys, you can also check the GeoIP2 City and Country CSV Databases. -However, note that the syslog-ng OSE application works with the mmdb +However, note that the {{ site.product.short_name }} application works with the mmdb (GeoIP2) format of these databases. Other formats, like csv are not supported. diff --git a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/001_Using_the_geoip2_parser.md b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/001_Using_the_geoip2_parser.md index 408cecd4..8d083b5d 100644 --- a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/001_Using_the_geoip2_parser.md +++ b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/001_Using_the_geoip2_parser.md @@ -15,7 +15,7 @@ parser parser_name { }; ``` -In the following example, syslog-ng OSE retrieves the GeoIP2 data of the +In the following example, {{ site.product.short_name }} retrieves the GeoIP2 data of the IP address contained in the ${HOST} field of the incoming message (assuming that in this case the ${HOST} field contains an IP address), and includes the data (prefixed with the geoip2 string) in the output diff --git a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/003_geoip2_parser_options.md b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/003_geoip2_parser_options.md index 16defd0c..60777236 100644 --- a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/003_geoip2_parser_options.md +++ b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/003_geoip2_parser_options.md @@ -13,10 +13,10 @@ The geoip2 parser has the following options. ## database() *Description:* Path to the GeoIP2 database to use. This works with -absolute and relative paths as well. Note that syslog-ng OSE must have +absolute and relative paths as well. Note that {{ site.product.short_name }} must have the required privileges to read this file. Do not modify or delete this -file while syslog-ng OSE is running, it can crash syslog-ng OSE. +file while {{ site.product.short_name }} is running, it can crash {{ site.product.short_name }}. -Starting with version 3.24, syslog-ng OSE tries to automatically detect +Starting with version 3.24, {{ site.product.short_name }} tries to automatically detect the location of the database. If that is successful, the database() option is not mandatory. diff --git a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/README.md b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/README.md index e7b5c9e7..a947725a 100644 --- a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/README.md +++ b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/001_Looking_up_geoip2_data/README.md @@ -2,15 +2,15 @@ title: Looking up GeoIP2 data from IP addresses id: adm-enrich-geoip description: >- - The syslog-ng OSE application can lookup IP addresses from an offline + The {{ site.product.short_name }} application can lookup IP addresses from an offline GeoIP2 database, and make the retrieved data available in name-value pairs. Depending on the database used, you can access country code, longitude, and latitude information and so on. --- -The syslog-ng OSE application works with the Country and the City +The {{ site.product.short_name }} application works with the Country and the City version of the GeoIP2 database, both free and the commercial editions. -The syslog-ng OSE application works with the mmdb (GeoIP2) format of +The {{ site.product.short_name }} application works with the mmdb (GeoIP2) format of these databases. Other formats, like csv are not supported. **NOTE:** To access longitude and latitude information, download the City @@ -36,6 +36,6 @@ Unzip the downloaded database (for example, to the /usr/share/GeoIP2/GeoIP2City.mmdb file). This path will be used later in the configuration. -Starting with version 3.24, syslog-ng OSE tries to automatically detect +Starting with version 3.24, {{ site.product.short_name }} tries to automatically detect the location of the database. If that is successful, the database() option is not mandatory. diff --git a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/README.md b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/README.md index 8f80a807..48e1b337 100644 --- a/doc/_admin-guide/140_Enriching_log_messages_with_external_data/README.md +++ b/doc/_admin-guide/140_Enriching_log_messages_with_external_data/README.md @@ -4,13 +4,13 @@ id: adm-enrich description: >- To properly interpret the events that the log messages describe, you must be able to handle log messages as part of a system of events, - instead of individual information chunks. The syslog-ng OSE application + instead of individual information chunks. The {{ site.product.short_name }} application allows you to import data from external sources to include in the log messages, thus extending, enriching, and complementing the data found in the log message. --- -The syslog-ng OSE application currently provides the following +The {{ site.product.short_name }} application currently provides the following possibilities to enrich log messages. - You can add name-value pairs from an external CSV file. For details, diff --git a/doc/_admin-guide/150_Statistics_of_syslog-ng/000_Metrics_and_counters.md b/doc/_admin-guide/150_Statistics_of_syslog-ng/000_Metrics_and_counters.md index fd537355..3e5352dd 100644 --- a/doc/_admin-guide/150_Statistics_of_syslog-ng/000_Metrics_and_counters.md +++ b/doc/_admin-guide/150_Statistics_of_syslog-ng/000_Metrics_and_counters.md @@ -1,9 +1,9 @@ --- -title: Metrics and counters of syslog-ng OSE +title: Metrics and counters of {{ site.product.short_name }} id: adm-stats-metrics --- -You can list all active metrics on your syslog-ng OSE host using the +You can list all active metrics on your {{ site.product.short_name }} host using the following command (this lists the metrics, without their current values): **syslog-ng-ctl query list \"\*\"** @@ -14,7 +14,7 @@ The displayed metrics have the following structure. 1. The type of the object (for example, dst.file, tag, src.facility) -2. The ID of the object used in the syslog-ng configuration file, for +2. The ID of the object used in the {{ site.product.short_name }} configuration file, for example, d\_internal or source.src\_tcp. The \#0 part means that this is the first destination in the destination group. @@ -57,7 +57,7 @@ The displayed metrics have the following structure. >src.host;;localhost;d;processed;4 >src.host;;localhost;d;stamp;1509121934 - To avoid performance issues or even overloading syslog-ng OSE, + To avoid performance issues or even overloading {{ site.product.short_name }}, you might want to limit the number of registered dynamic counters in the message statistics. To do this, configure the max-dynamics() parameter of the stats() global option. @@ -65,14 +65,14 @@ The displayed metrics have the following structure. - **o** - This object was once active, but stopped receiving messages. (For example, a dynamic object may disappear and become orphan.) - **NOTE:** The syslog-ng OSE application stores the statistics of the - objects when syslog-ng OSE is reloaded. However, if the - configuration of syslog-ng OSE was changed since the last + **NOTE:** The {{ site.product.short_name }} application stores the statistics of the + objects when {{ site.product.short_name }} is reloaded. However, if the + configuration of {{ site.product.short_name }} was changed since the last reload, the statistics of orphaned objects are deleted. {: .notice--info} 5. The connections statistics counter displays the number of - connections tracked by syslog-ng OSE for the selected source driver. + connections tracked by {{ site.product.short_name }} for the selected source driver. Example: sample configuration and statistics output @@ -100,7 +100,7 @@ The displayed metrics have the following structure. - **batch\_size\_avg**: When batching is enabled, then this shows the current average batch size of the given source or destination. - **NOTE:** In version 3.36, syslog-ng OSE only supports the + **NOTE:** In version 3.36, {{ site.product.short_name }} only supports the batch\_size\_avg for the http() destination. {: .notice--info} @@ -108,7 +108,7 @@ The displayed metrics have the following structure. batch\_size\_max shows the current largest batch size of the given source or destination. - **NOTE:** In version 3.36, syslog-ng OSE only supports the + **NOTE:** In version 3.36, {{ site.product.short_name }} only supports the batch\_size\_max for the http() destination. {: .notice--info} @@ -118,17 +118,17 @@ The displayed metrics have the following structure. >parser;demo_parser;;a;discarded;20 - - **dropped**: The number of dropped messages --- syslog-ng OSE could + - **dropped**: The number of dropped messages --- {{ site.product.short_name }} could not send the messages to the destination and the output buffer got full, so messages were dropped by the destination driver, or - syslog-ng OSE dropped the message for some other reason (for + {{ site.product.short_name }} dropped the message for some other reason (for example, a parsing error). - **eps\_last\_1h**: The EPS value of the past 1 hour. - **eps\_last\_24h**: The EPS value of the past 24 hours. - - **eps\_since\_start**: The EPS value since the current syslog-ng OSE + - **eps\_since\_start**: The EPS value since the current {{ site.product.short_name }} start. >**NOTE:** When using the eps\_last\_1h, the eps\_last\_24h, and the @@ -162,7 +162,7 @@ The displayed metrics have the following structure. >dst.network;d_net#0;tcp,127.0.0.1:9999;a;memory_usage;0 **NOTE:** The memory usage (size) of queues is not equal to the - memory usage (size) of the log messages in syslog-ng OSE. A log + memory usage (size) of the log messages in {{ site.product.short_name }}. A log message can be in multiple queues, thus its size is added to multiple queue sizes. To check the size of all log messages, use global.msg\_allocated\_bytes.value metric. @@ -218,18 +218,18 @@ The displayed metrics have the following structure. - **written**: The number of messages successfully delivered to the destination. This value is calculated from other counters: written = processed - queued - dropped. That is, the number of - messages syslog-ng OSE passed to the destination driver + messages {{ site.product.short_name }} passed to the destination driver (processed) minus the number of messages that are still in the output queue of the destination driver (queued) and the number of messages dropped because of an error (dropped, for example, - because syslog-ng OSE could not deliver the message to the + because {{ site.product.short_name }} could not deliver the message to the destination and exceeded the number of retries). This metric is calculated from other metrics. You cannot reset this metric directly: to reset it, you have to reset the metrics it is calculated from. - >**NOTE:** Consider that for syslog-ng OSE version 3.36, the following + >**NOTE:** Consider that for {{ site.product.short_name }} version 3.36, the following >statistics counters are only supported for the http() destination, >or the http() destination and all network() sources and >destinations, and all file() sources and destinations, respectively: diff --git a/doc/_admin-guide/150_Statistics_of_syslog-ng/001_Log_statistic_from_internal_source.md b/doc/_admin-guide/150_Statistics_of_syslog-ng/001_Log_statistic_from_internal_source.md index 90c4473c..c1d911af 100644 --- a/doc/_admin-guide/150_Statistics_of_syslog-ng/001_Log_statistic_from_internal_source.md +++ b/doc/_admin-guide/150_Statistics_of_syslog-ng/001_Log_statistic_from_internal_source.md @@ -3,12 +3,12 @@ title: Log statistics from the internal() source id: adm-stats-internal description: >- If the stats-freq() global option is higher than 0, - syslog-ng OSE periodically sends a log statistics message. This + {{ site.product.short_name }} periodically sends a log statistics message. This message contains statistics about the received messages, and about any lost messages since the last such message. It includes a processed entry for every source and destination, listing the number of messages received or sent, and a dropped entry including the IP address of the - server for every destination where syslog-ng has lost messages. The + server for every destination where {{ site.product.short_name }} has lost messages. The center(received) entry shows the total number of messages received from every configured sources. --- diff --git a/doc/_admin-guide/150_Statistics_of_syslog-ng/README.md b/doc/_admin-guide/150_Statistics_of_syslog-ng/README.md index 25ea9a31..37ffdea2 100644 --- a/doc/_admin-guide/150_Statistics_of_syslog-ng/README.md +++ b/doc/_admin-guide/150_Statistics_of_syslog-ng/README.md @@ -2,11 +2,11 @@ title: Statistics of syslog-ng id: adm-stats description: >- - The syslog-ng OSE application collects various statistics and measures + The {{ site.product.short_name }} application collects various statistics and measures different metrics about the messages it receives and delivers. These metrics are collected into different counters, depending on the - configuration of syslog-ng OSE. The stats-level() - global option determines exactly which statistics syslog-ng OSE collects. + configuration of {{ site.product.short_name }}. The stats-level() + global option determines exactly which statistics {{ site.product.short_name }} collects. You can access these statistics and metrics using the following methods. --- @@ -16,7 +16,7 @@ description: >- query command. For further information about using syslog-ng-ctl commands, see - The syslog-ng manual pages. + The {{ site.product.short_name }} manual pages. ## Legacy: Unstructured, bulk methods @@ -25,7 +25,7 @@ description: >- - Using the syslog-ng-ctl stats command. For further information about using syslog-ng-ctl commands, see - The syslog-ng manual pages. + The {{ site.product.short_name }} manual pages. - Use the socat application: diff --git a/doc/_admin-guide/160_Multithreading_and_scaling/000_Multithreading_concepts.md b/doc/_admin-guide/160_Multithreading_and_scaling/000_Multithreading_concepts.md index 5fa3bf46..d6cdb0b9 100644 --- a/doc/_admin-guide/160_Multithreading_and_scaling/000_Multithreading_concepts.md +++ b/doc/_admin-guide/160_Multithreading_and_scaling/000_Multithreading_concepts.md @@ -1,17 +1,17 @@ --- -title: Multithreading concepts of syslog-ng OSE +title: Multithreading concepts of {{ site.product.short_name }} id: adm-multithread-concept description: >- - This section is a brief overview on how syslog-ng OSE works in + This section is a brief overview on how {{ site.product.short_name }} works in multithreaded mode. It is mainly for illustration purposes: the concept has been somewhat simplified and may not completely match reality. --- -**NOTE:** The way syslog-ng OSE uses multithreading may change in future +**NOTE:** The way {{ site.product.short_name }} uses multithreading may change in future releases. The current documentation applies to version 3.38. {: .notice--info} -syslog-ng OSE always uses multiple threads: +{{ site.product.short_name }} always uses multiple threads: - A main thread that is always running @@ -22,23 +22,22 @@ syslog-ng OSE always uses multiple threads: - Some other, special threads for internal functionalities. For example, certain destinations run in a separate thread, independently of the multithreading (threaded()) and - \--worker-threads settings of syslog-ng OSE. + \--worker-threads settings of {{ site.product.short_name }}. -The maximum number of worker threads syslog-ng OSE uses is the number of -CPUs or cores in the host running syslog-ng OSE (up to 64). You can +The maximum number of worker threads {{ site.product.short_name }} uses is the number of +CPUs or cores in the host running {{ site.product.short_name }} (up to 64). You can limit this value using the **\--worker-threads** command-line option -that sets the maximum total number of threads syslog-ng OSE can use, -including the main syslog-ng OSE thread. However, the \--worker-threads -option does not affect the supervisor of syslog-ng OSE. The supervisor -is a separate process (see The syslog-ng manual page, +that sets the maximum total number of threads {{ site.product.short_name }} can use, +including the main {{ site.product.short_name }} thread. However, the \--worker-threads +option does not affect the supervisor of {{ site.product.short_name }}. The supervisor +is a separate process (see The {{ site.product.short_name }} manual page, but certain operating systems might display it as a thread. In addition, certain destinations always run in a separate thread, independently of the multithreading (threaded()) and \--worker-threads -settings of syslog-ng OSE. +settings of {{ site.product.short_name }}. -When an event requiring a new thread occurs (for example, syslog-ng OSE -receives new messages, or a destination becomes available), syslog-ng -OSE tries to start a new thread. If there are no free threads, the task +When an event requiring a new thread occurs (for example, {{ site.product.short_name }} +receives new messages, or a destination becomes available), {{ site.product.short_name }} tries to start a new thread. If there are no free threads, the task waits until a thread finishes its task and becomes available. There are two types of worker threads: @@ -72,7 +71,7 @@ destinations. limited by the max-connections() option of the source. Separate sources are processed by separate thread, for example, if you have two separate tcp sources defined that receive messages on different - IP addresses or port, syslog-ng OSE will use separate threads for + IP addresses or port, {{ site.product.short_name }} will use separate threads for these sources even if they both have only a single active connection. @@ -89,7 +88,7 @@ destinations. ## Sources and destinations not affected by multithreading The following list describes sources and destinations that use a -separate thread even if you disable multithreading in syslog-ng OSE, in +separate thread even if you disable multithreading in {{ site.product.short_name }}, in addition to the limit set in the \--worker-threads command-line option. - Every sql destination uses its own thread. These threads are diff --git a/doc/_admin-guide/160_Multithreading_and_scaling/001_Configuring_multithreading.md b/doc/_admin-guide/160_Multithreading_and_scaling/001_Configuring_multithreading.md index 55c344f5..e52da50f 100644 --- a/doc/_admin-guide/160_Multithreading_and_scaling/001_Configuring_multithreading.md +++ b/doc/_admin-guide/160_Multithreading_and_scaling/001_Configuring_multithreading.md @@ -2,11 +2,11 @@ title: Configuring multithreading id: adm-multithread-config description: >- - Starting with version 3.6, syslog-ng OSE runs in multithreaded mode by + Starting with version 3.6, {{ site.product.short_name }} runs in multithreaded mode by default. --- -You can enable multithreading in syslog-ng OSE using the +You can enable multithreading in {{ site.product.short_name }} using the following methods: - Globally using the **threaded(yes)** option. diff --git a/doc/_admin-guide/160_Multithreading_and_scaling/002_Optimizing_performance.md b/doc/_admin-guide/160_Multithreading_and_scaling/002_Optimizing_performance.md index ed021513..a0879cad 100644 --- a/doc/_admin-guide/160_Multithreading_and_scaling/002_Optimizing_performance.md +++ b/doc/_admin-guide/160_Multithreading_and_scaling/002_Optimizing_performance.md @@ -16,14 +16,14 @@ process messages from different connections (clients) in separate threads. If the source cannot use multiple threads to process the messages, the operations will not scale. -To improve the processing power of syslog-ng OSE and scale to more +To improve the processing power of {{ site.product.short_name }} and scale to more processors, use the following methods: - To improve scaling on the source side, use more sources, for example, more source files, or receive the messages from more parallel connections. For network sources, you can also configure a part of your clients to send the messages to a different port of - your syslog-ng server, and use separate source definitions for each + your {{ site.product.short_name }} server, and use separate source definitions for each port. - On the destination side, when writing the log messages to files, use @@ -33,6 +33,6 @@ processors, use the following methods: - On the destination side, when sending messages to a syslog-ng server, you can use multiple connections to the server if you - configure the syslog-ng server to receive messages on multiple + configure the {{ site.product.short_name }} server to receive messages on multiple ports, and configure separate destinations on the clients to use both ports. diff --git a/doc/_admin-guide/160_Multithreading_and_scaling/README.md b/doc/_admin-guide/160_Multithreading_and_scaling/README.md index 3fbd7575..e4ae5a3e 100644 --- a/doc/_admin-guide/160_Multithreading_and_scaling/README.md +++ b/doc/_admin-guide/160_Multithreading_and_scaling/README.md @@ -1,9 +1,9 @@ --- -title: 'Multithreading and scaling in syslog-ng OSE' +title: 'Multithreading and scaling in {{ site.product.short_name }}' short_title: Multithreading and scaling id: adm-multithread description: >- - Starting with version 3.3, syslog-ng OSE can process sources and + Starting with version 3.3, {{ site.product.short_name }} can process sources and destinations in multithreaded mode to scale to multiple CPUs or cores for increased performance. Starting with version 3.6, this multithreaded mode is the default. diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/000_Possible_causes_of_losing_log_messages.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/000_Possible_causes_of_losing_log_messages.md index 154c4cd8..006793be 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/000_Possible_causes_of_losing_log_messages.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/000_Possible_causes_of_losing_log_messages.md @@ -4,9 +4,9 @@ id: adm-debug-causes description: >- During the course of a message from the sending application to the final destination of the message, there are a number of locations where a - message may be lost, even though syslog-ng does its best to avoid + message may be lost, even though {{ site.product.short_name }} does its best to avoid message loss. Usually losing messages can be avoided with careful - planning and proper configuration of syslog-ng and the hosts running + planning and proper configuration of {{ site.product.short_name }} and the hosts running syslog-ng. --- @@ -14,14 +14,14 @@ The following list shows the possible locations where messages may be lost, and provides methods to minimize the risk of losing messages: -- Between the application and the syslog-ng client: Make sure to use +- Between the application and the {{ site.product.short_name }} client: Make sure to use an appropriate source to receive the logs from the application (for example, from /dev/log). For example, use **unix-stream** instead of unix-dgram whenever possible. -- When syslog-ng is sending messages: If syslog-ng cannot send +- When {{ site.product.short_name }} is sending messages: If {{ site.product.short_name }} cannot send messages to the destination and the output buffer gets full, - syslog-ng will drop messages. + {{ site.product.short_name }} will drop messages. Use flags (flow-control) to avoid this (for details, see Configuring flow-control. @@ -30,7 +30,7 @@ losing messages: see Destination queue full in Error messages. The number of dropped messages is displayed per destination in the - log message statistics of syslog-ng (for details, see + log message statistics of {{ site.product.short_name }} (for details, see Statistics of syslog-ng. - On the network: When transferring messages using the UDP protocol, @@ -43,33 +43,33 @@ losing messages: the receiving host placed in a memory area called the socket receive buffer. If the host receives more messages than it can process, this area overflows, and the kernel drops messages without letting - syslog-ng know about it. Using TCP instead of UDP prevents this + {{ site.product.short_name }} know about it. Using TCP instead of UDP prevents this issue. If you must use the UDP protocol, increase the size of the receive buffer using the so-rcvbuf() option. -- When syslog-ng is receiving messages: +- When {{ site.product.short_name }} is receiving messages: - - The receiving syslog-ng (for example, the syslog-ng server or + - The receiving {{ site.product.short_name }} (for example, the {{ site.product.short_name }} server or relay) may drop messages if the fifo of the destination file gets full. The number of dropped messages is displayed per - destination in the log message statistics of syslog-ng (for + destination in the log message statistics of {{ site.product.short_name }} (for details, see Statistics of syslog-ng. -- When the destination cannot handle large load: When syslog-ng is +- When the destination cannot handle large load: When {{ site.product.short_name }} is sending messages at a high rate into an SQL database, a file, or another destination, it is possible that the destination cannot handle the load, and processes the messages slowly. As a result, the - buffers of syslog-ng fill up, syslog-ng cannot process the incoming + buffers of {{ site.product.short_name }} fill up, {{ site.product.short_name }} cannot process the incoming messages, and starts to loose messages. For details, see the previous entry. Use the throttle parameter to avoid this problem. -- As a result of an unclean shutdown of the syslog-ng server: If the - host running the syslog-ng server experiences an unclean shutdown, +- As a result of an unclean shutdown of the {{ site.product.short_name }} server: If the + host running the {{ site.product.short_name }} server experiences an unclean shutdown, it takes time until the clients realize that the connection to the - syslog-ng server is down. Messages that are put into the output TCP + {{ site.product.short_name }} server is down. Messages that are put into the output TCP buffer of the clients during this period are not sent to the server. -- When syslog-ng OSE is writing messages into files: If syslog-ng OSE +- When {{ site.product.short_name }} is writing messages into files: If {{ site.product.short_name }} receives a signal (SIG) while writing log messages to file, the log message that is processed by the *write* call can be lost if the flush\_lines parameter is higher than 1. diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/001_Creating_core_files.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/001_Creating_core_files.md index 4175751f..779288c6 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/001_Creating_core_files.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/001_Creating_core_files.md @@ -1,8 +1,8 @@ --- -title: Creating syslog-ng core files +title: Creating {{ site.product.short_name }} core files id: adm-debug-core description: >- - When syslog-ng crashes for some reason, it can create a core file that + When {{ site.product.short_name }} crashes for some reason, it can create a core file that contains important troubleshooting information. --- @@ -18,14 +18,14 @@ To enable core files, complete the following procedure: ulimit -c unlimited ``` -2. Verify that syslog-ng has permissions to write the directory it is +2. Verify that {{ site.product.short_name }} has permissions to write the directory it is started from, for example, /opt/syslog-ng/sbin/. -3. If syslog-ng crashes, it will create a core file in the directory - syslog-ng was started from. +3. If {{ site.product.short_name }} crashes, it will create a core file in the directory + {{ site.product.short_name }} was started from. -4. To test that syslog-ng can create a core file, you can create a - crash manually. For this, determine the PID of syslog-ng (for +4. To test that {{ site.product.short_name }} can create a core file, you can create a + crash manually. For this, determine the PID of {{ site.product.short_name }} (for example, using the `ps -All | grep syslog-ng` command), then issue the following command: `kill -ABRT ` diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/002_Collecting_debug_info.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/002_Collecting_debug_info.md index b08e6bb3..bb56f9a7 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/002_Collecting_debug_info.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/002_Collecting_debug_info.md @@ -4,14 +4,14 @@ short_title: Collecting debugging info id: adm-debug-info description: >- To properly troubleshoot certain situations, it can be useful to trace - which system calls syslog-ng OSE performs. How this is performed depends - on the platform running syslog-ng OSE. + which system calls {{ site.product.short_name }} performs. How this is performed depends + on the platform running {{ site.product.short_name }}. --- In general, note the following points: -- When syslog-ng OSE is started, a supervisor process might stay in - the foreground, while the actual syslog-ng daemon goes to the +- When {{ site.product.short_name }} is started, a supervisor process might stay in + the foreground, while the actual {{ site.product.short_name }} daemon goes to the background. Always trace the background process. - Apart from the system calls, the time between two system calls can @@ -26,10 +26,10 @@ In general, note the following points: - When using strace, also record the output of lsof to see which files are accessed. -The following are examples for tracing system calls of syslog-ng on some +The following are examples for tracing system calls of {{ site.product.short_name }} on some platforms. The output is saved into the /tmp/syslog-ng-trace.txt file, -sufficed with the PID of the related syslog-ng process.The path of the -syslog-ng binary may be different for your installation, as +sufficed with the PID of the related {{ site.product.short_name }} process.The path of the +{{ site.product.short_name }} binary may be different for your installation, as distribution-specific packages may use different paths. - *Linux* @@ -50,6 +50,6 @@ distribution-specific packages may use different paths. truss -f -o /tmp/syslog-ng-trace.txt -r all -w all -u libc:: /opt/syslog-ng/sbin/syslog-ng -d -d -d ``` -**TIP:** To execute these commands on an already running syslog-ng OSE +**TIP:** To execute these commands on an already running {{ site.product.short_name }} process, use the **-p \** parameter. {: .notice--info} diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/003_Running_a_failure_script.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/003_Running_a_failure_script.md index c39eb4c9..57838deb 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/003_Running_a_failure_script.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/003_Running_a_failure_script.md @@ -2,7 +2,7 @@ title: Running a failure script id: adm-debug-script description: >- - You can create a failure script that is executed when syslog-ng OSE + You can create a failure script that is executed when {{ site.product.short_name }} terminates abnormally, that is, when it exits with a non-zero exit code. For example, you can use this script to send an automatic email notification. @@ -47,7 +47,7 @@ To create a sample failure script, complete the following steps. kill -KILL; sleep 0.5; cat /tmp/test.txt ``` - The command starts syslog-ng OSE in safe-background mode (which is + The command starts {{ site.product.short_name }} in safe-background mode (which is needed to use the failure script) and then kills it. You should see that the relevant information is written into the /tmp/test.txt file, for example: @@ -67,7 +67,7 @@ To create a sample failure script, complete the following steps. 4. You should also see messages similar to the following in system syslog. The exact message depends on the signal (or the reason why - syslog-ng OSE stopped): + {{ site.product.short_name }} stopped): >May 18 13:56:09 myhost supervise/syslog-ng[10820]: Daemon exited gracefully, not restarting; exitcode='0' >May 18 13:57:01 myhost supervise/syslog-ng[10996]: Daemon exited due to a deadlock/signal/failure, restarting; exitcode='131' diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/005_Reporting_bugs.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/005_Reporting_bugs.md index 7e7ef434..c27e58a0 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/005_Reporting_bugs.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/005_Reporting_bugs.md @@ -4,7 +4,7 @@ id: adm-debug-report description: >- If you need help, want to open a support ticket, or report a bug, we recommend using the **syslog-ng-debun** tool to collect information - about your environment and syslog-ng OSE version. For details, see the + about your environment and {{ site.product.short_name }} version. For details, see the *syslog-ng-debun manual page*. For support contacts, see Technical support resources. --- diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/006_Recovering_orphaned_diskbuffers.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/006_Recovering_orphaned_diskbuffers.md index e154cd87..fa53b5ce 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/006_Recovering_orphaned_diskbuffers.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/006_Recovering_orphaned_diskbuffers.md @@ -2,10 +2,10 @@ title: Recover data from orphaned diskbuffer files id: adm-debug-diskbuff-recover description: >- - When you change the configuration of a syslog-ng OSE host that uses - disk-based buffering (also called disk queue), syslog-ng OSE may start + When you change the configuration of a {{ site.product.short_name }} host that uses + disk-based buffering (also called disk queue), {{ site.product.short_name }} may start new disk buffer files for the destinations that you have changed. In - this case, syslog-ng OSE abandons the old disk queue files. If there + this case, {{ site.product.short_name }} abandons the old disk queue files. If there were unsent log messages in the disk queue files, these messages remain in the disk queue files, and will not be sent to the destinations. --- diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/007_Unusual_storage_directory.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/007_Unusual_storage_directory.md index c815922d..793f83ea 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/007_Unusual_storage_directory.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/007_Unusual_storage_directory.md @@ -5,14 +5,14 @@ id: adm-debug-unusual-storage description: >- Security-Enhanced Linux (SELinux) is a set of kernel and user-space tools enforcing strict access control policies. SELinux rules in Linux - distributions cover all aspects of the syslog-ng configuration coming in - the syslog-ng package available in the distribution. But as soon as an + distributions cover all aspects of the {{ site.product.short_name }} configuration coming in + the {{ site.product.short_name }} package available in the distribution. But as soon as an unusual port number or directory name is specified in the configuration, - syslog-ng fails to work even with a completely legitimate configuration. + {{ site.product.short_name }} fails to work even with a completely legitimate configuration. --- -When you choose to save logs of a central syslog-ng OSE server to a +When you choose to save logs of a central {{ site.product.short_name }} server to a directory other than the /var/log directory, logs will not start appearing on the newly configured directory. For details on how to fix this issue, see section Using a different storage directoryin the blog -post titled Using syslog-ng with SELinux in enforcing mode. +post titled Using {{ site.product.short_name }} with SELinux in enforcing mode. diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/008_Unusual_port_number.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/008_Unusual_port_number.md index 01d970ad..a3d8a279 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/008_Unusual_port_number.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/008_Unusual_port_number.md @@ -5,14 +5,14 @@ id: adm-debug-unusual-port description: >- Security-Enhanced Linux (SELinux) is a set of kernel and user-space tools enforcing strict access control policies. SELinux rules in Linux - distributions cover all aspects of the syslog-ng configuration coming in - the syslog-ng package available in the distribution. But as soon as an + distributions cover all aspects of the {{ site.product.short_name }} configuration coming in + the {{ site.product.short_name }} package available in the distribution. But as soon as an unusual port number or directory name is specified in the configuration, - syslog-ng fails to work even with a completely legitimate configuration. + {{ site.product.short_name }} fails to work even with a completely legitimate configuration. --- By default, SELinux only allows connections to the default syslog ports. When you have to use any other port for some reason, sending logs to that port will not work. For details on how to fix this issue, see section Using a different portin the blog post titled -Using syslog-ng with SELinux in enforcing mode. +Using {{ site.product.short_name }} with SELinux in enforcing mode. diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/009_Error_messages.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/009_Error_messages.md index e9159d47..c35bf643 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/009_Error_messages.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/009_Error_messages.md @@ -8,8 +8,8 @@ This section describes the most common error messages. ## Destination queue full | Error message: | Destination queue full, dropping messages; queue_len='10000', log_fifo_size='10000' count='4', persist_name='afsocket_dd_qfile(stream,serverdown:514)' | -| Description: | This message indicates message loss. Flow-control must be enabled in the log path. When flow-control is enabled, syslog-ng will stop reading messages from the sources of the log statement if the destinations are not able to process the messages at the required speed. If flow-control is enabled, syslog-ng will only drop messages if the destination queues/window sizes are improperly sized. -| Solution: | Enable flow-control in the log path. If flow-control is disabled, syslog-ng will drop messages if the destination queues are full. Note that syslog-ng will drop messages even if the server is alive. If the remote server accepts logs at a slower rate than the sender syslog-ng receives them, the sender syslog-ng will fill up the destination queue, then drop the newer messages. Sometimes this error occurs only at a specific time interval, for example, only between`7:00`AM and`8:00`AM or between`16:00`PM and`17:00`PM when your users log in or log off and that generates a lot of messages within a short interval. | +| Description: | This message indicates message loss. Flow-control must be enabled in the log path. When flow-control is enabled, {{ site.product.short_name }} will stop reading messages from the sources of the log statement if the destinations are not able to process the messages at the required speed. If flow-control is enabled, {{ site.product.short_name }} will only drop messages if the destination queues/window sizes are improperly sized. +| Solution: | Enable flow-control in the log path. If flow-control is disabled, {{ site.product.short_name }} will drop messages if the destination queues are full. Note that {{ site.product.short_name }} will drop messages even if the server is alive. If the remote server accepts logs at a slower rate than the sender {{ site.product.short_name }} receives them, the sender {{ site.product.short_name }} will fill up the destination queue, then drop the newer messages. Sometimes this error occurs only at a specific time interval, for example, only between`7:00`AM and`8:00`AM or between`16:00`PM and`17:00`PM when your users log in or log off and that generates a lot of messages within a short interval. | For more information, see Managing incoming and outgoing messages with flow-control @@ -17,12 +17,12 @@ For more information, see Managing incoming and outgoing messages with flow-cont | Error message: | SSL error while writing stream; tls_error='SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca' | | Description: | This message indicates that the other (remote) side could not verify the certificate sent by syslog-ng.| -| Solution: | Check the logs on the remote site and identify why the receiving syslog-ng could not find the CA certificate that signed this certificate. | +| Solution: | Check the logs on the remote site and identify why the receiving {{ site.product.short_name }} could not find the CA certificate that signed this certificate. | ## PEM routines:PEM\_read\_bio:no start line | Error message: | testuser@thor-x1:~ cert_no_start_line/certs$ openssl x509 -in cert.pem -text unable to load certificate 140178126276248: error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: TRUSTED CERTIFICATE | -| Description: | The error message is displayed when using Transport Layer Security (TLS). The syslog-ng application uses OpenSSL for TLS and this message indicates that the certificate contains characters that OpenSSL cannot process. The error occurs when the certificate comes from Windows and you want to use it on a Linux-based computer. On Windows, the end of line (EOL) character is different (\\r\\n) compared to Linux (\\n). To verify this, open the certificate in a text editor, for example, MCEdit. Notice the \^M characters as shown in the image below: | +| Description: | The error message is displayed when using Transport Layer Security (TLS). The {{ site.product.short_name }} application uses OpenSSL for TLS and this message indicates that the certificate contains characters that OpenSSL cannot process. The error occurs when the certificate comes from Windows and you want to use it on a Linux-based computer. On Windows, the end of line (EOL) character is different (\\r\\n) compared to Linux (\\n). To verify this, open the certificate in a text editor, for example, MCEdit. Notice the \^M characters as shown in the image below: | || **Figure 24: Example of OpenSSL character processing error** ![]({{ adm_img_folder | append: '/170_Troubleshooting_syslog-ng/openssl_char_proc.png' }})| |Solution: | On Windows, save the certificate using UTF-8, for example, using Notepad++.| diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/010_SELinux.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/010_SELinux.md index 3b12efc0..c52da260 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/010_SELinux.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/010_SELinux.md @@ -1,10 +1,10 @@ --- -title: SELinux prevents syslog-ng OSE from using the execmem access on a process +title: SELinux prevents {{ site.product.short_name }} from using the execmem access on a process short_title: Using execmem prevented by SELinux id: adm-debug-selinux --- -If you are using a recent enough PCRE library, syslog-ng OSE will +If you are using a recent enough PCRE library, {{ site.product.short_name }} will automatically use the JIT of the regexp engine, which will result in a similar error: diff --git a/doc/_admin-guide/170_Troubleshooting_syslog-ng/README.md b/doc/_admin-guide/170_Troubleshooting_syslog-ng/README.md index 716b8aab..d1163c70 100644 --- a/doc/_admin-guide/170_Troubleshooting_syslog-ng/README.md +++ b/doc/_admin-guide/170_Troubleshooting_syslog-ng/README.md @@ -7,7 +7,7 @@ description: >- --- - As a general rule, first try to log the messages to a local file. - Once this is working, you know that syslog-ng is running correctly + Once this is working, you know that {{ site.product.short_name }} is running correctly and receiving messages, and you can proceed to forwarding the messages to the server. @@ -15,7 +15,7 @@ description: >- the client and the server using the **syslog-ng \--syntax-only** command. -- If the syslog-ng OSE server does not receive the messages, verify +- If the {{ site.product.short_name }} server does not receive the messages, verify that the IP addresses and ports are correct in your sources and destinations. Also, check that the client and the server uses the same protocol (a common error is to send logs on UDP, but configure @@ -25,34 +25,34 @@ description: >- tool on the client to verify that the messages are sent correctly, and on the server to verify that it receives the messages. -- To find message-routing problems, run syslog-ng OSE with the - following command **syslog-ng -Fevd**. That way syslog-ng OSE will +- To find message-routing problems, run {{ site.product.short_name }} with the + following command **syslog-ng -Fevd**. That way {{ site.product.short_name }} will run in the foreground, and display debug messages about the messages that are processed. -- If syslog-ng is closing the connections for no apparent reason, be +- If {{ site.product.short_name }} is closing the connections for no apparent reason, be sure to check the log messages of syslog-ng. You may also want to - run syslog-ng with the **\--verbose** or **\--debug** command-line + run {{ site.product.short_name }} with the **\--verbose** or **\--debug** command-line options for more-detailed log messages. You can enable these - messages without restarting syslog-ng using the **syslog-ng-ctl + messages without restarting {{ site.product.short_name }} using the **syslog-ng-ctl verbose \--set=on** command. For details, see the syslog-ng-ctl man - page at The syslog-ng control tool manual page. + page at The {{ site.product.short_name }} control tool manual page. - Build up encrypted connections step-by-step. First create a working, unencrypted (for example, TCP) connection, then add TLS encryption, and finally, client authentication if needed. - If you use the same driver and options in the destination of your - syslog-ng OSE client and the source of your syslog-ng OSE server, + {{ site.product.short_name }} client and the source of your {{ site.product.short_name }} server, everything should work as expected. Unfortunately, there are some other combinations, that may seem to work, but result in losing parts of the messages. For details on the working combinations, see - Things to consider when forwarding messages between syslog-ng OSE hosts. + Things to consider when forwarding messages between {{ site.product.short_name }} hosts. - In case you experience a problem that is not covered in this guide, - send it to the syslog-ng mailing list. + send it to the {{ site.product.short_name }} mailing list. - To report bugs found in syslog-ng OSE, visit the syslog-ng issue tracker on GitHub. + To report bugs found in {{ site.product.short_name }}, visit the {{ site.product.short_name }} issue tracker on GitHub. Precompiled binary packages are available for free from various - third-parties. See the list of precompiled syslog-ng OSE binary packages. + third-parties. See the list of precompiled {{ site.product.short_name }} binary packages. diff --git a/doc/_admin-guide/180_Best_practices_and_examples/001_Handling_large_message_load.md b/doc/_admin-guide/180_Best_practices_and_examples/001_Handling_large_message_load.md index d23dbef4..a3116d5f 100644 --- a/doc/_admin-guide/180_Best_practices_and_examples/001_Handling_large_message_load.md +++ b/doc/_admin-guide/180_Best_practices_and_examples/001_Handling_large_message_load.md @@ -3,7 +3,7 @@ title: Handling large message load id: adm-pract-large-load description: >- This section provides tips on optimizing the performance of syslog-ng. - Optimizing the performance is important for syslog-ng hosts that handle + Optimizing the performance is important for {{ site.product.short_name }} hosts that handle large traffic. --- @@ -25,4 +25,4 @@ description: >- - Increase the value of the flush-lines() parameter. Increasing flush-lines() from 0 to **100** can increase the performance of - syslog-ng OSE by 100%. + {{ site.product.short_name }} by 100%. diff --git a/doc/_admin-guide/180_Best_practices_and_examples/002_Using_name_resolution/000_Resolving_hostnames_locally.md b/doc/_admin-guide/180_Best_practices_and_examples/002_Using_name_resolution/000_Resolving_hostnames_locally.md index 3f017867..6af32375 100644 --- a/doc/_admin-guide/180_Best_practices_and_examples/002_Using_name_resolution/000_Resolving_hostnames_locally.md +++ b/doc/_admin-guide/180_Best_practices_and_examples/002_Using_name_resolution/000_Resolving_hostnames_locally.md @@ -5,7 +5,7 @@ description: >- Resolving hostnames locally enables you to display hostnames in the log files for frequently used hosts, without having to rely on a DNS server. The known IP address -- hostname pairs are stored locally in a file. In - the log messages, syslog-ng will replace the IP addresses of known hosts + the log messages, {{ site.product.short_name }} will replace the IP addresses of known hosts with their hostnames. --- @@ -18,8 +18,8 @@ To configure local name resolution, complete the following steps: /etc/hosts file. Consult the documentation of your operating system for details. -2. Instruct syslog-ng to resolve hostnames locally. Set the use-dns() - option of syslog-ng to **persist\_only**. +2. Instruct {{ site.product.short_name }} to resolve hostnames locally. Set the use-dns() + option of {{ site.product.short_name }} to **persist\_only**. 3. Set the dns-cache-hosts() option to point to the file storing the hostnames. diff --git a/doc/_admin-guide/180_Best_practices_and_examples/002_Using_name_resolution/README.md b/doc/_admin-guide/180_Best_practices_and_examples/002_Using_name_resolution/README.md index 8b983a6a..d3e4c194 100644 --- a/doc/_admin-guide/180_Best_practices_and_examples/002_Using_name_resolution/README.md +++ b/doc/_admin-guide/180_Best_practices_and_examples/002_Using_name_resolution/README.md @@ -2,16 +2,16 @@ title: Using name resolution in syslog-ng id: adm-pract-nameres description: >- - The syslog-ng application can resolve the hostnames of the clients and + The {{ site.product.short_name }} application can resolve the hostnames of the clients and include them in the log messages. However, the performance of syslog-ng is severely degraded if the domain name server is unaccessible or slow. Therefore, it is not recommended to resolve hostnames in syslog-ng. --- -If you must use name resolution from syslog-ng, consider the following: +If you must use name resolution from {{ site.product.short_name }}, consider the following: - Use DNS caching. Verify that the DNS cache is large enough to store - all important hostnames. (By default, the syslog-ng DNS cache stores + all important hostnames. (By default, the {{ site.product.short_name }} DNS cache stores 1007 entries.) ```config diff --git a/doc/_admin-guide/180_Best_practices_and_examples/003_Collecting_logs_from_chroot.md b/doc/_admin-guide/180_Best_practices_and_examples/003_Collecting_logs_from_chroot.md index dfa842c9..f47feabc 100644 --- a/doc/_admin-guide/180_Best_practices_and_examples/003_Collecting_logs_from_chroot.md +++ b/doc/_admin-guide/180_Best_practices_and_examples/003_Collecting_logs_from_chroot.md @@ -5,7 +5,7 @@ id: adm-pract-chroot ## Purpose -To collect logs from a chroot using a syslog-ng client running on the +To collect logs from a chroot using a {{ site.product.short_name }} client running on the host, complete the following steps: ### Figure 23: Collecting logs from chroot diff --git a/doc/_admin-guide/180_Best_practices_and_examples/004_Configuring_log_rotation.md b/doc/_admin-guide/180_Best_practices_and_examples/004_Configuring_log_rotation.md index 03b0f937..5cbfc5b9 100644 --- a/doc/_admin-guide/180_Best_practices_and_examples/004_Configuring_log_rotation.md +++ b/doc/_admin-guide/180_Best_practices_and_examples/004_Configuring_log_rotation.md @@ -3,10 +3,10 @@ title: Configuring log rotation id: adm-pract-rotate --- -The syslog-ng OSE application does not rotate logs by itself. To use -syslog-ng OSE for log rotation, consider the following approaches: +The {{ site.product.short_name }} application does not rotate logs by itself. To use +{{ site.product.short_name }} for log rotation, consider the following approaches: -## Use logrotate together with syslog-ng OSE +## Use logrotate together with {{ site.product.short_name }} - It is ideal for workstations or when processing fewer logs. @@ -15,19 +15,19 @@ syslog-ng OSE for log rotation, consider the following approaches: - Less scripting is required, only logrotate has to be configured correctly. -- Requires frequent restart (syslog-ng OSE must be reloaded/restarted +- Requires frequent restart ({{ site.product.short_name }} must be reloaded/restarted when the files are rotated). After rotating the log files, reload - syslog-ng OSE using the **syslog-ng-ctl reload** command, or use - another method to send a SIGHUP to syslog-ng OSE. + {{ site.product.short_name }} using the **syslog-ng-ctl reload** command, or use + another method to send a SIGHUP to {{ site.product.short_name }}. -- The statistics collected by syslog-ng OSE, and the correlation +- The statistics collected by {{ site.product.short_name }}, and the correlation information gathered with Pattern Database, are lost with each restart. ## Separate incoming logs based on time, host or other information - It is ideal for central log servers, where regular restart of - syslog-ng OSE is unfavorable. + {{ site.product.short_name }} is unfavorable. - Requires shell scripts or cron jobs to remove old logs. diff --git a/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/000_Round_robin.md b/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/000_Round_robin.md index 87a40662..cada0d87 100644 --- a/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/000_Round_robin.md +++ b/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/000_Round_robin.md @@ -1,11 +1,11 @@ --- -title: Load balancing with a round robin load balancing method based on the R_MSEC macro of syslog-ng OSE +title: Load balancing with a round robin load balancing method based on the R_MSEC macro of {{ site.product.short_name }} short_title: Load balancing with round robin id: adm-pract-round-robin description: >- This section describes a round robin load balancing method based on the - R_MSEC macro of syslog-ng Open Source Edition (syslog-ng OSE) to load - balance your logs between multiple syslog-ng OSE destinations. + R_MSEC macro of {{ site.product.short_name }} to load + balance your logs between multiple {{ site.product.short_name }} destinations. --- **TIP:** If R_MSEC is not precise enough, you can replace it with R_USEC @@ -13,12 +13,12 @@ description: >- {: .notice--info} For more information about the R_MSEC macro and further macros of -syslog-ng OSE, see Macros of syslog-ng OSE. +{{ site.product.short_name }}, see Macros of {{ site.product.short_name }}. ## Example: round robin load balancing between multiple destinations The following example is a round-robin load balancing method, based on -syslog-ng OSE's R_MSEC macro. +${R_MSEC} macro of {{ site.product.short_name }}. ```config destination d_lb_network { @@ -58,7 +58,7 @@ this case, 0 or 1). If you need a file instead of a network destination, replace the network destination with the file in the example (and use the same analogy for -any other syslog-ng OSE destinations). +any other {{ site.product.short_name }} destinations). For an alternative method to use the round robin load balancing method based on the R_MSEC macro, see diff --git a/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/001_msec_hashing.md b/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/001_msec_hashing.md index ac36521f..eaf437f7 100644 --- a/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/001_msec_hashing.md +++ b/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/001_msec_hashing.md @@ -5,7 +5,7 @@ id: adm-pract-msec description: >- This section describes a configuration generator for the load balancing method based on MSEC hashing to load balance your logs between multiple - syslog-ng Open Source Edition (syslog-ng OSE) destinations. + {{ site.product.short_name }} destinations. --- ![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** @@ -19,7 +19,7 @@ this script, and recommends that you only use this script at your own risk. As an alternative to using the example configuration described in [[Load balancing with round robin|adm-pract-round-robin]], a -configuration generator script is also available in syslog-ng OSE: +configuration generator script is also available in {{ site.product.short_name }}: ```config destination d_lb { diff --git a/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/README.md b/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/README.md index 2a913c51..b39bdb49 100644 --- a/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/README.md +++ b/doc/_admin-guide/180_Best_practices_and_examples/005_Load_balancing_logs/README.md @@ -3,12 +3,12 @@ title: Load balancing logs between multiple destinations id: adm-pract-load description: >- These sections describe a method of load balancing logs between multiple - syslog-ng Open Source Edition (syslog-ng OSE) destinations. The first + {{ site.product.short_name }} destinations. The first subsection describes the round robin load balancing method based on the - R_MSEC macro of syslog-ng OSE, while the second subsection describes a + R_MSEC macro of {{ site.product.short_name }}, while the second subsection describes a configuration generator that you can use as an alternative to using the example configuration described in the first subsection. --- For more information about the R_MSEC macro and further macros of -syslog-ng OSE, see Macros of syslog-ng OSE. +{{ site.product.short_name }}, see Macros of {{ site.product.short_name }}. diff --git a/doc/_admin-guide/190_The_syslog-ng_manual_pages/000_dqtool.md b/doc/_admin-guide/190_The_syslog-ng_manual_pages/000_dqtool.md index 4c811093..ca7da5c7 100644 --- a/doc/_admin-guide/190_The_syslog-ng_manual_pages/000_dqtool.md +++ b/doc/_admin-guide/190_The_syslog-ng_manual_pages/000_dqtool.md @@ -7,7 +7,7 @@ id: adm-man-dqtool ## Name dqtool --- Display the contents of a disk-buffer file created with -syslog-ng OSE. +{{ site.product.short_name }}. ## Synopsis @@ -76,13 +76,13 @@ relocate [options] [files] Use the relocate command to move or rename disk-buffer (also called disk-queue) files. Note that this option modifies the persist file. Stop -syslog-ng OSE before using this command. +{{ site.product.short_name }} before using this command. The relocate command has the following options: - \--all or -a - Relocate every disk-buffer file that is listed in the syslog-ng OSE + Relocate every disk-buffer file that is listed in the {{ site.product.short_name }} persist file. - \--new\_path or -n @@ -92,7 +92,7 @@ The relocate command has the following options: - \--persist or -p - The path to the syslog-ng OSE persist file. The relocate command + The path to the {{ site.product.short_name }} persist file. The relocate command automatically updates the entries of the disk-buffer files in the persist file. diff --git a/doc/_admin-guide/190_The_syslog-ng_manual_pages/002_pdbtool.md b/doc/_admin-guide/190_The_syslog-ng_manual_pages/002_pdbtool.md index 65fe7793..c4cf9eff 100644 --- a/doc/_admin-guide/190_The_syslog-ng_manual_pages/002_pdbtool.md +++ b/doc/_admin-guide/190_The_syslog-ng_manual_pages/002_pdbtool.md @@ -5,7 +5,7 @@ id: adm-man-pdbtool ## Name -pdbtool --- An application to test and convert syslog-ng pattern +pdbtool --- An application to test and convert {{ site.product.short_name }} pattern database rules ## Synopsis @@ -16,14 +16,14 @@ pdbtool \[command\] \[options\] This manual page is only an abstract. -The syslog-ng OSE application can match the contents of the log messages +The {{ site.product.short_name }} application can match the contents of the log messages to a database of predefined message patterns (also called patterndb). By -comparing the messages to the known patterns, syslog-ng OSE is able to +comparing the messages to the known patterns, {{ site.product.short_name }} is able to identify the exact type of the messages, tag the messages, and sort them into message classes. The message classes can be used to classify the type of the event described in the log message. The functionality of the pattern database is similar to that of the logcheck project, but the -syslog-ng approach is faster, scales better, and is much easier to +{{ site.product.short_name }} approach is faster, scales better, and is much easier to maintain compared to the regular expressions of logcheck. The pdbtool application is a utility that can be used to: @@ -65,7 +65,7 @@ database. dump \[options\] Display the RADIX tree built from the patterns. This shows how are the -patterns represented in syslog-ng OSE and it might also help to track +patterns represented in {{ site.product.short_name }} and it might also help to track down pattern-matching problems. The dump utility can dump the tree used for matching the PROGRAM or the MSG parts. @@ -166,7 +166,7 @@ The match command has the following options: - \--filter=\ or -F - Print only messages matching the specified syslog-ng filter + Print only messages matching the specified {{ site.product.short_name }} filter expression. - \--message or -M @@ -185,7 +185,7 @@ The match command has the following options: - \--template=\ or -T - A syslog-ng template expression that is used to format the output + A {{ site.product.short_name }} template expression that is used to format the output messages. - \--verbose or -v @@ -221,7 +221,7 @@ Use the merge command to combine separate pattern database files into a single file (pattern databases are usually stored in separate files per applications to simplify maintenance). If a file uses an older database format, it is automatically updated to the latest format (V3). See the -The syslog-ng Administrator Guide for +The {{ site.product.short_name }} Administrator Guide for details on the different pattern database versions. - \--debug or -d @@ -276,7 +276,7 @@ large number of log messages. The resulting pattern database is printed to the standard output (stdout). The pdbtool patternize command uses a data clustering technique to find similar log messages and replacing the differing parts with @ESTRING:: @ parsers. For details on pattern -databases and message parsers, see the [The syslog-ng Administrator Guide] +databases and message parsers, see the [The {{ site.product.short_name }} Administrator Guide] (https://www.syslog-ng.com/). The patternize command is available only in version 3.2 and later. @@ -337,7 +337,7 @@ test \[options\] Use the test command to validate a pattern database XML file. Note that you must have the xmllint application installed. The test command is -available only in syslog-ng OSE version 3.2 and later. +available only in {{ site.product.short_name }} version 3.2 and later. - \--color-out or -c diff --git a/doc/_admin-guide/190_The_syslog-ng_manual_pages/003_secure_logging_manual.md b/doc/_admin-guide/190_The_syslog-ng_manual_pages/003_secure_logging_manual.md index 782d16c1..4f705922 100644 --- a/doc/_admin-guide/190_The_syslog-ng_manual_pages/003_secure_logging_manual.md +++ b/doc/_admin-guide/190_The_syslog-ng_manual_pages/003_secure_logging_manual.md @@ -15,11 +15,11 @@ $(slog --key-file --mac-file ${RAWMSG}) ## Description -Secure logging is an extension of syslog-ng OSE which provides system log forward integrity and confidentiality. It is implemented in form of a module and is configured as a template in the syslog-ng OSE configuration file. +Secure logging is an extension of {{ site.product.short_name }} which provides system log forward integrity and confidentiality. It is implemented in form of a module and is configured as a template in the {{ site.product.short_name }} configuration file. The main objective of the secure logging module is to provide tamper evident logging, for example to adequately protect log records of a system and to provide a sensor indicating breach-attempts. The secure logging module achieves this by the authentical encryption of each log record with an individual cryptographic key used only once and protecting the integrity of the whole log archive by a cryptographic authentication code. Every attempt to tamper with an individual log record or the log archive itself is immediately detected during log archive verification. Due to this, an attacker can no longer tamper with log records without being detected. -To use the log file created by the secure logging module for analysis, the log file must first be decrypted and its integrity must be verified. This is achieved with a command line utility that is part of the secure logging module and is installed as part of the syslog-ng OSE package. This utility can be integrated into the import module of existing analysis environments. +To use the log file created by the secure logging module for analysis, the log file must first be decrypted and its integrity must be verified. This is achieved with a command line utility that is part of the secure logging module and is installed as part of the {{ site.product.short_name }} package. This utility can be integrated into the import module of existing analysis environments. The secure logging environment uses a cryptographic key for encrypting log entries. Individual log entries are encrypted with their own keys which are immediately discarded after successful encryption to provide forward integrity. An efficient algorithm generates the key for the next log entry based the key used for encrypting the previous log entry. The resulting chain of keys preserves forward integrity, for example a potential attacker cannot deduce the previous key from the current key. @@ -58,7 +58,7 @@ The following is the output of a successful verification run: ``` The original log messages have been successfully restored, and the sequence counters are also assigned to the clear text messages. This helps in analyzing problems within a particular log entry. As real log files will contain thousands of entries. The sequence counter helps to identify faulty entries. -Before the secure logging module can be used as part of an existing syslog-ng OSE installation, several preparatory activities are necessary. +Before the secure logging module can be used as part of an existing {{ site.product.short_name }} installation, several preparatory activities are necessary. ## Key Generation @@ -84,15 +84,15 @@ template("$(slog --key-file --mac-file ${RAWMSG})\n" The purpose of the elements within the statement: * `slog` - The name of the secure logging template function. This name can be also be found by calling syslog-ng with the `--module-registry` arguments and checking the `template-func` property of the secure logging module in the corresponding output. + The name of the secure logging template function. This name can be also be found by calling {{ site.product.short_name }} with the `--module-registry` arguments and checking the `template-func` property of the secure logging module in the corresponding output. * `--key-file` or `-k` - The host key file. `` is the full path of the file storing the host key on the log host. If this arguments is not supplied or does not point to a valid key file, syslog-ng does not start and a displays an error message. + The host key file. `` is the full path of the file storing the host key on the log host. If this arguments is not supplied or does not point to a valid key file, {{ site.product.short_name }} does not start and a displays an error message. * `--mac-file` or `-m` - The MAC file. `` is the full path of the MAC file on the log host. The file is automatically created upon the initial start. If the path is not correct, syslog-ng does not start and a displays a corresponding error message. + The MAC file. `` is the full path of the MAC file on the log host. The file is automatically created upon the initial start. If the path is not correct, {{ site.product.short_name }} does not start and a displays a corresponding error message. * `${RAWMSG}` @@ -105,7 +105,7 @@ The purpose of the elements within the statement: The secure logging template can be combined with any source or destination with the following limitations: * Sources must be line-oriented. Secure logging uses a line separator in order to distinguish between individual log entries. Sources which provide data in a different format, for example, in the form of raw data obtained directly from a database system, cannot currently be used with the secure logging template, as the separation of log entries is not clearly defined for this type of data. -* Only sources for which the store-raw-message flag is implemented and set do benefit from the integrity guarantee provided by the secure logging template. Secure logging aims at protecting the integrity of complete log messages including all associated meta-data, such as timestamps and host names. syslog-ng parses the log message into its internal format and provide easy access to parts of a message through macros. While this is convenient when rewriting log messages, it is not helpful for secure logging. syslog-ng provides the store-raw-message flag which provides access to a copy of the original log message after parsing. This is the log message processed and protected by the secure logging template. If the source does not support the `store-raw-message flag`, then the `${MSG}` macro can also be used. However, in this case the integrity guarantee provided by secure logging is limited to the content that this macro provides. +* Only sources for which the store-raw-message flag is implemented and set do benefit from the integrity guarantee provided by the secure logging template. Secure logging aims at protecting the integrity of complete log messages including all associated meta-data, such as timestamps and host names. {{ site.product.short_name }} parses the log message into its internal format and provide easy access to parts of a message through macros. While this is convenient when rewriting log messages, it is not helpful for secure logging. {{ site.product.short_name }} provides the store-raw-message flag which provides access to a copy of the original log message after parsing. This is the log message processed and protected by the secure logging template. If the source does not support the `store-raw-message flag`, then the `${MSG}` macro can also be used. However, in this case the integrity guarantee provided by secure logging is limited to the content that this macro provides. * Log rotation of any kind cannot be used with destinations using secure logging, because log rotate overwrites or deletes previous log files. This compromises the cryptographic chain of trust of the log entries preve recovery. To efficiently handle log files, the secure logging environment features iterative verification. Using iterative verification, a log file can be verified in steps. For this to work, the log file must first be downloaded from the log host, together with the corresponding host key and MAC file to a verification host. After downloading, the log file can be safely deleted from the log host. Verification is then performed on the verification host using the iterative mode of the slogverify utility. ### Example: secure logging template on a file destination diff --git a/doc/_admin-guide/190_The_syslog-ng_manual_pages/004_slogencrypt_manual.md b/doc/_admin-guide/190_The_syslog-ng_manual_pages/004_slogencrypt_manual.md index 9f95f83b..a2218a74 100644 --- a/doc/_admin-guide/190_The_syslog-ng_manual_pages/004_slogencrypt_manual.md +++ b/doc/_admin-guide/190_The_syslog-ng_manual_pages/004_slogencrypt_manual.md @@ -5,7 +5,7 @@ id: adm-man-slogscr ## Name -`slogencrypt` --- Encrypts existing plain text log files using the syslog-ng OSE secure logging environment. +`slogencrypt` --- Encrypts existing plain text log files using the {{ site.product.short_name }} secure logging environment. ## Synopsis @@ -15,7 +15,7 @@ slogencrypt [options] [arguments] ## Description -The `slogencrypt` utility encrypts plain text log files using an existing secure logging environment. Using this utility, log files obtained from a previous installation of syslog-ng or another logging system can be transferred to a secure logging environment. The order of the log entries is preserved. Encrypting plain text log files using an existing secure logging environment, requires the current encryption key to be supplied in order to preserve consistency. +The `slogencrypt` utility encrypts plain text log files using an existing secure logging environment. Using this utility, log files obtained from a previous installation of {{ site.product.short_name }} or another logging system can be transferred to a secure logging environment. The order of the log entries is preserved. Encrypting plain text log files using an existing secure logging environment, requires the current encryption key to be supplied in order to preserve consistency. ### Example: a general call sequence @@ -68,4 +68,4 @@ slogencrypt -k -m -m [buffers]` @@ -26,7 +26,7 @@ The slogverify utility is used to verify the integrity of cryptographically secu * input file - An encrypted log file from the syslog-ng secure logging environment that is verified. + An encrypted log file from the {{ site.product.short_name }} secure logging environment that is verified. * output file The file that contains the plain text log entries after decryption and verification. diff --git a/doc/_admin-guide/190_The_syslog-ng_manual_pages/007_syslog-ng_control_tool.md b/doc/_admin-guide/190_The_syslog-ng_manual_pages/007_syslog-ng_control_tool.md index 32929e28..2073ef61 100644 --- a/doc/_admin-guide/190_The_syslog-ng_manual_pages/007_syslog-ng_control_tool.md +++ b/doc/_admin-guide/190_The_syslog-ng_manual_pages/007_syslog-ng_control_tool.md @@ -1,5 +1,5 @@ --- -title: The syslog-ng control tool manual page +title: The {{ site.product.short_name }} control tool manual page app: syslog-ng-ctl id: adm-man-ctl --- @@ -19,15 +19,15 @@ syslog-ng-ctl \[command\] \[options\] The syslog-ng-ctl application is a utility that can be used to: -- enable/disable various syslog-ng OSE messages for troubleshooting +- enable/disable various {{ site.product.short_name }} messages for troubleshooting - display statistics about the processed messages - handling password-protected private keys -- display the currently running configuration of syslog-ng OSE +- display the currently running configuration of {{ site.product.short_name }} -- reload the configuration of syslog-ng OSE. +- reload the configuration of {{ site.product.short_name }}. ## Enabling troubleshooting messages @@ -44,29 +44,29 @@ debug messages does not enable verbose and trace messages. Use syslog-ng-ctl \ without any parameters to display whether the particular type of messages are enabled or not. -If you need to use a non-standard control socket to access syslog-ng, +If you need to use a non-standard control socket to access {{ site.product.short_name }}, use the syslog-ng-ctl \ \--set=on \--control=\ command to specify the socket to use. - verbose - Print verbose messages. If syslog-ng OSE was started with the + Print verbose messages. If {{ site.product.short_name }} was started with the \--stderr or -e option, the messages will be sent to stderr. If not - specified, syslog-ng OSE will log such messages to its internal + specified, {{ site.product.short_name }} will log such messages to its internal source. - trace - Print trace messages of how messages are processed. If syslog-ng OSE + Print trace messages of how messages are processed. If {{ site.product.short_name }} was started with the \--stderr or -e option, the messages will be - sent to stderr. If not specified, syslog-ng OSE will log such + sent to stderr. If not specified, {{ site.product.short_name }} will log such messages to its internal source. - debug - Print debug messages. If syslog-ng OSE was started with the + Print debug messages. If {{ site.product.short_name }} was started with the \--stderr or -e option, the messages will be sent to stderr. If not - specified, syslog-ng OSE will log such messages to its internal + specified, {{ site.product.short_name }} will log such messages to its internal source. ### Example @@ -77,7 +77,7 @@ syslog-ng-ctl verbose --set=on ## syslog-ng-ctl query -The syslog-ng OSE application stores various data, metrics, and +The {{ site.product.short_name }} application stores various data, metrics, and statistics in a hash table. Every property has a name and a value. For example: @@ -97,8 +97,7 @@ also use the ? and \* wildcards. For example: - Select all dropped value from every stats node: \*.stats.dropped -The nodes and properties available in the tree depend on your syslog-ng -OSE configuration (that is, the sources, destinations, and other objects +The nodes and properties available in the tree depend on your {{ site.product.short_name }} configuration (that is, the sources, destinations, and other objects you have configured), and also on your stats-level() settings. ## The list command @@ -106,7 +105,7 @@ you have configured), and also on your stats-level() settings. syslog-ng-ctl query list Use the syslog-ng-ctl query list command to display the list of metrics -that syslog-ng OSE collects about the processed messages. +that {{ site.product.short_name }} collects about the processed messages. An example output: @@ -186,7 +185,7 @@ The syslog-ng-ctl query get command has the following options: For example, the syslog-ng-ctl query get \--sum \"destination\*.dropped\" command displays the number of messages - dropped by the syslog-ng OSE instance. + dropped by the {{ site.product.short_name }} instance. - \--reset @@ -199,7 +198,7 @@ stats \[options\] Use the stats command to display statistics about the processed messages. For details about the displayed statistics, -see The syslog-ng OSE Administration Guide. +see The {{ site.product.short_name }} Administration Guide. The stats command has the following options: - \--control=\ or -c @@ -272,18 +271,18 @@ An example output: syslog-ng-ctl credentials \[options\] The syslog-ng-ctl credentials status command allows you to query the -status of the private keys that syslog-ng OSE uses in the network() and +status of the private keys that {{ site.product.short_name }} uses in the network() and syslog() drivers. You can also provide the passphrase for password-protected private keys using the syslog-ng-ctl credentials add command. For details on using password-protected keys, see -The syslog-ng Administrator Guide. +The {{ site.product.short_name }} Administrator Guide. ## Displaying the status of private keys syslog-ng-ctl credentials status \[options\] The syslog-ng-ctl credentials status command allows you to query the -status of the private keys that syslog-ng OSE uses in the network() and +status of the private keys that {{ site.product.short_name }} uses in the network() and syslog() drivers. The command returns the list of private keys used, and their status. For example: @@ -295,11 +294,11 @@ syslog-ng-ctl credentials status >/home/user/ssl_test/client-1/client-encrypted.key SUCCESS If the status of a key is PENDING, you must provide the passphrase for -the key, otherwise syslog-ng OSE cannot use it. The sources and +the key, otherwise {{ site.product.short_name }} cannot use it. The sources and destinations that use these keys will not work until you provide the -passwords. Other parts of the syslog-ng OSE configuration will be +passwords. Other parts of the {{ site.product.short_name }} configuration will be unaffected. You must provide the passphrase of the password-protected -keys every time syslog-ng OSE is restarted. +keys every time {{ site.product.short_name }} is restarted. The following log message also notifies you of PENDING passphrases: @@ -307,7 +306,7 @@ The following log message also notifies you of PENDING passphrases: - \--control=\ or -c - Specify the socket to use to access syslog-ng OSE. Only needed when + Specify the socket to use to access {{ site.product.short_name }}. Only needed when using a non-standard socket. ## Opening password-protected private keys @@ -315,7 +314,7 @@ The following log message also notifies you of PENDING passphrases: syslog-ng-ctl credentials add \[options\] You can add the passphrase to a password-protected private key file -using the following command. syslog-ng OSE will display a prompt for you +using the following command. {{ site.product.short_name }} will display a prompt for you to enter the passphrase. We recommend that you use this method. ```bash @@ -344,7 +343,7 @@ echo "" | syslog-ng-ctl credentials add --id= or -i The path to the password-protected private key file. This is the - same path that you use in the key-file() option of the syslog-ng OSE + same path that you use in the key-file() option of the {{ site.product.short_name }} configuration file. - \--secret=\ or -s @@ -356,7 +355,7 @@ echo "" | syslog-ng-ctl credentials add --id= - Start syslog-ng OSE in debug mode, using the specified command-line + Start {{ site.product.short_name }} in debug mode, using the specified command-line options. To exit debug mode, press Enter. - -t \ - Run syslog-ng OSE in noninteractive debug mode for \, and + Run {{ site.product.short_name }} in noninteractive debug mode for \, and automatically exit debug mode after the specified number of seconds. - -w \ @@ -82,7 +82,7 @@ you ask help about your syslog-ng OSE related problem. Enable syscall tracing (strace -f or truss -f). Note that using -s itself does not enable debug mode, only traces the system calls of - an already running syslog-ng OSE process. To trace system calls in + an already running {{ site.product.short_name }} process. To trace system calls in debug mode, use both the -s and -d options. ## Packet capture options @@ -106,7 +106,7 @@ Solaris, where it uses snoop. - -t \ - Run syslog-ng OSE in noninteractive debug mode for \, and + Run {{ site.product.short_name }} in noninteractive debug mode for \, and automatically exit debug mode after the specified number of seconds. ### Examples @@ -132,7 +132,7 @@ info, and process tree. syslog-ng-debun -r -d ``` -Similar to syslog-ng-debun -r, but it also stops syslog-ng OSE, then +Similar to syslog-ng-debun -r, but it also stops {{ site.product.short_name }}, then restarts it in debug mode (-Fedv \--enable-core). To stop debug mode, press Enter. The output of the debug mode collected into a separate file, and also added to the debug bundle. @@ -142,14 +142,14 @@ syslog-ng-debun -r -s ``` Trace the system calls (using strace or truss) of an already running -syslog-ng OSE process. +{{ site.product.short_name }} process. ```bash syslog-ng-debun -r -d -s ``` -Restart syslog-ng OSE in debug mode, and also trace the system calls -(using strace or truss) of the syslog-ng OSE process. +Restart {{ site.product.short_name }} in debug mode, and also trace the system calls +(using strace or truss) of the {{ site.product.short_name }} process. ```bash syslog-ng-debun -r -p @@ -186,13 +186,13 @@ Collect pcap and debug mode output following this scenario: - Stop syslog-ng -- Start syslog-ng OSE in debug mode with default parameters (-d) +- Start {{ site.product.short_name }} in debug mode with default parameters (-d) - Wait 10 seconds (-t 10) -- Stop syslog-ng OSE debuging +- Stop {{ site.product.short_name }} debuging -- Start syslog-ng OSE +- Start {{ site.product.short_name }} - Stop packet capturing diff --git a/doc/_admin-guide/190_The_syslog-ng_manual_pages/009_syslog-ng_manual.md b/doc/_admin-guide/190_The_syslog-ng_manual_pages/009_syslog-ng_manual.md index 53461ff6..4570a5f9 100644 --- a/doc/_admin-guide/190_The_syslog-ng_manual_pages/009_syslog-ng_manual.md +++ b/doc/_admin-guide/190_The_syslog-ng_manual_pages/009_syslog-ng_manual.md @@ -1,5 +1,5 @@ --- -title: The syslog-ng manual page +title: The {{ site.product.short_name }} manual page id: adm-man-syslogng --- @@ -15,30 +15,30 @@ syslog-ng \[options\] This manual page is only an abstract. -The syslog-ng OSE application is a flexible and highly scalable system -logging application. Typically, syslog-ng OSE is used to manage log +The {{ site.product.short_name }} application is a flexible and highly scalable system +logging application. Typically, {{ site.product.short_name }} is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server. The -different devices - called syslog-ng clients - all run syslog-ng OSE, +different devices - called {{ site.product.short_name }} clients - all run {{ site.product.short_name }}, and collect the log messages from the various applications, files, and other sources. The clients send all important log messages to the remote -syslog-ng OSE server, where the server sorts and stores them. +{{ site.product.short_name }} server, where the server sorts and stores them. ## Options - \--caps - Run syslog-ng OSE process with the specified POSIX capability flags. + Run {{ site.product.short_name }} process with the specified POSIX capability flags. - - If the \--no-caps option is not set, syslog-ng OSE has been + - If the \--no-caps option is not set, {{ site.product.short_name }} has been compiled with the \--enable-linux-caps compile option, and the - host supports CAP\_SYSLOG, syslog-ng OSE uses the following + host supports CAP\_SYSLOG, {{ site.product.short_name }} uses the following capabilities: cap\_net\_bind\_service, cap\_net\_broadcast, cap\_net\_raw, cap\_dac\_read\_search, cap\_dac\_override, cap\_chown, cap\_fowner=p cap\_syslog=ep - If the \--no-caps option is not set, and the host does not - support CAP\_SYSLOG, syslog-ng OSE uses the following + support CAP\_SYSLOG, {{ site.product.short_name }} uses the following capabilities: cap\_net\_bind\_service, cap\_net\_broadcast, cap\_net\_raw, cap\_dac\_read\_search, cap\_dac\_override, cap\_chown, cap\_fowner=p cap\_sys\_admin=ep @@ -63,53 +63,53 @@ syslog-ng OSE server, where the server sorts and stores them. Change root to the specified directory. The configuration file is read after chrooting so, the configuration file must be available within the chroot. That way it is also possible to reload the - syslog-ng configuration after chrooting. However, note that the + {{ site.product.short_name }} configuration after chrooting. However, note that the \--user and \--groupoptions are resolved before chrooting. - \--check-startup - Available in syslog-ng OSE 4.5 and later versions. + Available in {{ site.product.short_name }} 4.5 and later versions. - This option can be used to perform a complete configuration initialization with syslog-ng, then exit with the exit code indicating the result. This option can also be used to check if the configuration is semantically valid and that syslog-ng can actually start. (The `--syntax-only` option catches only syntactical errors.) + This option can be used to perform a complete configuration initialization with {{ site.product.short_name }}, then exit with the exit code indicating the result. This option can also be used to check if the configuration is semantically valid and that {{ site.product.short_name }} can actually start. (The `--syntax-only` option catches only syntactical errors.) Furthermore, `--check-startup` can also be used in a Kubernetes environment, to run it as a dedicated configuration check container. - **NOTE:** This option is higly likely to fail if another syslog-ng instance running in the background, since it initializes several processes, for example network listeners. In such a case the network address would already be in use. + **NOTE:** This option is higly likely to fail if another {{ site.product.short_name }} instance running in the background, since it initializes several processes, for example network listeners. In such a case the network address would already be in use. {: .notice--info} - \--control \ or -c\ - Set the location of the syslog-ng control socket. Default + Set the location of the {{ site.product.short_name }} control socket. Default value: \>/var/run/syslog-ng.ctl - \--debug or -d - Start syslog-ng in debug mode. + Start {{ site.product.short_name }} in debug mode. - \--default-modules A comma-separated list of the modules that are loaded automatically. Modules not loaded automatically can be loaded by including the - @module \ statement in the syslog-ng OSE configuration - file. Available only in syslog-ng OSE version 4.1 and later. + @module \ statement in the {{ site.product.short_name }} configuration + file. Available only in {{ site.product.short_name }} version 4.1 and later. - \--enable-core - Enable syslog-ng OSE to write core files in case of a crash to help + Enable {{ site.product.short_name }} to write core files in case of a crash to help support and debugging. - \--fd-limit \ Set the minimal number of required file descriptors (fd-s). This - sets how many files syslog-ng can keep open simultaneously. Default + sets how many files {{ site.product.short_name }} can keep open simultaneously. Default value: 4096. Note that this does not override the global ulimit setting of the host. - \--foreground or -F Do not daemonize, run in the foreground. When running in the - foreground, syslog-ng OSE starts from the current directory (${CWD}) - so it can create core files (normally, syslog-ng OSE starts + foreground, {{ site.product.short_name }} starts from the current directory (${CWD}) + so it can create core files (normally, {{ site.product.short_name }} starts from \>${PREFIX}/var). - \--group \ or -g \ @@ -126,17 +126,17 @@ syslog-ng OSE server, where the server sorts and stores them. Display the list and description of the available modules. Note that not all of these modules are loaded automatically, only the ones specified in the \--default-modules option. Available only in - syslog-ng OSE 4 F1 and later. + {{ site.product.short_name }} 4 F1 and later. - \--no-caps - Run syslog-ng OSE as root, without capability-support. This is the - default behavior. On Linux, it is possible to run syslog-ng OSE as - non-root with capability-support if syslog-ng OSE was compiled with + Run {{ site.product.short_name }} as root, without capability-support. This is the + default behavior. On Linux, it is possible to run {{ site.product.short_name }} as + non-root with capability-support if {{ site.product.short_name }} was compiled with the \--enable-linux-caps option enabled. (Run syslog-ng \--version to display the list of enabled build parameters.) - To run syslog-ng OSE with specific capabilities, use the \--caps + To run {{ site.product.short_name }} with specific capabilities, use the \--caps option. - \--persist-file \ or -R \ @@ -153,21 +153,21 @@ syslog-ng OSE server, where the server sorts and stores them. After processing the configuration file and resolving included files and variables, write the resulting configuration into the specified - output file. Available only in syslog-ng OSE 4 F1 and later. + output file. Available only in {{ site.product.short_name }} 4 F1 and later. - \--process-mode \ - Sets how to run syslog-ng OSE: in the foreground (mainly used for + Sets how to run {{ site.product.short_name }}: in the foreground (mainly used for debugging), in the background as a daemon, or in safe-background - mode. By default, syslog-ng runs in safe-background mode. This mode - creates a supervisor process called supervising syslog-ng, that - restarts syslog-ng OSE if it crashes. + mode. By default, {{ site.product.short_name }} runs in safe-background mode. This mode + creates a supervisor process called supervising {{ site.product.short_name }}, that + restarts {{ site.product.short_name }} if it crashes. - \--stderr or -e - Log internal messages of syslog-ng OSE to stderr. Mainly used for + Log internal messages of {{ site.product.short_name }} to stderr. Mainly used for debugging purposes in conjunction with the \--foreground option. If - not specified, syslog-ng will log such messages to its internal + not specified, {{ site.product.short_name }} will log such messages to its internal source. - \--syntax-only or -s @@ -179,12 +179,12 @@ syslog-ng OSE server, where the server sorts and stores them. Switch to the specified user after initializing the configuration file (and optionally chrooting). Note that it is not possible to - reload the syslog-ng configuration if the specified user has no + reload the {{ site.product.short_name }} configuration if the specified user has no privilege to create the \>/dev/log file. - \--verbose or -v - Enable verbose logging used to troubleshoot syslog-ng OSE. + Enable verbose logging used to troubleshoot {{ site.product.short_name }}. - \--version or -V @@ -196,12 +196,12 @@ syslog-ng OSE server, where the server sorts and stores them. - \--worker-threads - Sets the number of worker threads syslog-ng OSE can use, including - the main syslog-ng OSE thread. Note that certain operations in - syslog-ng OSE can use threads that are not limited by this option. - This setting has effect only when syslog-ng OSE is running in - multithreaded mode. Available only in syslog-ng OSE 4 F1 and later. - See The syslog-ng OSE 7 Administrator Guide for details. + Sets the number of worker threads {{ site.product.short_name }} can use, including + the main {{ site.product.short_name }} thread. Note that certain operations in + {{ site.product.short_name }} can use threads that are not limited by this option. + This setting has effect only when {{ site.product.short_name }} is running in + multithreaded mode. Available only in {{ site.product.short_name }} 4 F1 and later. + See The {{ site.product.short_name }} 7 Administrator Guide for details. ## Files diff --git a/doc/_admin-guide/190_The_syslog-ng_manual_pages/010_syslog-ng_conf.md b/doc/_admin-guide/190_The_syslog-ng_manual_pages/010_syslog-ng_conf.md index 2f9f2193..c09ade78 100644 --- a/doc/_admin-guide/190_The_syslog-ng_manual_pages/010_syslog-ng_conf.md +++ b/doc/_admin-guide/190_The_syslog-ng_manual_pages/010_syslog-ng_conf.md @@ -5,7 +5,7 @@ id: adm-man-syslogng-conf ## Name -syslog-ng.conf --- syslog-ng configuration file +syslog-ng.conf --- {{ site.product.short_name }} configuration file ## Synopsis @@ -15,34 +15,34 @@ syslog-ng.conf This manual page is only an abstract. -The syslog-ng OSE application is a flexible and highly scalable system -logging application. Typically, syslog-ng OSE is used to manage log +The {{ site.product.short_name }} application is a flexible and highly scalable system +logging application. Typically, {{ site.product.short_name }} is used to manage log messages and implement centralized logging, where the aim is to collect the log messages of several devices on a single, central log server. The -different devices - called syslog-ng clients - all run syslog-ng OSE, +different devices - called {{ site.product.short_name }} clients - all run {{ site.product.short_name }}, and collect the log messages from the various applications, files, and other sources. The clients send all important log messages to the remote -syslog-ng PE server, where the server sorts and stores them. +{{ site.product.short_name }} PE server, where the server sorts and stores them. -## Basic concepts of syslog-ng OSE +## Basic concepts of {{ site.product.short_name }} -The syslog-ng OSE application reads incoming messages and forwards them -to the selected destinations. The syslog-ng application can receive +The {{ site.product.short_name }} application reads incoming messages and forwards them +to the selected destinations. The {{ site.product.short_name }} application can receive messages from files, remote hosts, and other sources. -Log messages enter syslog-ng OSE in one of the defined sources, and are +Log messages enter {{ site.product.short_name }} in one of the defined sources, and are sent to one or more destinations. Sources and destinations are independent objects, log paths define what -syslog-ng OSE does with a message, connecting the sources to the +{{ site.product.short_name }} does with a message, connecting the sources to the destinations. A log path consists of one or more sources and one or more destinations: messages arriving from a source are sent to every -destination listed in the log path. A log path defined in syslog-ng OSE +destination listed in the log path. A log path defined in {{ site.product.short_name }} is called a log statement. Optionally, log paths can include filters. Filters are rules that select only certain messages, for example, selecting only messages sent by a -specific application. If a log path includes filters, syslog-ng OSE +specific application. If a log path includes filters, {{ site.product.short_name }} sends only the messages satisfying the filter rules to the destinations set in the log path. @@ -51,13 +51,13 @@ and rewriting rules. Parsers segment messages into different fields to help processing the messages, while rewrite rules modify the messages by adding, replacing, or removing parts of the messages. -## Configuring syslog-ng OSE +## Configuring {{ site.product.short_name }} - The main body of the configuration file consists of object definitions: sources, destinations, logpaths define which log message are received and where they are sent. All identifiers, option names and attributes, and any other strings used in the - syslog-ng configuration file are case sensitive. Object definitions + {{ site.product.short_name }} configuration file are case sensitive. Object definitions (also called statements) have the following syntax: ```config @@ -72,7 +72,7 @@ adding, replacing, or removing parts of the messages. identifier in quotation marks (\"\"). All identifiers, attributes, and any other strings used in the - syslog-ng OSE configuration file are case sensitive. + {{ site.product.short_name }} configuration file are case sensitive. **TIP:** Use identifiers that refer to the type of the object they identify. For example, prefix source objects with s\_, @@ -152,7 +152,7 @@ adding, replacing, or removing parts of the messages. ``` - Some options are global options, or can be set globally, for - example, whether syslog-ng OSE should use DNS resolution to resolve + example, whether {{ site.product.short_name }} should use DNS resolution to resolve IP addresses. ```config @@ -165,7 +165,7 @@ adding, replacing, or removing parts of the messages. object only once (for example, a filter). - To add comments to the configuration file, start a line with \# and - write your comments. These lines are ignored by syslog-ng OSE. + write your comments. These lines are ignored by {{ site.product.short_name }}. ```config # Comment: This is a stream source @@ -196,10 +196,10 @@ destination d_tcp { network("10.1.2.3" port(1999) localport(999)); }; log { source(s_localhost); destination(d_tcp); }; ``` -The syslog-ng OSE application has a number of global options governing +The {{ site.product.short_name }} application has a number of global options governing DNS usage, the timestamp format used, and other general points. Each option may have parameters, similarly to driver specifications. To set -global options add an option statement to the syslog-ng OSE +global options add an option statement to the {{ site.product.short_name }} configuration file using the following syntax: ```config @@ -209,22 +209,22 @@ options { option1(params); option2(params); ... }; ### Example: Using global options To disable domain name resolving, add the following line to the -syslog-ng OSE configuration file: +{{ site.product.short_name }} configuration file: ```config options { use-dns(no); }; ``` -The sources, destinations, and filters available in syslog-ng OSE are +The sources, destinations, and filters available in {{ site.product.short_name }} are listed below. -## Table 1: Source drivers available in syslog-ng OSE +## Table 1: Source drivers available in {{ site.product.short_name }} |Name |Description |---|--- |file() |Opens the specified file and reads messages. |wildcard-file() |Reads messages from multiple files and directories. -|internal() |Messages generated internally in syslog-ng OSE. +|internal() |Messages generated internally in {{ site.product.short_name }}. |network() |Receives messages from remote hosts using the BSD-syslog protocol over IPv4 and IPv6. Supports the TCP, UDP, and TLS network protocols. |nodejs() |Receives JSON messages from nodejs applications. |mbox() |Read e-mail messages from local mbox files, and convert them to multiline log messages. @@ -235,7 +235,7 @@ listed below. |snmptrap() |Read and parse the SNMP traps of the Net-SNMP\'s snmptrapd application. |sun-stream(), sun-streams() |Opens the specified STREAMS device on Solaris systems and reads incoming messages. |syslog() |Listens for incoming messages using the new IETF-standard syslog protocol. -|system() |Automatically detects which platform syslog-ng OSE is running on, and collects the native log messages of that platform. +|system() |Automatically detects which platform {{ site.product.short_name }} is running on, and collects the native log messages of that platform. |systemd-journal() |Collects messages directly from the journal of platforms that use systemd. |systemd-syslog() |Collects messages from the journal using a socket on platforms that use systemd. |unix-dgram() |Opens the specified unix socket in SOCK_DGRAM mode and listens for incoming messages. @@ -263,14 +263,14 @@ listed below. |redis()| Sends messages as name-value pairs to a Redis key-value store. |riemann()| Sends metrics or events to a Riemann monitoring system. |smtp()| Sends e-mail messages to the specified recipients. -|sql()| Sends messages into an SQL database. In addition to the standard syslog-ng OSE packages, the sql() destination requires database-specific packages to be installed. +|sql()| Sends messages into an SQL database. In addition to the standard {{ site.product.short_name }} packages, the sql() destination requires database-specific packages to be installed. |stomp()| Sends messages to a STOMP server. |syslog()| Sends messages to the specified remote host using the IETF-syslog protocol. The IETF standard supports message transport using the UDP, TCP, and TLS networking protocols. |unix-dgram()| Sends messages to the specified unix socket in SOCK_DGRAM style (BSD). |unix-stream()| Sends messages to the specified unix socket in SOCK_STREAM style (Linux). |usertty()| Sends messages to the terminal of the specified user, if the user is logged in. -## Table 3: Filter functi|ons available in syslog-ng OSE +## Table 3: Filter functi|ons available in {{ site.product.short_name }} |Name |Description |---------------------------- |------------- @@ -283,7 +283,7 @@ listed below. |message()| | Use a regular expression to filter messages based on their content. |netmask()| | Filter messages based on the IP address of the sending host. |program()| | Filter messages based on the sending application. -|source()| | Select messages of the specified syslog-ng OSE source statement. +|source()| | Select messages of the specified {{ site.product.short_name }} source statement. |tags()| | Select messages having the specified tag. ## Files diff --git a/doc/_admin-guide/190_The_syslog-ng_manual_pages/README.md b/doc/_admin-guide/190_The_syslog-ng_manual_pages/README.md index aae46fda..d9766683 100644 --- a/doc/_admin-guide/190_The_syslog-ng_manual_pages/README.md +++ b/doc/_admin-guide/190_The_syslog-ng_manual_pages/README.md @@ -1,8 +1,8 @@ --- -title: The syslog-ng manual pages +title: The {{ site.product.short_name }} manual pages id: adm-man description: >- - This chapter collects the manual pages of syslog-ng OSE and other + This chapter collects the manual pages of {{ site.product.short_name }} and other related applications that are usually distributed and packaged together - with the syslog-ng Open Source Edition application. + with the {{ site.product.name }} application. --- diff --git a/doc/_admin-guide/200_About/001_Documentation_license.md b/doc/_admin-guide/200_About/001_Documentation_license.md index 611b3d90..69e2f2f1 100644 --- a/doc/_admin-guide/200_About/001_Documentation_license.md +++ b/doc/_admin-guide/200_About/001_Documentation_license.md @@ -1,10 +1,10 @@ --- -title: The syslog-ng Open Source Edition Documentation License +title: The {{ site.product.name }} Documentation License short_title: Documentation license id: adm-about-doc-lic --- -The syslog-ng Open Source Edition Documentation License +The {{ site.product.name }} Documentation License Copyright 2023 One Identity LLC. diff --git a/doc/_admin-guide/200_About/002_Glossary.md b/doc/_admin-guide/200_About/002_Glossary.md index 5adb6822..469e4d31 100644 --- a/doc/_admin-guide/200_About/002_Glossary.md +++ b/doc/_admin-guide/200_About/002_Glossary.md @@ -52,9 +52,9 @@ name of the CA that signed the certificate, and some other data. ### client mode -In client mode, syslog-ng collects the local logs generated by +In client mode, {{ site.product.short_name }} collects the local logs generated by the host and forwards them through a network connection to the -central syslog-ng server or to a relay. +central {{ site.product.short_name }} server or to a relay. ## D @@ -74,11 +74,11 @@ writes them to a file, or passes them to a log analyzing application. ### destination, network A destination that sends log messages to a remote host (that is, a -syslog-ng relay or server) using a network connection. +{{ site.product.short_name }} relay or server) using a network connection. ### disk buffer -Syslog-ng can store messages on the local hard disk if the central log server +{{ site.product.short_name }} can store messages on the local hard disk if the central log server or the network connection to the server becomes unavailable. ### disk queue @@ -130,7 +130,7 @@ List of short definitions of product-specific terms. ### high availability -High availability uses a second syslog-ng server unit to ensure that the +High availability uses a second {{ site.product.short_name }} server unit to ensure that the logs are received even if the first unit breaks down. ### host @@ -161,21 +161,21 @@ the public key. ### license -The syslog-ng license determines the number of distinct hosts +The {{ site.product.short_name }} license determines the number of distinct hosts (clients and relays) that can connect to the syslog-ng server. ### log path A combination of sources, filters, parsers, rewrite rules, and -destinations: syslog-ng examines all messages arriving to the +destinations: {{ site.product.short_name }} examines all messages arriving to the sources of the logpath and sends the messages matching all filters to the defined destinations. ### log source host -A host or network device (including syslog-ng clients and relays) that sends -logs to the syslog-ng server. Log source hosts can be servers, routers, desktop +A host or network device (including {{ site.product.short_name }} clients and relays) that sends +logs to the {{ site.product.short_name }} server. Log source hosts can be servers, routers, desktop computers, or other devices capable of sending syslog messages or running syslog-ng. @@ -218,14 +218,14 @@ it requires minimal installation but has full functionality. ### output buffer -A part of the memory of the host where syslog-ng stores outgoing +A part of the memory of the host where {{ site.product.short_name }} stores outgoing log messages if the destination cannot accept the messages immediately. ### output queue -Messages from the output queue are sent to the target syslog-ng server. -The syslog-ng application puts the outgoing messages directly into the output +Messages from the output queue are sent to the target {{ site.product.short_name }} server. +The {{ site.product.short_name }} application puts the outgoing messages directly into the output queue, unless the output queue is full. The output queue can hold 64 messages, this is a fixed value and cannot be modified. @@ -264,8 +264,8 @@ strings. ## relay mode -In relay mode, syslog-ng receives logs through the network from syslog-ng -clients and forwards them to the central syslog-ng server using a +In relay mode, {{ site.product.short_name }} receives logs through the network from syslog-ng +clients and forwards them to the central {{ site.product.short_name }} server using a network connection. ### rewrite rule @@ -280,8 +280,8 @@ Software-as-a-Service. ### server mode -In server mode, syslog-ng acts as a central log-collecting server. It -receives messages from syslog-ng clients and relays over the network, +In server mode, {{ site.product.short_name }} acts as a central log-collecting server. It +receives messages from {{ site.product.short_name }} clients and relays over the network, and stores them locally in files, or passes them to other applications, for example, log analyzers. @@ -292,7 +292,7 @@ Used to design the online output window. ### Snippet Flare file type that can be used to reuse content. The -One Identity syslog-ng OSE contains various default snippets. +One Identity {{ site.product.short_name }} contains various default snippets. ### source @@ -318,7 +318,7 @@ See TLS. ### syslog-ng -The syslog-ng application is a flexible and highly scalable system +The {{ site.product.short_name }} application is a flexible and highly scalable system logging application, typically used to manage log messages and implement centralized logging. @@ -329,19 +329,19 @@ application for the Microsoft Windows platform. It collects the log messages of the Windows-based host and forwards them to a syslog-ng server using regular or SSL-encrypted TCP connections. -### syslog-ng client +### {{ site.product.short_name }} client -A host running syslog-ng in client mode. +A host running {{ site.product.short_name }} in client mode. -### syslog-ng Open Source Edition +### {{ site.product.name }} -The syslog-ng Open Source Edition (syslog-ng OSE) application is a flexible +The {{ site.product.short_name }} application is a flexible and highly scalable system logging application that is ideal for creating -centralized and trusted logging solutions, for more, see What syslog-ng is. +centralized and trusted logging solutions, for more, see What {{ site.product.short_name }} is. -### syslog-ng OSE +### {{ site.product.short_name }} -See syslog-ng Open Source Edition +See {{ site.product.name }} ### syslog-ng Premium Edition @@ -349,13 +349,13 @@ The syslog-ng Premium Edition is the commercial version of the open-source application. It offers additional features, like encrypted message transfer and an agent for Microsoft Windows platforms. -### syslog-ng relay +### {{ site.product.short_name }} relay -A host running syslog-ng in relay mode. +A host running {{ site.product.short_name }} in relay mode. -### syslog-ng server +### {{ site.product.short_name }} server -A host running syslog-ng in server mode. +A host running {{ site.product.short_name }} in server mode. ## T diff --git a/doc/_admin-guide/README.md b/doc/_admin-guide/README.md index a519dc84..b32b979b 100644 --- a/doc/_admin-guide/README.md +++ b/doc/_admin-guide/README.md @@ -2,10 +2,8 @@ title: syslog-ng Open Source Edition Administration Guides id: adm-guide description: >- - Welcome to the syslog-ng Open Source Edition 4.6 Administration Guide. - This document describes how to configure and manage syslog-ng Open - Source Edition (syslog-ng OSE). Background information for the - technology and concepts used by the product is also discussed. + Welcome to the {{ site.product.name }} 4.6 Administration Guide. + This document describes how to configure and manage {{ site.product.name }} ({{ site.product.short_name }}). Background information for the technology and concepts used by the product is also discussed. --- ## Target audience @@ -16,7 +14,7 @@ centers. It is also useful for IT decision makers looking for a tool to implement centralized logging in heterogeneous environments. The following skills and knowledge are necessary for a successful -syslog-ng administrator: +{{ site.product.short_name }} administrator: - At least basic system administration knowledge. @@ -33,5 +31,5 @@ syslog-ng administrator: ## Acknowledgements -One Identity would like to express its gratitude to the syslog-ng users -and the syslog-ng community for their invaluable help and support. +One Identity would like to express its gratitude to the {{ site.product.short_name }} users +and the {{ site.product.short_name }} community for their invaluable help and support. diff --git a/doc/_dev-guide/README.md b/doc/_dev-guide/README.md index b3a7a7e0..5db844f4 100644 --- a/doc/_dev-guide/README.md +++ b/doc/_dev-guide/README.md @@ -15,12 +15,12 @@ id: dev-guide The syslog-ng team has started this guide to widen the community of contributors by providing a short and fair description to the project. This document was written for users and developers. You can find sections -about installing syslog-ng, others are for introducing you to the tools and techniques we use. +about installing {{ site.product.short_name }}, others are for introducing you to the tools and techniques we use. We hope that you will find this useful and will be ready to create your own ideas. Feel free to contribute and propose your chapter ideas. -## The syslog-ng project +## The {{ site.product.short_name }} project [![Build Status](https://github.com/syslog-ng/syslog-ng/actions/workflows/devshell.yml/badge.svg)][gh:ose-monitor] diff --git a/doc/_dev-guide/chapter_0/README.md b/doc/_dev-guide/chapter_0/README.md index 749c48a6..f2797f36 100644 --- a/doc/_dev-guide/chapter_0/README.md +++ b/doc/_dev-guide/chapter_0/README.md @@ -1,9 +1,9 @@ --- -title: Install syslog-ng on different platforms +title: Install {{ site.product.short_name }} on different platforms id: dev-install-syslog-ng --- -The sections under this chapter give you step-by-step guides to install syslog-ng on different platforms. +The sections under this chapter give you step-by-step guides to install {{ site.product.short_name }} on different platforms. Feel free to write new sections that helps the members of the community to get started with syslog-ng. Installation guides using packages and source are also welcome. diff --git a/doc/_dev-guide/chapter_0/section_1.md b/doc/_dev-guide/chapter_0/section_1.md index b068cf54..1183e9a4 100644 --- a/doc/_dev-guide/chapter_0/section_1.md +++ b/doc/_dev-guide/chapter_0/section_1.md @@ -8,14 +8,14 @@ id: dev-inst-debuan-ubuntu ## Introduction -This chapter describes how you can install syslog-ng on Debian and on Ubuntu +This chapter describes how you can install {{ site.product.short_name }} on Debian and on Ubuntu operating systems from our APT repository. ## syslog-ng -## Install syslog-ng from APT repository +## Install {{ site.product.short_name }} from APT repository -The syslog-ng team has an unofficial APT repository hosted by OBS for Debian and Ubuntu. +The {{ site.product.short_name }} team has an unofficial APT repository hosted by OBS for Debian and Ubuntu. Available versions in the OBS repository : * 3.6.4 @@ -60,7 +60,7 @@ Repositories are available [here][ref:obs-lbudai-36] and [here][ref:obs-lbudai-3 * syslog-ng-mod-http * syslog-ng-mod-kafka -### Available modules from syslog-ng Incubator for the 3.6 series +### Available modules from {{ site.product.short_name }} Incubator for the 3.6 series * syslog-ng-mod-basicfuncs-plus * syslog-ng-mod-java diff --git a/doc/_dev-guide/chapter_0/section_2.md b/doc/_dev-guide/chapter_0/section_2.md index af9cfa94..41a1244e 100644 --- a/doc/_dev-guide/chapter_0/section_2.md +++ b/doc/_dev-guide/chapter_0/section_2.md @@ -5,23 +5,23 @@ id: dev-inst-suse ## Introduction -The syslog-ng application has been available in openSUSE and SLES for many years. The included version usually lags behind a version or more. Up to date syslog-ng packages for recent openSUSE and SLES releases are available in the [OBS repositories of Peter Czanik](https://build.opensuse.org/project/subprojects/home:czanik). Depending on the distribution release, syslog-ng, Rsyslog or systemd's journald (package `systemd-logger`) are installed as the default logging solution. +The {{ site.product.short_name }} application has been available in openSUSE and SLES for many years. The included version usually lags behind a version or more. Up to date {{ site.product.short_name }} packages for recent openSUSE and SLES releases are available in the [OBS repositories of Peter Czanik](https://build.opensuse.org/project/subprojects/home:czanik). Depending on the distribution release, {{ site.product.short_name }}, Rsyslog or systemd's journald (package `systemd-logger`) are installed as the default logging solution. None of these packages are officially supported by Balabit, but we try to help resolving problems with our best effort. -## Using the latest syslog-ng version +## Using the latest {{ site.product.short_name }} version -If you want to install the latest available syslog-ng version, add one of the [OBS repositories of Peter Czanik](https://build.opensuse.org/project/subprojects/home:czanik) first. For version 3.6 use the following command: +If you want to install the latest available {{ site.product.short_name }} version, add one of the [OBS repositories of Peter Czanik](https://build.opensuse.org/project/subprojects/home:czanik) first. For version 3.6 use the following command: ```shell zypper ar http://download.opensuse.org/repositories/home:/czanik:/syslog-ng36/openSUSE_13.2/ syslog-ng36 ``` -This command line refers to the latest distribution of syslog-ng versions at the time of writing. You might need to change either one or both version numbers. You can skip this step, if you do not need the latest syslog-ng version. +This command line refers to the latest distribution of {{ site.product.short_name }} versions at the time of writing. You might need to change either one or both version numbers. You can skip this step, if you do not need the latest {{ site.product.short_name }} version. ## Checking available subpackages -The syslog-ng package on openSUSE is organized into a core package called `syslog-ng` and sub packages with extra dependencies. You can search for a full list of packages using `zypper`: +The {{ site.product.short_name }} package on openSUSE is organized into a core package called `syslog-ng` and sub packages with extra dependencies. You can search for a full list of packages using `zypper`: ```shell linux-uv4b:~ # zypper se syslog-ng diff --git a/doc/_dev-guide/chapter_0/section_3.md b/doc/_dev-guide/chapter_0/section_3.md index 122d8e27..561abdcd 100644 --- a/doc/_dev-guide/chapter_0/section_3.md +++ b/doc/_dev-guide/chapter_0/section_3.md @@ -2,14 +2,14 @@ title: macOS id: dev-inst-macos description: >- - The syslog-ng application has been resurrected on macOS by our developer team. + The {{ site.product.short_name }} application has been resurrected on macOS by our developer team. We hope our product can be useful for Mac users who want to increase the security of their system through reliable logging. --- -At present we are not supporting macOS syslog-ng on our [[official repository|gh-syslog-ng]] on GitHub. However, you can install pre-built syslog-ng binaries from various sources or can compile yourself following [[this guide|dev-platform-build-macos#compiling-from-source]]. +At present we are not supporting macOS {{ site.product.short_name }} on our [[official repository|gh-syslog-ng]] on GitHub. However, you can install pre-built {{ site.product.short_name }} binaries from various sources or can compile yourself following [[this guide|dev-platform-build-macos#compiling-from-source]]. -If you want to install syslog-ng on macOS you can use multiple packaga managers e.g. Homebrew +If you want to install {{ site.product.short_name }} on macOS you can use multiple packaga managers e.g. Homebrew ### Homebrew @@ -22,7 +22,7 @@ Homebrew has now different home directories on ARM and X86 systems, also the loc ### Checking dependencies -The syslog-ng package on macOS in homebrew is organized into a formula called `syslog-ng`. +The {{ site.product.short_name }} package on macOS in homebrew is organized into a formula called `syslog-ng`. For checking [[dependencies|dev-platform-build-macos#dependencies]] of it you can use @@ -30,7 +30,7 @@ For checking [[dependencies|dev-platform-build-macos#dependencies]] of it you ca brew deps syslog-ng ``` -This will list all the required dependencies are needed to run syslog-ng, and homebrew would install automatically as needed. +This will list all the required dependencies are needed to run {{ site.product.short_name }}, and homebrew would install automatically as needed. ### Installation @@ -40,7 +40,7 @@ Using homebrew it is simple, use brew install syslog-ng ``` -This command line refers to the latest distribution of syslog-ng versions at the time of writing, and usually updated quickly by the homwbrew crew after a new release. +This command line refers to the latest distribution of {{ site.product.short_name }} versions at the time of writing, and usually updated quickly by the homwbrew crew after a new release. ### Starting syslog-ng @@ -58,9 +58,9 @@ To see more details you can specify some debug flags, like ${HOMEBREW_PREFIX}/sbin/syslog-ng -Fdevt ``` -this will give you detailed information of what syslog-ng does. +this will give you detailed information of what {{ site.product.short_name }} does. -### Running syslog-ng as daemon +### Running {{ site.product.short_name }} as daemon You can start it manually as a backround daemon @@ -68,7 +68,7 @@ You can start it manually as a backround daemon ${HOMEBREW_PREFIX}/sbin/syslog-ng ``` -however this is not a persistent state, after a system restart syslog-ng will not start automatically by default. +however this is not a persistent state, after a system restart {{ site.product.short_name }} will not start automatically by default. To run it as a daemon that will automatically start at system startup and is kept alive you can use `launchd` diff --git a/doc/_dev-guide/chapter_0/section_4.md b/doc/_dev-guide/chapter_0/section_4.md index 76ad1b3c..d1c7bab7 100644 --- a/doc/_dev-guide/chapter_0/section_4.md +++ b/doc/_dev-guide/chapter_0/section_4.md @@ -5,11 +5,11 @@ id: dev-inst-freebsd ## Introduction -The syslog-ng application has been available in FreeBSD ports for many years. Recently, thanks to the hard work of the FreeBSD team, syslog-ng is also available as a ready-to-install package. +The {{ site.product.short_name }} application has been available in FreeBSD ports for many years. Recently, thanks to the hard work of the FreeBSD team, {{ site.product.short_name }} is also available as a ready-to-install package. -The default configuration for `syslog-ng` in ports contains only the most important dependencies. If you use a package, this is how your package is configured. This covers the needs of most syslog-ng users. If you need a specific feature not available with the default configuration in ports, you need to compile syslog-ng yourself. +The default configuration for `syslog-ng` in ports contains only the most important dependencies. If you use a package, this is how your package is configured. This covers the needs of most {{ site.product.short_name }} users. If you need a specific feature not available with the default configuration in ports, you need to compile {{ site.product.short_name }} yourself. -The following list shows the available syslog-ng and related ports in FreeBSD, by the time of writing this chapter: +The following list shows the available {{ site.product.short_name }} and related ports in FreeBSD, by the time of writing this chapter: * syslog-ng: the latest stable version (not necesseraly a .1 :-) ) * syslog-ng-devel: the latest development version (alpha/beta and usually .1 too...) @@ -25,7 +25,7 @@ You can view the current list of available ports by looking into `/usr/ports/sys None of these packages are officially supported by Balabit, but we try to help resolving problems with our best effort. -## Installing syslog-ng from package +## Installing {{ site.product.short_name }} from package The following command will install `syslog-ng` and all necessary dependencies: @@ -35,7 +35,7 @@ pkg install syslog-ng _Note:_ Installation does not start `syslog-ng` or enables it to start automagically. -## Compiling syslog-ng from ports +## Compiling {{ site.product.short_name }} from ports These are the minimal steps to compile `syslog-ng` from ports with features and dependencies you need. @@ -86,7 +86,7 @@ May 19 11:57:18 fb101r root: this is a test root@fb101r:/usr/ports/sysutils/syslog-ng # ``` -## Enable syslog-ng to start by default +## Enable {{ site.product.short_name }} to start by default Enable `syslog-ng` to start by default with the following two lines appended to `/etc/rc.conf`: @@ -97,4 +97,4 @@ syslog_ng_enable="YES _Note:_ for more information read the [run first](https://github.com/syslog-ng/doc/blob/develop/pages/dev-guide/chapter_\_0/chapters/chapter\_2/README.md) guide. -_Note:_ for more information read the syslog-ng [documentation](http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html) +_Note:_ for more information read the {{ site.product.short_name }} [documentation](http://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html-single/index.html) diff --git a/doc/_dev-guide/chapter_1/section_1.md b/doc/_dev-guide/chapter_1/section_1.md index f7ff21a1..37684973 100644 --- a/doc/_dev-guide/chapter_1/section_1.md +++ b/doc/_dev-guide/chapter_1/section_1.md @@ -6,7 +6,7 @@ id: dev-struct-proj The following directories are the most substantial ones: * `lib/`: common source code used by syslog-ng -* `modules/`: each module in syslog-ng has a directory here, like `redis` +* `modules/`: each module in {{ site.product.short_name }} has a directory here, like `redis` * `syslog-ng`: the source code of the `syslog-ng` binary * `syslog-ng-ctl`: the source code of the `syslog-ng-ctl` command line utility * `tests`: the home of unit tests and functional tests (but there are tests next to their tested functionality) diff --git a/doc/_dev-guide/chapter_2/README.md b/doc/_dev-guide/chapter_2/README.md index 220c2853..26d24380 100644 --- a/doc/_dev-guide/chapter_2/README.md +++ b/doc/_dev-guide/chapter_2/README.md @@ -5,5 +5,5 @@ id: dev-compile-first This chapter describes the building and testing process of syslog-ng. -If you want to develop syslog-ng, you should be familiar with building syslog-ng +If you want to develop {{ site.product.short_name }}, you should be familiar with building syslog-ng from source. diff --git a/doc/_dev-guide/chapter_2/section_1.md b/doc/_dev-guide/chapter_2/section_1.md index a4ee9ce0..44e80350 100644 --- a/doc/_dev-guide/chapter_2/section_1.md +++ b/doc/_dev-guide/chapter_2/section_1.md @@ -20,7 +20,7 @@ id: dev-comp-deps [gh:criterion]: http://github.com/Snaipe/Criterion [ref:libxml2]: http://www.xmlsoft.org/ -Like every project, syslog-ng also uses other libraries and projects. +Like every project, {{ site.product.short_name }} also uses other libraries and projects. That is why these dependencies must be fetched before compiling. In this section we list these libraries and version restrictions. diff --git a/doc/_dev-guide/chapter_2/section_2/README.md b/doc/_dev-guide/chapter_2/section_2/README.md index 54eeb234..9c7e4023 100644 --- a/doc/_dev-guide/chapter_2/section_2/README.md +++ b/doc/_dev-guide/chapter_2/section_2/README.md @@ -24,7 +24,7 @@ This script will clone the Git submodules and initialize the build system. The result of the execution should be a `configure` script. 1. Create build directory -We prefer to build syslog-ng in a dedicated directory, so your Git repo is kept +We prefer to build {{ site.product.short_name }} in a dedicated directory, so your Git repo is kept tidy. ``` shell @@ -56,7 +56,7 @@ but `make -j` does not, that is a bug. ### Expected outcome -You should have a freshly built syslog-ng by the end of this step. +You should have a freshly built {{ site.product.short_name }} by the end of this step. ## Cleanup diff --git a/doc/_dev-guide/chapter_2/section_2/compile-options.md b/doc/_dev-guide/chapter_2/section_2/compile-options.md index 321d3757..0898deda 100644 --- a/doc/_dev-guide/chapter_2/section_2/compile-options.md +++ b/doc/_dev-guide/chapter_2/section_2/compile-options.md @@ -3,7 +3,7 @@ title: Compiling options of syslog-ng id: dev-comp-opts --- -When compiling syslog-ng OSE from source, you can use the following +When compiling {{ site.product.short_name }} from source, you can use the following compiling options. - *\--enable-all-modules* This option will turn on or off all modules @@ -35,14 +35,14 @@ compiling options. - *\--enable-amqp* Enable the amqp destination (enabled by default). The source of the RabbitMQ client is included in the source code - package of syslog-ng OSE. To use an external client instead, use the + package of {{ site.product.short_name }}. To use an external client instead, use the **\--with-librabbitmq-client=system** compiling option. For details on using this destination, see [[amqp: Publishing messages using AMQP]]. - *\--enable-debug* Include debug information. -- *\--enable-dynamic-linking* Compile syslog-ng as a completely - dynamic binary. If not specified syslog-ng uses mixed linking +- *\--enable-dynamic-linking* Compile {{ site.product.short_name }} as a completely + dynamic binary. If not specified {{ site.product.short_name }} uses mixed linking (\--enable-mixed-linking): it links dynamically to system libraries and statically to everything else. @@ -66,7 +66,7 @@ compiling options. and format-json template functions. - *\--enable-linux-caps* Enable support for capabilities on Linux. For details, - see The syslog-ng manual page. + see The {{ site.product.short_name }} manual page. - *\--enable-mongodb* Enable the mongodb destination (enabled by default). To use mongodb(), an external MongoDB client is needed. @@ -124,7 +124,7 @@ compiling options. - *\--with-ivykis* Specifies which ivykis implementation to use (default value: internal). The source of ivykis is included in the - source code package of syslog-ng OSE and is used by default. To use + source code package of {{ site.product.short_name }} and is used by default. To use an external implementation instead, use the **\--with-ivykis=system** compiling option. @@ -138,21 +138,21 @@ compiling options. - *\--with-librabbitmq-client* Specifies which RabbitMQ client to use (default value: internal). The source of the rabbitmq client is - included in the source code package of syslog-ng OSE and is used by + included in the source code package of {{ site.product.short_name }} and is used by default. To use an external client instead, use the **\--with-librabbitmq-client=system** compiling option. For details on using this destination, see [[amqp: Publishing messages using AMQP]]. - *\--with-module-dir* Specifies a single directory where the - syslog-ng OSE Makefile will install the modules. + {{ site.product.short_name }} Makefile will install the modules. -- *\--module-install-dir* Specifies syslog-ng OSE\'s module +- *\--module-install-dir* Specifies {{ site.product.short_name }}\'s module installation directory (normally $prefix/lib/syslog-ng). All Java-based SCLs use this option. - *\--with-module-path* Specifies a colon-separated (:) list of - directories, where the syslog-ng OSE binary will search for modules. + directories, where the {{ site.product.short_name }} binary will search for modules. - *\--with-net-snmp* Specifies the path to the libsnmp-dev library, required for the snmp() destination. @@ -160,7 +160,7 @@ compiling options. - *\--with-python* Specifies which Python version to use, for example, **\--with-python=2.7** -- *\--with-timezone-dir* Specifies the directory where syslog-ng looks +- *\--with-timezone-dir* Specifies the directory where {{ site.product.short_name }} looks for the timezone files to resolve the time-zone() and local-time-zone() options. If not specified, the /opt/syslog-ng/share/zoneinfo/ and /usr/share/zoneinfo/ directories diff --git a/doc/_dev-guide/chapter_2/section_4.md b/doc/_dev-guide/chapter_2/section_4.md index 14dbf6b4..832e9e3c 100644 --- a/doc/_dev-guide/chapter_2/section_4.md +++ b/doc/_dev-guide/chapter_2/section_4.md @@ -3,5 +3,5 @@ title: Install id: dev-install --- -You can install your freshly built syslog-ng with `make install`. Note that +You can install your freshly built {{ site.product.short_name }} with `make install`. Note that the files will be copied under `$prefix` (what you have set for `configure` with `--prefix=`). diff --git a/doc/_dev-guide/chapter_3/section_3.md b/doc/_dev-guide/chapter_3/section_3.md index dfe6b99a..ff1ffe89 100644 --- a/doc/_dev-guide/chapter_3/section_3.md +++ b/doc/_dev-guide/chapter_3/section_3.md @@ -5,12 +5,12 @@ id: dev-debugging [ref:img1]: {{dev_img_folder}}/module-support/massif_visualizer.png -I suppose you have already cloned syslog-ng into a local repository and you +I suppose you have already cloned {{ site.product.short_name }} into a local repository and you have all tools and libraries installed to compile syslog-ng. ## Creating debug builds -You need to have debug symbols included in syslog-ng in order to debug it +You need to have debug symbols included in {{ site.product.short_name }} in order to debug it "efficiently". Step into your local clone and type the following commands: ```shell @@ -25,18 +25,18 @@ $ sudo make install The point is to pass the `--enable-debug` parameter to the `configure` script. These commands will create a debug build under the `build` directory and -install syslog-ng under a system specific directory. Installation will require +install {{ site.product.short_name }} under a system specific directory. Installation will require superuser privileges. ## Installing and running without superuser privileges -You may need to test syslog-ng without having superuser privileges. You can -install syslog-ng into a custom location and run it without any privilege. This +You may need to test {{ site.product.short_name }} without having superuser privileges. You can +install {{ site.product.short_name }} into a custom location and run it without any privilege. This solution is fine until you need to read from `/dev/log` or listen to ports under 1024. You can set the install location before the compilation process, just pass a -`--prefix=` parameter to the +`--prefix=` parameter to the `configure` script. ``` @@ -49,11 +49,11 @@ $ make install ``` This way the `make install` command will not require superuser privileges and you can have -multiple versions from syslog-ng on your computer. +multiple versions from {{ site.product.short_name }} on your computer. # Finding bugs -Unfortunately every software has bugs and syslog-ng is not an exception. When +Unfortunately every software has bugs and {{ site.product.short_name }} is not an exception. When you report the problem to the developers they might need some extra information to reproduce the issue in-house. In this section we introduce you to some frequently used tools which may greatly simplify the bug hunting. @@ -81,12 +81,12 @@ On CentOS 7 just execute: # yum install valgrind ``` -## Running syslog-ng under valgrind +## Running {{ site.product.short_name }} under valgrind -You can run syslog-ng under valgrind with the following command. +You can run {{ site.product.short_name }} under valgrind with the following command. ``` -G_SLICE=always-malloc valgrind --leak-check=full /sbin/syslog-ng -F +G_SLICE=always-malloc valgrind --leak-check=full /sbin/syslog-ng -F ``` You may use other parameters. The `G_SLICE` environment variable makes the @@ -148,12 +148,12 @@ make && make install You may use other paths, not just `/home/heaptrack`. -## Running syslog-ng with `heaptrack` +## Running {{ site.product.short_name }} with `heaptrack` -You can run syslog-ng with heaptrack with the following command: +You can run {{ site.product.short_name }} with heaptrack with the following command: ``` -heaptrack /sbin/syslog-ng -F +heaptrack /sbin/syslog-ng -F ``` It will create a gzip file and after you stopped it, it prints something like this: diff --git a/doc/_dev-guide/chapter_4/README.md b/doc/_dev-guide/chapter_4/README.md index bb3747b2..867540a2 100644 --- a/doc/_dev-guide/chapter_4/README.md +++ b/doc/_dev-guide/chapter_4/README.md @@ -3,4 +3,4 @@ title: Create platform specific builds id: dev-platform-build --- -In this chapter we would like to give some hints about how to build syslog-ng on different platforms from source. +In this chapter we would like to give some hints about how to build {{ site.product.short_name }} on different platforms from source. diff --git a/doc/_dev-guide/chapter_4/section_2/README.md b/doc/_dev-guide/chapter_4/section_2/README.md index 20c3b57f..b037de50 100644 --- a/doc/_dev-guide/chapter_4/section_2/README.md +++ b/doc/_dev-guide/chapter_4/section_2/README.md @@ -2,21 +2,21 @@ title: Building on macOS short_title: macOS description: >- - The syslog-ng application has been resurrected on macOS by our developer team.
    + The {{ site.product.short_name }} application has been resurrected on macOS by our developer team.
    We hope our product can be useful for Mac users who want to increase the security of their system through reliable logging. id: dev-platform-build-macos --- ## Introduction -At present we are not supporting macOS syslog-ng on our [[official repository|gh-syslog-ng]] on GitHub. However, you can compile syslog-ng yourself following this guide. +At present we are not supporting macOS {{ site.product.short_name }} on our [[official repository|gh-syslog-ng]] on GitHub. However, you can compile {{ site.product.short_name }} yourself following this guide. **Note:** The guide is tested on ARM macOS Sonoma 14.2.1, Ventura 13.4, and Intel macOS Monterey 12.6.6 machines, we do our bests to keep it update, but your actual system may require additional steps or slightly different settings. {: .notice} ## Compiling from source -Like every project syslog-ng also uses different libraries and build-systems that must be installed for compiling and running properly. These dependencies can be satisfied by compiling every-each libs and tools manually, but it might be preferred to do it the easy way. Homebrew is a package manager for macOS that has great community and support. You can also use it to install the dependencies you need. +Like every project {{ site.product.short_name }} also uses different libraries and build-systems that must be installed for compiling and running properly. These dependencies can be satisfied by compiling every-each libs and tools manually, but it might be preferred to do it the easy way. Homebrew is a package manager for macOS that has great community and support. You can also use it to install the dependencies you need. ### Dependencies @@ -25,7 +25,7 @@ Like every project syslog-ng also uses different libraries and build-systems tha **Hint:** Don't forget to set up the homebrew environment, follow the instructions in your terminal! [[Here|homebrew-inst-detailed]] you can find an even more detailed instruction about the topic. {: .notice--info} - **Note:** This will install **Command Line Tools for Xcode** as well if not already presented on the system that would also be required anyway for a seamless syslog-ng build. + **Note:** This will install **Command Line Tools for Xcode** as well if not already presented on the system that would also be required anyway for a seamless {{ site.product.short_name }} build. {: .notice} 2. Perform `brew update` if you have not done it yet. @@ -59,7 +59,7 @@ Like every project syslog-ng also uses different libraries and build-systems tha * criterion * gcc@11 -**Hint:** If you you have [[syslog-ng installed via brew|dev-inst-macos#installation]], as a reference, you can check the dependencies of the brew built version using `brew deps syslog-ng` +**Hint:** If you you have [[{{ site.product.short_name }} installed via brew|dev-inst-macos#installation]], as a reference, you can check the dependencies of the brew built version using `brew deps syslog-ng` {: .notice--info} This is how it might look like if you start from the ground: @@ -85,7 +85,7 @@ brew install \ openssl \ pcre \ pkg-config \ - # Optional syslog-ng module dependencies + # Optional {{ site.product.short_name }} module dependencies hiredis \ # Do not use the homebrew provided one, see bellow! # libdbi @@ -107,7 +107,7 @@ brew install \ > * bison is required to be installed when using homebrew, because the options provided by Apple Developer Tools are incomplete. (for example: missing -W option) The reason is why bison is ?>required to be installed from homebrew is that the -W option is supported only after 2.3. > * net-snmp might be needed as well when using homebrew, because the options provided by Apple Developer Tools are bogus a bit. The reason is why net-snmp might be required from homebrew is that the by default provided pkgconfig might give back bogus lib and include values. > * openssl - since macOS provides LibreSSL by default, you might need to expand the search path of pkg-config to find the freshly installed openSSL, see bellow. (seems it was an issue only with 1.1.x version of openssl) -> * libdbi and libdbi-drivers are [[maintained and updated|dev-macos-mod-sup-afsql#dependencies]] in syslog-ng OSE repositories, use the latest master version from there +> * libdbi and libdbi-drivers are [[maintained and updated|dev-macos-mod-sup-afsql#dependencies]] in {{ site.product.short_name }} repositories, use the latest master version from there > * actual state of supported features, and the required dependencies can also be found [[here|dev-macos-mod-sup-status]]. {: .notice} @@ -153,7 +153,7 @@ brew install \ ### Getting the source -To get the latest master from syslog-ng git you can use +To get the latest master from {{ site.product.short_name }} git you can use ```shell cd YOUR_PREFERRED_WORKING_DIR # Replace `YOUR_PREFERRED_WORKING_DIR` with your actual preferred working dir @@ -162,7 +162,7 @@ git clone https://github.com/syslog-ng/syslog-ng . ### Select the compiler -Latest version of syslog-ng [has dropped support of gcc](https://github.com/syslog-ng/syslog-ng/pull/4897), so now the platform default llvm/clang must be used to complie the source +Latest version of {{ site.product.short_name }} [has dropped support of gcc](https://github.com/syslog-ng/syslog-ng/pull/4897), so now the platform default llvm/clang must be used to complie the source To make sure clang is used (optional) you can use: @@ -248,5 +248,5 @@ make check -j4 `/full_path_of/installdir`/syslog-ng -F ``` -**Note:** For more information read the [[run first|dev-run-first]] guide and the syslog-ng [[documentation|adm-guide]] +**Note:** For more information read the [[run first|dev-run-first]] guide and the {{ site.product.short_name }} [[documentation|adm-guide]] {: .notice} diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/README.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/README.md index 9bfa4f9c..ddea3abf 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/README.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/README.md @@ -10,9 +10,9 @@ The [[original testing|soc-macos-module-testing]] was made by Yash Mathne, and w ### Testing Methodology -Only the building and the corresponding unit tests are guaranteed on x86 macOS. This is a documentation of the tests done on the various sub-components of syslog-ng on both the architectures. +Only the building and the corresponding unit tests are guaranteed on x86 macOS. This is a documentation of the tests done on the various sub-components of {{ site.product.short_name }} on both the architectures. -Syslog-ng is composed of various modules, each with its own set of plugins. Plugins are primarily one of the following types: +{{ site.product.short_name }} is composed of various modules, each with its own set of plugins. Plugins are primarily one of the following types: * Source Drivers * Destination Drivers diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/affile/stdin-source-driver.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/affile/stdin-source-driver.md index 442c8be6..fde7187f 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/affile/stdin-source-driver.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/affile/stdin-source-driver.md @@ -6,7 +6,7 @@ id: dev-macos-mod-sup-stdin ### Important Information -When the standard input stream is closed, syslog-ng stops and stdin() inherits all options from the file() source, including multi-line options, or flags(no-parse). The stdin() driver causes syslog-ng to exit once it hits end-of-file (EOF). +When the standard input stream is closed, {{ site.product.short_name }} stops and stdin() inherits all options from the file() source, including multi-line options, or flags(no-parse). The stdin() driver causes {{ site.product.short_name }} to exit once it hits end-of-file (EOF). ### Status diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/affile/wildcard_file-source-driver.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/affile/wildcard_file-source-driver.md index 81ee1143..faf40ea4 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/affile/wildcard_file-source-driver.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/affile/wildcard_file-source-driver.md @@ -2,7 +2,7 @@ title: wildcard\_file() Source Driver description: >- The wildcard-file() source collects log messages from multiple plain-text - files from multiple directories.The syslog-ng OSE application notices if a + files from multiple directories.The {{ site.product.short_name }} application notices if a file is renamed or replaced with a new file. id: dev-macos-mod-sup-wildcard --- @@ -16,7 +16,7 @@ id: dev-macos-mod-sup-wildcard ### Important Information -When syslog-ng OSE is restarted, it records the position of the last sent log message in the persist file, and continues to send messages from this position after the restart. The location of the persist file depends on the package you installed syslog-ng OSE from. +When {{ site.product.short_name }} is restarted, it records the position of the last sent log message in the persist file, and continues to send messages from this position after the restart. The location of the persist file depends on the package you installed {{ site.product.short_name }} from. ### How to test diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afmongodb.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afmongodb.md index cecabdcd..52682c42 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afmongodb.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afmongodb.md @@ -8,7 +8,7 @@ id: dev-macos-mod-sup-afmongodb ### Important Information -The syslog-ng OSE mongodb() driver is compatible with MongoDB server version 1.4 and newer. Using mongo() without any parameters uses the following default values: +The {{ site.product.short_name }} mongodb() driver is compatible with MongoDB server version 1.4 and newer. Using mongo() without any parameters uses the following default values: ```config destination d_mongodb { diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afprog/program-destination-driver.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afprog/program-destination-driver.md index 10124091..43342792 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afprog/program-destination-driver.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afprog/program-destination-driver.md @@ -8,7 +8,7 @@ id: dev-macos-mod-sup-prog_dest ### Important Information -Usually, every message is a single line (ending with a newline character), which your script can process. Make sure that your script runs in a loop and keeps reading the standard input — it should not exit. (If your script exits, syslog-ng OSE tries to restart it.) +Usually, every message is a single line (ending with a newline character), which your script can process. Make sure that your script runs in a loop and keeps reading the standard input — it should not exit. (If your script exits, {{ site.product.short_name }} tries to restart it.) ### Status diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/README.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/README.md index 8cbbcc2c..81486b31 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/README.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/README.md @@ -1,7 +1,7 @@ --- title: afsocket description: >- - The afsocket module provides socket based transports for syslog-ng, such as + The afsocket module provides socket based transports for {{ site.product.short_name }}, such as the udp(), tcp() and syslog() drivers. This module is compiled with SSL support. id: dev-macos-mod-sup-afsocket diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/network-destination-driver.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/network-destination-driver.md index b307238a..09433311 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/network-destination-driver.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/network-destination-driver.md @@ -15,7 +15,7 @@ id: dev-macos-mod-sup-net-dest | TCP | ARM | Works | **Note**\ -The network destination driver also includes TCP transmission on a TLS-encrypted channel, however, this is tested and verified in a separate post dealing with TLS-encryption with syslog-ng [here](tls-encryption/). +The network destination driver also includes TCP transmission on a TLS-encrypted channel, however, this is tested and verified in a separate post dealing with TLS-encryption with {{ site.product.short_name }} [here](tls-encryption/). ### How to Test diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/network-source-driver.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/network-source-driver.md index 37159cc4..66a46d70 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/network-source-driver.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/network-source-driver.md @@ -16,13 +16,13 @@ id: dev-macos-mod-sup-net-src | TCP | ARM | Works | **Note**\ -The network source driver also includes TCP source listening on a TLS-encrypted channel, however, this is tested and verified in a separate post dealing with TLS-encryption with syslog-ng [here](tls-encryption/). +The network source driver also includes TCP source listening on a TLS-encrypted channel, however, this is tested and verified in a separate post dealing with TLS-encryption with {{ site.product.short_name }} [here](tls-encryption/). ### **How to Test** **Configuration File Used** -We can set up our syslog-ng configuration, such that it is listening for TCP and UDP protocol messages on the specified ports. +We can set up our {{ site.product.short_name }} configuration, such that it is listening for TCP and UDP protocol messages on the specified ports. ```config @version: 3.31 @@ -53,9 +53,9 @@ log { **Test Functionality and Proof** -When we run syslog-ng with this configuration file, we will begin a server that listens on the respective ports. We can also use netcat, a tool built into macOS, to connect to the recently opened port from the client-side and test it by sending messages. +When we run {{ site.product.short_name }} with this configuration file, we will begin a server that listens on the respective ports. We can also use netcat, a tool built into macOS, to connect to the recently opened port from the client-side and test it by sending messages. -**Note:** By default, using the network driver will cause syslog-ng to listen on IPv4, which is why we have used the -4 flag with netcat to force IPv4. This can be skipped with TCP as it will try to connect on IPv6, determine this isn’t working, and retry with IPv4. But UDP being connectionless, cannot detect it should fall back to IPv4. +**Note:** By default, using the network driver will cause {{ site.product.short_name }} to listen on IPv4, which is why we have used the -4 flag with netcat to force IPv4. This can be skipped with TCP as it will try to connect on IPv6, determine this isn’t working, and retry with IPv4. But UDP being connectionless, cannot detect it should fall back to IPv4. ![Testing the network() source driver on macOS (x86)](/assets/images/test\_x86.png) diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/syslog-source-destination-driver.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/syslog-source-destination-driver.md index 1af61ba7..741cd26c 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/syslog-source-destination-driver.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/syslog-source-destination-driver.md @@ -13,7 +13,7 @@ Please keep in mind, that the syslog() driver using the standard IEFT-syslog pro > NOTE: \ > The syslog() driver can also receive/send the legacy BSD-syslog-formatted messages.\ > \ -> The syslog driver also includes TCP messaging on a TLS-encrypted channel, however, this is tested and verified in a separate post dealing with TLS-encryption with syslog-ng [here](tls-encryption/). +> The syslog driver also includes TCP messaging on a TLS-encrypted channel, however, this is tested and verified in a separate post dealing with TLS-encryption with {{ site.product.short_name }} [here](tls-encryption/). ### Status diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/tls-encryption/README.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/tls-encryption/README.md index 47c3ccb9..9d3332b9 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/tls-encryption/README.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/afsocket/tls-encryption/README.md @@ -1,7 +1,7 @@ --- title: TLS-Encryption description: >- - The syslog-ng application can send and receive log messages securely over the + The {{ site.product.short_name }} application can send and receive log messages securely over the network using the Transport Layer Security (TLS) protocol using the network() and syslog() drivers. id: dev-macos-mod-sup-tls @@ -18,7 +18,7 @@ id: dev-macos-mod-sup-tls ### How to test -To test TLS-encrypted message transfer, we first need to set up an SSL certificate on the server end and share the public key to the encrypting channel, ie, the clients. This test is using non-mutual authentication. In other words, the clients use the server public key to encrypt the syslog-ng messages sent to the server but the server does not check the identity of the clients. In our test, of course, we will stimulate the server-client set-up by running two instances of syslog-ng. +To test TLS-encrypted message transfer, we first need to set up an SSL certificate on the server end and share the public key to the encrypting channel, ie, the clients. This test is using non-mutual authentication. In other words, the clients use the server public key to encrypt the {{ site.product.short_name }} messages sent to the server but the server does not check the identity of the clients. In our test, of course, we will stimulate the server-client set-up by running two instances of syslog-ng. On a mac system, the default configuration file is stored at `/usr/local/etc`. So we will navigate to this folder and make a folder named SSL to store all that's necessary for TLS encryption. diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/elasticsearch-http.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/elasticsearch-http.md index 1dd192ce..47ec7bb6 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/elasticsearch-http.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/elasticsearch-http.md @@ -8,7 +8,7 @@ id: dev-macos-mod-sup-elasticsearch-http ### Important Information -The syslog-ng OSE elasticsearch-http() driver is compatible withElasticsearch 7.X and newer. To be able to use it, you need HTTP and JSON support enabled in syslog-ng. +The {{ site.product.short_name }} elasticsearch-http() driver is compatible withElasticsearch 7.X and newer. To be able to use it, you need HTTP and JSON support enabled in syslog-ng. ### Status @@ -37,7 +37,7 @@ Or, if you don’t want/need a background service you can just run: `$ elasticsearch` -Once we do this, we can run our syslog-ng instance that is sending logs to an Elasticsearch database. +Once we do this, we can run our {{ site.product.short_name }} instance that is sending logs to an Elasticsearch database. **Configuration File Used** diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/http.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/http.md index aa46008a..26bfc6f9 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/http.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/http.md @@ -23,7 +23,7 @@ id: dev-macos-mod-sup-http ### Testing To test the HTTP destination driver, we need to be able to send the data to a host that can accept the PUT/POST methods and display confirmation of the same. A dummy server python script is shown below to achieve the same. \ -To test this, we will send a PUT/POST request from our syslog-ng to the dummy server we set up and look for the output of the server. +To test this, we will send a PUT/POST request from our {{ site.product.short_name }} to the dummy server we set up and look for the output of the server. #### Server code ( python3 ) diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-destination-driver.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-destination-driver.md index cdefe93e..ff0e5d4f 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-destination-driver.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-destination-driver.md @@ -9,13 +9,13 @@ id: dev-macos-mod-sup-python-dest ### Important Information -* The Python block must be a top-level block in the syslog-ng OSE configuration file.\ +* The Python block must be a top-level block in the {{ site.product.short_name }} configuration file.\ -* If you store the Python code in a separate Python file and only include it in the syslog-ng OSE configuration file, make sure that the PYTHON\_PATH environment variable includes the path to the Python file, and export the PYTHON\_PATH environment variable.\ +* If you store the Python code in a separate Python file and only include it in the {{ site.product.short_name }} configuration file, make sure that the PYTHON\_PATH environment variable includes the path to the Python file, and export the PYTHON\_PATH environment variable.\ -* Starting with 3.26, syslog-ng OSE assigns a persist name to Python sources and destinations. The persist name is generated from the class name. If you want to use the same Python class multiple times in your syslog-ng OSE configuration, add a unique persist-name() to each source or destination, otherwise syslog-ng OSE will not start. +* Starting with 3.26, {{ site.product.short_name }} assigns a persist name to Python sources and destinations. The persist name is generated from the class name. If you want to use the same Python class multiple times in your {{ site.product.short_name }} configuration, add a unique persist-name() to each source or destination, otherwise {{ site.product.short_name }} will not start. -Python destinations consist of two parts. The first is a syslog-ng OSE destination object that you define in your syslog-ng OSE configuration and use in the log path. This object references a Python class, which is the second part of the Python destination. The Python class processes the log messages it receives, and can do virtually anything that you can code in Python. You can either embed the Python class into your syslog-ng OSE configuration file, or store it in an external Python file.\ +Python destinations consist of two parts. The first is a {{ site.product.short_name }} destination object that you define in your {{ site.product.short_name }} configuration and use in the log path. This object references a Python class, which is the second part of the Python destination. The Python class processes the log messages it receives, and can do virtually anything that you can code in Python. You can either embed the Python class into your {{ site.product.short_name }} configuration file, or store it in an external Python file.\ \ For this test, we will embed the Python class into the configuration file. diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-fetcher-source-driver.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-fetcher-source-driver.md index 7738d0d3..f48d3973 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-fetcher-source-driver.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-fetcher-source-driver.md @@ -10,11 +10,11 @@ id: dev-macos-mod-sup-python-fetch * Fetcher-style sources that actively fetch messages. In general, write fetcher-style sources (for example, when using simple blocking APIs), unless you explicitly need a server-style source.\ -* The Python block must be a top-level block in the syslog-ng OSE configuration file.\ +* The Python block must be a top-level block in the {{ site.product.short_name }} configuration file.\ -* If you store the Python code in a separate Python file and only include it in the syslog-ng OSE configuration file, make sure that the PYTHON\_PATH environment variable includes the path to the Python file, and export the PYTHON\_PATH environment variable. +* If you store the Python code in a separate Python file and only include it in the {{ site.product.short_name }} configuration file, make sure that the PYTHON\_PATH environment variable includes the path to the Python file, and export the PYTHON\_PATH environment variable. -Python sources consist of two parts. The first is a syslog-ng OSE source object that you define in your syslog-ng OSE configuration and use in the log path. This object references a Python class, which is the second part of the Python source. The Python class receives or fetches the log messages, and can do virtually anything that you can code in Python. You can either embed the Python class into your syslog-ng OSE configuration file, or store it in an external Python file. For this test, we will embed the Python class into the configuration file. +Python sources consist of two parts. The first is a {{ site.product.short_name }} source object that you define in your {{ site.product.short_name }} configuration and use in the log path. This object references a Python class, which is the second part of the Python source. The Python class receives or fetches the log messages, and can do virtually anything that you can code in Python. You can either embed the Python class into your {{ site.product.short_name }} configuration file, or store it in an external Python file. For this test, we will embed the Python class into the configuration file. ### Status diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-source-driver.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-source-driver.md index a3292873..91ac0687 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-source-driver.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/mod-python/python-source-driver.md @@ -10,12 +10,12 @@ id: dev-macos-mod-sup-python-src * This is used for server-style sources that receive messages. Server-style sources are used for an event-loop based, nonblocking server framework in Python.\ -* The Python block must be a top-level block in the syslog-ng OSE configuration file.\ +* The Python block must be a top-level block in the {{ site.product.short_name }} configuration file.\ -* If you store the Python code in a separate Python file and only include it in the syslog-ng OSE configuration file, make sure that the PYTHON\_PATH environment variable includes the path to the Python file, and export the PYTHON\_PATH environment variable.\ +* If you store the Python code in a separate Python file and only include it in the {{ site.product.short_name }} configuration file, make sure that the PYTHON\_PATH environment variable includes the path to the Python file, and export the PYTHON\_PATH environment variable.\ -Python sources consist of two parts. The first is a syslog-ng OSE source object that you define in your syslog-ng OSE configuration and use in the log path. This object references a Python class, which is the second part of the Python source. The Python class receives or fetches the log messages, and can do virtually anything that you can code in Python. You can either embed the Python class into your syslog-ng OSE configuration file, or store it in an external Python file.\ +Python sources consist of two parts. The first is a {{ site.product.short_name }} source object that you define in your {{ site.product.short_name }} configuration and use in the log path. This object references a Python class, which is the second part of the Python source. The Python class receives or fetches the log messages, and can do virtually anything that you can code in Python. You can either embed the Python class into your {{ site.product.short_name }} configuration file, or store it in an external Python file.\ \ For this test, we will embed the Python class into the configuration file. diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/01_collecting-native-logs.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/01_collecting-native-logs.md index ef9e0183..a434bb3b 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/01_collecting-native-logs.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/01_collecting-native-logs.md @@ -36,24 +36,24 @@ For more info, see [oslog](https://developer.apple.com/documentation/oslog?langu (from latest to oldest) - default value: `no` - `do-not-use-bookmark()` - - boolean value, setting to `yes` will prevent syslog-ng from continuing to + - boolean value, setting to `yes` will prevent {{ site.product.short_name }} from continuing to feed the logs from the last remembered position after a (re-)start, which means, depending on the other settings, the feed will always start from the end/beginning of the available log list - - default value: `no`, which means syslog-ng will attempt to continue feeding from + - default value: `no`, which means {{ site.product.short_name }} will attempt to continue feeding from the last remembered log position after a (re-)start - `max-bookmark-distance()` - integer value, maximum distance in seconds that far an earlier bookmark can point - backward, e.g. if syslog-ng was stopped for 10 minutes and max-bookmark-distance - is set to 60 then syslog-ng will start feeding the logs only from the last 60 + backward, e.g. if {{ site.product.short_name }} was stopped for 10 minutes and max-bookmark-distance + is set to 60 then {{ site.product.short_name }} will start feeding the logs only from the last 60 seconds at startup, 9 minutes of logs 'will be lost' - default value: `0`, which means no limit - `read-old-records()` - - boolean value, controls if syslog-ng should start reading logs from the oldest + - boolean value, controls if {{ site.product.short_name }} should start reading logs from the oldest available at first start (or if no bookmark can be found) - default value: `no` - `fetch-delay()` - - integer value, controls how much time syslog-ng should wait between reading/sending + - integer value, controls how much time {{ site.product.short_name }} should wait between reading/sending log messages, this is a fraction of a second, where wait_time = 1 second / n, so, e.g. n=1 means that only about 1 log will be read and sent in each second, and n=1 000 000 means only 1 microsecond (the allowed minimum value now!) @@ -62,18 +62,18 @@ For more info, see [oslog](https://developer.apple.com/documentation/oslog?langu same time could lead to a heavy system load! - default value: `10 000` - `fetch-retry-delay()` - - integer value, controls how many seconds syslog-ng will wait before a repeated + - integer value, controls how many seconds {{ site.product.short_name }} will wait before a repeated attempt to read/send once it's out of available logs - default value: `1` - `log-fetch-limit()` - **Warning**: _This option is now disabled due to an [OSLog API bug](https://openradar.appspot.com/radar?id=5597032077066240), once it's fixed it_ _will be enabled again_ - - integer value, that limits the number of logs syslog-ng will send in one run + - integer value, that limits the number of logs {{ site.product.short_name }} will send in one run - default value: `0`, which means no limit NOTE: the persistent OSLog store is not infinite, depending on your system setting usually, it keeps about 7 days of logs on disk, so it could happen that the above options cannot -operate the way you expect, e.g. if syslog-ng was stopped for about more then a week it +operate the way you expect, e.g. if {{ site.product.short_name }} was stopped for about more then a week it could happen that will not be able to restart from the last saved bookmark position (as that might not be presented in the persistent log anymore) {: .notice} @@ -83,7 +83,7 @@ could happen that will not be able to restart from the last saved bookmark posit This is a wrapper around the OS command line "log stream" command that can provide a live log stream feed. Unlike in the case of `darwin-oslog()` the live stream can contain non-persistent log events too, so take care, there might be a huge number of log events -every second that could put an unusual load on the device running syslog-ng with this source. +every second that could put an unusual load on the device running {{ site.product.short_name }} with this source. Unfortunately, there's no public API to get the same programmatically, so this one is implemented using a program() source. diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/02_collecting-local-logs.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/02_collecting-local-logs.md index 8df4c79f..6233134a 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/02_collecting-local-logs.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/02_collecting-local-logs.md @@ -6,7 +6,7 @@ description: >- id: dev-macos-local-logs --- -An oversimplification of what the system() source does internally is that it reads the files where the given operating system's stores the logs. Unfortunately, the mapping for the same does not exist anymore for modern macOS operating systems, that resulted in a temporary solution in syslog-ng earlier. +An oversimplification of what the system() source does internally is that it reads the files where the given operating system's stores the logs. Unfortunately, the mapping for the same does not exist anymore for modern macOS operating systems, that resulted in a temporary solution in {{ site.product.short_name }} earlier. On macOS, log files are stored in multiple locations. @@ -14,7 +14,7 @@ On macOS, log files are stored in multiple locations. * `"/Library/Logs"` is the system-wide application log folder. * `"/var/log/syslog.log"` generally contains logs for low-level system services and kernel logs. (These are the log files one is primarily concerned with) -Given that the expected behavior of system() source is to display system and kernel logs, to achieve this using a file() source driver, earlier syslog-ng versions simply implemented the macOS system() source via: \ +Given that the expected behavior of system() source is to display system and kernel logs, to achieve this using a file() source driver, earlier {{ site.product.short_name }} versions simply implemented the macOS system() source via: \ \ `file("/var/log/system.log" follow-freq(1));` diff --git a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/README.md b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/README.md index eaa240ee..371b2327 100644 --- a/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/README.md +++ b/doc/_dev-guide/chapter_4/section_2/macos-testing-status/system-source/README.md @@ -1,14 +1,14 @@ --- title: system description: >- - Syslog-ng OSE can automatically collect the system-specific log messages of + {{ site.product.short_name }} can automatically collect the system-specific log messages of the host on a number of platforms using the system() driver. id: dev-macos-system-drv --- ### Important Information -If the system() driver is included in the syslog-ng OSE configuration file, syslog-ng OSE automatically adds the following sources to the syslog-ng OSE configuration.\ +If the system() driver is included in the {{ site.product.short_name }} configuration file, {{ site.product.short_name }} automatically adds the following sources to the {{ site.product.short_name }} configuration.\ \ It automatically links to the default logs destination of the given platform through a compatible driver. For example: diff --git a/doc/_dev-guide/chapter_5/section_1.md b/doc/_dev-guide/chapter_5/section_1.md index fd8e295a..3e462c90 100644 --- a/doc/_dev-guide/chapter_5/section_1.md +++ b/doc/_dev-guide/chapter_5/section_1.md @@ -27,7 +27,7 @@ We would like to give you an overview about the columns in our Waffle.io. [Balabit’s Waffle.io table](http://waffle.io/balabit/syslog-ng) #### Feature proposals -We would like to expand the capabilities of syslog-ng so we have decided to create this place for ideas. The following is a template for feature proposals. Using this guide you can create a proper description of your idea that is easy to understand. However, this is only a guideline, if you want to add more information, you are welcome to do so. +We would like to expand the capabilities of {{ site.product.short_name }} so we have decided to create this place for ideas. The following is a template for feature proposals. Using this guide you can create a proper description of your idea that is easy to understand. However, this is only a guideline, if you want to add more information, you are welcome to do so. 1. **Short description:** Description of your feature in 3-5 sentences. Try to focus on functionality, high-level use-case. @@ -77,7 +77,7 @@ Criterion is a unit test framework used in the unit tests of syslog-ng. It can b source or installed as it is available as a .deb package. Its documentation is extensive and full of examples. More test examples can be found in the source of -syslog-ng under the `tests/unit` folder. +{{ site.product.short_name }} under the `tests/unit` folder. ### Installation on Ubuntu diff --git a/doc/_dev-guide/chapter_5/section_6.md b/doc/_dev-guide/chapter_5/section_6.md index 2b540491..e0639f3f 100644 --- a/doc/_dev-guide/chapter_5/section_6.md +++ b/doc/_dev-guide/chapter_5/section_6.md @@ -5,7 +5,7 @@ id: dev-bugs When you report a bug, it is important to share as much relevant information as you can, including: - * version number of syslog-ng used; + * version number of {{ site.product.short_name }} used; * the platform (operating system and its version, architecture, and so on); * a backtrace from the core file if the issue is a crash (this can be invaluable); diff --git a/doc/_dev-guide/chapter_5/section_7.md b/doc/_dev-guide/chapter_5/section_7.md index dd852730..1435ac38 100644 --- a/doc/_dev-guide/chapter_5/section_7.md +++ b/doc/_dev-guide/chapter_5/section_7.md @@ -21,7 +21,7 @@ guidelines the following: 4. Always add a `Signed-off-by` tag to the end of **every** commit message you submit. 5. Always create a separate branch for the pull request, forked off - from the appropriate syslog-ng branch. + from the appropriate {{ site.product.short_name }} branch. 6. If your patch should be applied to multiple branches, submit against the latest one only, and mention which other branches are affected. There is no need to submit pull requests for each diff --git a/doc/_dev-guide/chapter_6/README.md b/doc/_dev-guide/chapter_6/README.md index d18d14f8..59fcf986 100644 --- a/doc/_dev-guide/chapter_6/README.md +++ b/doc/_dev-guide/chapter_6/README.md @@ -3,7 +3,7 @@ title: Tutorials id: dev-tutorials --- -In this chapter we would like to provide you with tutorials and code examples for syslog-ng development. These examples and tutorials are intended to give a quick insight to some of the solutions syslog-ng can provide you with. We hope that you can take what you have learned here and build upon this knowledge. Armed with these basics, you can plunge in to discovering the depths of syslog-ng and the hundreds of use cases that you can cover with this solution. +In this chapter we would like to provide you with tutorials and code examples for {{ site.product.short_name }} development. These examples and tutorials are intended to give a quick insight to some of the solutions {{ site.product.short_name }} can provide you with. We hope that you can take what you have learned here and build upon this knowledge. Armed with these basics, you can plunge in to discovering the depths of {{ site.product.short_name }} and the hundreds of use cases that you can cover with this solution. * **Getting started with implementing Python destinations** Simple tutorial on implementing a Python destination that writes to a file. @@ -11,7 +11,7 @@ In this chapter we would like to provide you with tutorials and code examples fo * **Writing a Kafka Module in Python** Tutorial for implementing a Python destination which sends messages to Apache Kafka -* **Osquery and Elasticsearch** Tutorial for sending messages first from osquery to syslog-ng, and then from syslog-ng to Elasticsearch. +* **Osquery and Elasticsearch** Tutorial for sending messages first from osquery to {{ site.product.short_name }}, and then from {{ site.product.short_name }} to Elasticsearch. * **Simple Threaded C Destination** Tutorial for sending messages to a destination using C diff --git a/doc/_dev-guide/chapter_6/section_1.md b/doc/_dev-guide/chapter_6/section_1.md index 1329a867..952709c9 100644 --- a/doc/_dev-guide/chapter_6/section_1.md +++ b/doc/_dev-guide/chapter_6/section_1.md @@ -3,11 +3,11 @@ title: Getting started with implementing Python destinations id: dev-tut-python-dest --- -Python is a popular, easy-to-use, high-level language that makes writing code fun and easy. The syslog-ng application supports writing destinations in Python, allowing you to easily extend the capabilities of syslog-ng for your own needs. In this section, you will learn how to create a Python destination for syslog-ng, which takes messages and logs them to a file. This tutorial assumes a basic understanding of Python. +Python is a popular, easy-to-use, high-level language that makes writing code fun and easy. The {{ site.product.short_name }} application supports writing destinations in Python, allowing you to easily extend the capabilities of {{ site.product.short_name }} for your own needs. In this section, you will learn how to create a Python destination for {{ site.product.short_name }}, which takes messages and logs them to a file. This tutorial assumes a basic understanding of Python. -###The syslog-ng configuration file +###The {{ site.product.short_name }} configuration file -To create a Python destination, you will need to specify the destination in your syslog-ng configuration file. +To create a Python destination, you will need to specify the destination in your {{ site.product.short_name }} configuration file. The following example demonstrates a Python destination in the configuration file: @@ -22,7 +22,7 @@ destination d_python_to_file { }; ``` -You will see that the Python destination requires three options: `class()`, `on-error()`, and `value-pairs()`. Refer to the syslog-ng OSE documentation for a more thorough explanation of these options. The `options()` part is optional. The Python destination driver will receive these values during initialization. +You will see that the Python destination requires three options: `class()`, `on-error()`, and `value-pairs()`. Refer to the {{ site.product.short_name }} documentation for a more thorough explanation of these options. The `options()` part is optional. The Python destination driver will receive these values during initialization. #### class() @@ -40,7 +40,7 @@ You can also include other arbitrary options in the configuration file. These wi ###The LogDestination class -To interface with syslog-ng, you will need a class with these methods: +To interface with {{ site.product.short_name }}, you will need a class with these methods: ```python def open(self): @@ -77,11 +77,11 @@ To interface with syslog-ng, you will need a class with these methods: return True ``` -When syslog-ng starts, it will attempt to run the init method. This method should do any initialization that needs to be performed at the start of the program. +When {{ site.product.short_name }} starts, it will attempt to run the init method. This method should do any initialization that needs to be performed at the start of the program. -Whenever a new message is generated and fed to your Python script, a Python dictionary is passed to the sent function with name-value pairs specified in the relevant syslog-ng configuration file. +Whenever a new message is generated and fed to your Python script, a Python dictionary is passed to the sent function with name-value pairs specified in the relevant {{ site.product.short_name }} configuration file. -The following two examples put it all together. A sample python class that writes all name-value pairs given to a file, and the accompanying syslog-ng configuration file. +The following two examples put it all together. A sample python class that writes all name-value pairs given to a file, and the accompanying {{ site.product.short_name }} configuration file. #### Example: Python file #### @@ -192,7 +192,7 @@ class TextDestination(LogDestination): self.outfile.flush() return True ``` -#### Example: syslog-ng configuration file #### +#### Example: {{ site.product.short_name }} configuration file #### ```c @version: 3.7 @include "scl.conf" diff --git a/doc/_dev-guide/chapter_6/section_2.md b/doc/_dev-guide/chapter_6/section_2.md index e2e3bc47..72832bff 100644 --- a/doc/_dev-guide/chapter_6/section_2.md +++ b/doc/_dev-guide/chapter_6/section_2.md @@ -3,12 +3,12 @@ title: Getting started with implementing Java destinations id: dev-tut-java-dest --- -Java is one of the most widely used programming languages, and being able to write syslog-ng destinations in Java will allow you to easily interface with any Java codebase. In this section, you will learn how to create a Java destination for syslog-ng, which takes messages and logs them to a file. This tutorial assumes a basic understanding of Java. +Java is one of the most widely used programming languages, and being able to write {{ site.product.short_name }} destinations in Java will allow you to easily interface with any Java codebase. In this section, you will learn how to create a Java destination for {{ site.product.short_name }}, which takes messages and logs them to a file. This tutorial assumes a basic understanding of Java. -###The syslog-ng configuration file +###The {{ site.product.short_name }} configuration file -To create a Java destination, you will have to specify the destination of your compiled Java destination in your syslog-ng configuration file. It must be compiled into either a `.class` file or a `.jar` file. +To create a Java destination, you will have to specify the destination of your compiled Java destination in your {{ site.product.short_name }} configuration file. It must be compiled into either a `.class` file or a `.jar` file. If compiled into a `.class` file, the class path argument must be the folder containing the `.class` file. The following example demonstrates a Java destination in the configuration file, where the Java destination is compiled to a `.class` file: @@ -48,7 +48,7 @@ You will see that this Java destination requires a few options: of the options l ###The SampleJavaDestination class -To interface with syslog-ng, you will need to extend the `TextLogDestination` or `StructuredLogDestination` abstract class, located in the `SyslogNg.jar` file, which can be found in the `moduledir` after `make install`. +To interface with {{ site.product.short_name }}, you will need to extend the `TextLogDestination` or `StructuredLogDestination` abstract class, located in the `SyslogNg.jar` file, which can be found in the `moduledir` after `make install`. The class you extend will end up looking something like this: ```java @@ -108,7 +108,7 @@ public class SampleJavaDestination extends TextLogDestination { Your class should extend either `TextLogDestination` or `StructuredLogDestination`. -When syslog-ng starts, it will create an instance of the class, then attempt to run the init method. This method should do any initialization that needs to be performed at the start of the program. +When {{ site.product.short_name }} starts, it will create an instance of the class, then attempt to run the init method. This method should do any initialization that needs to be performed at the start of the program. Whenever a new message is generated and fed to your Java class, the send function will be called and passed the message as a String. @@ -227,4 +227,4 @@ public class SampleJavaDestination extends TextLogDestination { ``` ### Java-specific notes -To use a syslog-ng Java destination, you have to add the path of the `libjvm.so` to the `LD_LIBRARY_PATH`. +To use a {{ site.product.short_name }} Java destination, you have to add the path of the `libjvm.so` to the `LD_LIBRARY_PATH`. diff --git a/doc/_dev-guide/chapter_6/section_3.md b/doc/_dev-guide/chapter_6/section_3.md index 3336a752..931f23a5 100644 --- a/doc/_dev-guide/chapter_6/section_3.md +++ b/doc/_dev-guide/chapter_6/section_3.md @@ -3,11 +3,11 @@ title: Writing an Apache Kafka module in Python id: dev-tut-python-kafka --- -Apache Kafka is a hugely popular free and open source message broker project. It employs a publish-subscribe messaging model, and can handle hundreds of megabytes of reads and writes per second from thousands of clients. In this section, you will learn how to create a Python destination for syslog-ng, which takes messages and publishes them to Kafka. This tutorial assumes you have a basic understanding of Python and Kafka, and also that you have read the section "Getting started with implementing Python destinations" +Apache Kafka is a hugely popular free and open source message broker project. It employs a publish-subscribe messaging model, and can handle hundreds of megabytes of reads and writes per second from thousands of clients. In this section, you will learn how to create a Python destination for {{ site.product.short_name }}, which takes messages and publishes them to Kafka. This tutorial assumes you have a basic understanding of Python and Kafka, and also that you have read the section "Getting started with implementing Python destinations" -###The syslog-ng configuration file +###The {{ site.product.short_name }} configuration file -To create a Python destination, you will have to specify the destination in your syslog-ng configuration file. +To create a Python destination, you will have to specify the destination in your {{ site.product.short_name }} configuration file. The following example demonstrates a Python destination in the configuration file: @@ -27,7 +27,7 @@ destination python_to_kafka { ``` -You will see that this destination takes the options `host()`, `port()`, and `topic()`. These are not specifically coded into syslog-ng's Python interface. The Python module of syslog-ng allows you to pass arbitrary options from the configuration file into Python, each as a name-value pair. They are combined into a single dictionary and sent to your Python script's "init" function (not "__init__" or any other variation thereof). +You will see that this destination takes the options `host()`, `port()`, and `topic()`. These are not specifically coded into syslog-ng's Python interface. The Python module of {{ site.product.short_name }} allows you to pass arbitrary options from the configuration file into Python, each as a name-value pair. They are combined into a single dictionary and sent to your Python script's "init" function (not "__init__" or any other variation thereof). Kafka works by grouping messages by topics. Clients can pull messages from topics of their choosing. By specifying a topic, you can specify which clients receive which messages. @@ -119,7 +119,7 @@ class KafkaDestination(LogDestination): ``` -#### Example: syslog-ng configuration file #### +#### Example: {{ site.product.short_name }} configuration file #### ```c ############################################################################# # diff --git a/doc/_dev-guide/chapter_6/section_4.md b/doc/_dev-guide/chapter_6/section_4.md index e686fe92..5da20b52 100644 --- a/doc/_dev-guide/chapter_6/section_4.md +++ b/doc/_dev-guide/chapter_6/section_4.md @@ -29,7 +29,7 @@ For reference, these logs are sent with a facility of 19, or "local3". On my Ubu local3.* -/var/log/syslog ``` -### The syslog-ng config file +### The {{ site.product.short_name }} config file To gather the logs from osquery, you need a source that collects system messages, and a filter that can identify logs from osqueryd. @@ -53,7 +53,7 @@ program("^osqueryd.*"); ## Elasticsearch -At the time of writing, there is not an official Elasticsearch destination in the syslog-ng repository, but it will be added soon. Until then, the source for a suitable destination can be found at [https://github.com/juhaszviktor/ESDestination](https://github.com/juhaszviktor/ESDestination). Full documentation on the destination can be found there. +At the time of writing, there is not an official Elasticsearch destination in the {{ site.product.short_name }} repository, but it will be added soon. Until then, the source for a suitable destination can be found at [https://github.com/juhaszviktor/ESDestination](https://github.com/juhaszviktor/ESDestination). Full documentation on the destination can be found there. ### Requirements diff --git a/doc/_dev-guide/chapter_6/section_5.md b/doc/_dev-guide/chapter_6/section_5.md index 74c9b5da..8b07bf35 100644 --- a/doc/_dev-guide/chapter_6/section_5.md +++ b/doc/_dev-guide/chapter_6/section_5.md @@ -30,7 +30,7 @@ log { thread_id=140495535482624 message=-- Generated message. -- ``` -In order to implement a threaded C destination, you need to create a syslog-ng module and a plugin in it. +In order to implement a threaded C destination, you need to create a {{ site.product.short_name }} module and a plugin in it. You can find `example-destination` in the [repository](https://github.com/syslog-ng/syslog-ng/tree/master/modules/examples/destinations/example_destination). There are a few differences to the shipped version, compared to the code that we walk through here: - The shipped module is not under `modules/example_destination`, but under `modules/examples/destinations/example_destinations`, together with the other examples. @@ -69,7 +69,7 @@ modules/example_destination └── Makefile.am ``` -The next step is make the build system notice the new module. Syslog-ng maintains two build systems in parallel: autotools and cmake. +The next step is make the build system notice the new module. {{ site.product.short_name }} maintains two build systems in parallel: autotools and cmake. - autotools @@ -250,10 +250,10 @@ Our example overrides these virtual methods: - `new (example_destination_dd_new)`: driver constructor. - `free_fn (_dd_free)`: driver destructor. -- `init (_dd_init)`: It is called after startup, and after each reload. You can set default values here. It is important to note that the init method may be called multiple times for the same driver. In case of a failed reload (for example syntax error in config), syslog-ng will resume using the same driver instances instead of creating new ones, after calling their init method again. +- `init (_dd_init)`: It is called after startup, and after each reload. You can set default values here. It is important to note that the init method may be called multiple times for the same driver. In case of a failed reload (for example syntax error in config), {{ site.product.short_name }} will resume using the same driver instances instead of creating new ones, after calling their init method again. - `deinit (_dd_deinit)`: It is called before shutdown, and before each reload. If you created resources during `init`, then you need to free them here. - `format_stats_instance (_format_stats_instance)`: this specifies how this driver is represented with `syslog-ng-ctl stats` or `syslog-ng-ctl query get "*"`. -- `generate_persist_name (_generate_persist_name)`: this specifies the persist key of the driver in the persist file. This name is used when syslog-ng attaches a disk queue for a driver, for example. +- `generate_persist_name (_generate_persist_name)`: this specifies the persist key of the driver in the persist file. This name is used when {{ site.product.short_name }} attaches a disk queue for a driver, for example. - `construct (example_destination_dw_new)`: constructor for the worker. It is implemented in `example_destination_worker.c`. #### example_destination_worker.h diff --git a/doc/_dev-guide/chapter_6/section_6.md b/doc/_dev-guide/chapter_6/section_6.md index 7b8c46ab..adc8d512 100644 --- a/doc/_dev-guide/chapter_6/section_6.md +++ b/doc/_dev-guide/chapter_6/section_6.md @@ -19,44 +19,44 @@ You can implement your own event loop, or integrate an external framework's or l A Python Fetcher implementation must be inherited from `syslogng.LogFetcher` class. There is one mandatory method: `fetch()` - `fetch()` -The `fetch()` method will be called by syslog-ng whenever syslog-ng is ready to process a new message. This method needs to return a tuple of form (status, syslogng.LogMessage). Status can be `LogFetcher.FETCH_ERROR`, `LogFetcher.FETCH_NOT_CONNECTED`, `LogFetcher.FETCH_SUCCESS`, `LogFetcher.FETCH_TRY_AGAIN` and `LogFetcher.FETCH_TRY_NO_DATA`. +The `fetch()` method will be called by {{ site.product.short_name }} whenever {{ site.product.short_name }} is ready to process a new message. This method needs to return a tuple of form (status, syslogng.LogMessage). Status can be `LogFetcher.FETCH_ERROR`, `LogFetcher.FETCH_NOT_CONNECTED`, `LogFetcher.FETCH_SUCCESS`, `LogFetcher.FETCH_TRY_AGAIN` and `LogFetcher.FETCH_TRY_NO_DATA`. The `LogFetcher.FETCH_ERROR` status will result in a `close()` `open()` call, waiting `time-reopen()` seconds in between. The `LogFetcher.FETCH_NOT_CONNECTED` will result in an `open()` call after `time-reopen()` seconds in between. -The `LogFetcher.FETCH_SUCCESS` status means the fetch was successful, and syslog-ng can handle the returned message. +The `LogFetcher.FETCH_SUCCESS` status means the fetch was successful, and {{ site.product.short_name }} can handle the returned message. The `LogFetcher.FETCH_TRY_AGAIN` status means fetcher cannot provide message this time, but make the source call fetch as soon as possible. -The `LogFetcher.FETCH_NO_DATA` status means there is no data available this time, syslog-ng can wait some time before calling fetch again. The wait time is equal to time-reopen() by default, but it might be overridden if fetch_no_data_delay(sec) is provided. +The `LogFetcher.FETCH_NO_DATA` status means there is no data available this time, {{ site.product.short_name }} can wait some time before calling fetch again. The wait time is equal to time-reopen() by default, but it might be overridden if fetch_no_data_delay(sec) is provided. The following methods are optional: `init()`, `deinit()`, `open()`, `close()`, `request_exit()` - `request_exit()` -This method is called before syslog-ng stops or reloads. Any blocking calls should be cancelled here. +This method is called before {{ site.product.short_name }} stops or reloads. Any blocking calls should be cancelled here. - `init(options)` -This method is called during initializaton: when syslog-ng starts, or after syslog-ng reloads. If there were options provided in the configuration, they will be available in the sole parameter of `init()`. -The return value is `True`/`False`. If `False` is returned, syslog-ng will not start. +This method is called during initializaton: when {{ site.product.short_name }} starts, or after {{ site.product.short_name }} reloads. If there were options provided in the configuration, they will be available in the sole parameter of `init()`. +The return value is `True`/`False`. If `False` is returned, {{ site.product.short_name }} will not start. - `deinit()` -This method is called during deinitialization: when syslog-ng stops, or before syslog-ng reloads. +This method is called during deinitialization: when {{ site.product.short_name }} stops, or before {{ site.product.short_name }} reloads. - `open()` This method can be used to open connection towards the entities, from which the driver needs to fetch logs. -It is called after `init()` when syslog-ng is started or reloaded. If `fetch()` returns with an error, syslog-ng OSE calls the `close()` and `open()` methods before trying to fetch a new message. +It is called after `init()` when {{ site.product.short_name }} is started or reloaded. If `fetch()` returns with an error, {{ site.product.short_name }} calls the `close()` and `open()` methods before trying to fetch a new message. -If `open()` fails, it should return the False value. In this case, syslog-ng OSE retries it every `time-reopen()` seconds. +If `open()` fails, it should return the False value. In this case, {{ site.product.short_name }} retries it every `time-reopen()` seconds. - `close()` This method can be used to close connection towards the entities, from which the driver needs to fetch logs. -This method is called before `deinit()`. It is also called if `fetch()` returns with `LogFetcher.FETCH_ERROR`. In that case, syslog-ng will wait `time-reopen()` seconds before calling `open()` again. +This method is called before `deinit()`. It is also called if `fetch()` returns with `LogFetcher.FETCH_ERROR`. In that case, {{ site.product.short_name }} will wait `time-reopen()` seconds before calling `open()` again. ### Example The example below encapsulates a http response into a logmessage, that will be printed to the screen. @@ -107,7 +107,7 @@ A Python Source implementation must be inherited from `syslogng.LogSource`. Mess This method sends a log message object to syslog-ng. It must be called from the main thread of the python process. In case the source needs to be suspended after the current message, `post_message` will block until the source is woken up by syslog-ng. If application specific logic needs to be called to prepare such block, it can be done in the `suspend()` `wakeup()` methods. -Suspend can happen for example when flow-control is enabled (`flags(flow-control)` in the logpath), and a destination cannot send logs. In that case the log messages are collected in the buffer of a destination, but after a point, syslog-ng cannot handle more logs, and the sources need to be suspended. `suspend()` should prevent the source from posting new messages until `wakeup()` is called. If this rule is violated, messages will be dropped with an error message: `Incorrectly suspended source, dropping message`. +Suspend can happen for example when flow-control is enabled (`flags(flow-control)` in the logpath), and a destination cannot send logs. In that case the log messages are collected in the buffer of a destination, but after a point, {{ site.product.short_name }} cannot handle more logs, and the sources need to be suspended. `suspend()` should prevent the source from posting new messages until `wakeup()` is called. If this rule is violated, messages will be dropped with an error message: `Incorrectly suspended source, dropping message`. There are two mandatory methods: `run()` and `request_exit()` - `run()` @@ -116,27 +116,27 @@ This method can be used to implement an event loop or start a server framework/l - `request_exit()` -This method is called before syslog-ng terminates or reloads. Any blocking call inside `run()` must be cancelled here. This method is called from a different thread than the python main thread. +This method is called before {{ site.product.short_name }} terminates or reloads. Any blocking call inside `run()` must be cancelled here. This method is called from a different thread than the python main thread. Optional methods: `init()`, `deinit()`, `suspend()`, `wakeup()`. - `init(options)` -This method is called during initializaton: when syslog-ng starts, or after syslog-ng reloads. If there were options provided in the configuration, they will be available in the sole parameter of `init()`. -The return value is `True`/`False`. If `False` is returned, syslog-ng will not start. +This method is called during initializaton: when {{ site.product.short_name }} starts, or after {{ site.product.short_name }} reloads. If there were options provided in the configuration, they will be available in the sole parameter of `init()`. +The return value is `True`/`False`. If `False` is returned, {{ site.product.short_name }} will not start. - `deinit()` -This method is called during deinitialization: when syslog-ng stops, or before syslog-ng reloads. +This method is called during deinitialization: when {{ site.product.short_name }} stops, or before {{ site.product.short_name }} reloads. - `suspend()` -This method is called by syslog-ng when the source needs to be suspended: the message posting must be stopped temporarily. -This happens for example when flow-control is enabled (`flags(flow-control)` in the logpath), and a destination cannot send logs. In that case the log messages are collected in the buffer of a destination, but after a point, syslog-ng cannot handle more logs, and the sources need to be suspended. +This method is called by {{ site.product.short_name }} when the source needs to be suspended: the message posting must be stopped temporarily. +This happens for example when flow-control is enabled (`flags(flow-control)` in the logpath), and a destination cannot send logs. In that case the log messages are collected in the buffer of a destination, but after a point, {{ site.product.short_name }} cannot handle more logs, and the sources need to be suspended. - `wakeup()` -This method is called by syslog-ng when the source needs to be woken op: the message posting can continue. See `suspend()`. +This method is called by {{ site.product.short_name }} when the source needs to be woken op: the message posting can continue. See `suspend()`. ### Example: generator source In this example: the python source will a test message in every second. diff --git a/doc/_dev-guide/chapter_7/README.md b/doc/_dev-guide/chapter_7/README.md index 268ceec5..96e20061 100644 --- a/doc/_dev-guide/chapter_7/README.md +++ b/doc/_dev-guide/chapter_7/README.md @@ -1,18 +1,18 @@ --- -title: Docker images for syslog-ng +title: Docker images for {{ site.product.short_name }} id: dev-docker-imgs --- ### Available docker images * **balabit/syslog-ng**: - * Within this docker image syslog-ng and syslog-ng incubator is installed from deb package. + * Within this docker image {{ site.product.short_name }} and {{ site.product.short_name }} incubator is installed from deb package. * It is intended to be used as a system logging service. * **balabit/syslog-ng-dev**: * This is a development image for building and testing syslog-ng. - * It contains all packages to build and debug syslog-ng within the container. + * It contains all packages to build and debug {{ site.product.short_name }} within the container. * **balabit/syslog-ng-incubator-dev**: - * This is a development image for building and testing syslog-ng incubator. + * This is a development image for building and testing {{ site.product.short_name }} incubator. * It contains all packages to build and debug syslog-ng-incubator within the container. ### Availability and description of docker images diff --git a/doc/_dev-guide/chapter_8/README.md b/doc/_dev-guide/chapter_8/README.md index d7e0259b..e8782174 100644 --- a/doc/_dev-guide/chapter_8/README.md +++ b/doc/_dev-guide/chapter_8/README.md @@ -3,7 +3,7 @@ title: Plugin Development Guide id: dev-plugin-dev --- -This chapter is a guide for creating syslog-ng plugins. +This chapter is a guide for creating {{ site.product.short_name }} plugins. ## Prerequisites @@ -13,8 +13,8 @@ You should be able to program in C and be familiar with object-oriented programm ### syslog-ng -You should understand how syslog-ng works, from a user perspective. -Recommended reading: [syslog-ng OSE Administration Guide](https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition/) +You should understand how {{ site.product.short_name }} works, from a user perspective. +Recommended reading: [{{ site.product.short_name }} Administration Guide](https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition/) ### Bison @@ -23,17 +23,17 @@ Recommended reading: [Bison Manual](https://www.gnu.org/software/bison/manual/) ### GLib -You do not need to know anything about GLib except that syslog-ng uses it, and so you should be prepared to look up its documentation when needed. A link to the manual follows, but it is probably easier to use a search engine when looking for specific docs (e.g. by searching "Glib GString"). +You do not need to know anything about GLib except that {{ site.product.short_name }} uses it, and so you should be prepared to look up its documentation when needed. A link to the manual follows, but it is probably easier to use a search engine when looking for specific docs (e.g. by searching "Glib GString"). Recommended reading: [GLib Reference Manual](https://developer.gnome.org/glib/) ### Criterion -Syslog-ng uses the Criterion unit testing framework, so you should know how to work with it. +{{ site.product.short_name }} uses the Criterion unit testing framework, so you should know how to work with it. Recommended reading: [Criterion Docs](https://criterion.readthedocs.io/) ### Automake/CMake -Syslog-ng supports Automake and CMake for compilation. Writing the compilation files (`Makefile.am` and `CMakeLists.txt`) is not covered in this guide. +{{ site.product.short_name }} supports Automake and CMake for compilation. Writing the compilation files (`Makefile.am` and `CMakeLists.txt`) is not covered in this guide. ## How this Guide Works diff --git a/doc/_dev-guide/chapter_8/section_1.md b/doc/_dev-guide/chapter_8/section_1.md index f946b23f..152dac8e 100644 --- a/doc/_dev-guide/chapter_8/section_1.md +++ b/doc/_dev-guide/chapter_8/section_1.md @@ -5,7 +5,7 @@ id: dev-modules-plugins Plugins are the individual pieces of functionality used in log paths. Examples include `file`, `csv-parser`, and `base64-encode`. Modules are groups of one or more plugins. The modules that the aforementioned plugins belong to are `affile`, `csvparser`, and `basicfuncs`, respectively. -Modules are stored in `modules/` as directories (e.g. `modules/affile/`). Inside these directories are files that integrate the module, files that handle parsing for the module, and files that implement the plugins of the module. Modules are dynamically loaded by syslog-ng (one `.so` file per module). +Modules are stored in `modules/` as directories (e.g. `modules/affile/`). Inside these directories are files that integrate the module, files that handle parsing for the module, and files that implement the plugins of the module. Modules are dynamically loaded by {{ site.product.short_name }} (one `.so` file per module). ## Parts of a Module @@ -38,15 +38,15 @@ The purpose of the plugin file is to integrate a module and its plugins into sys extern CfgParser affile_parser; ``` -Syslog-ng needs a list of the module's plugins, in the form of `Plugin` objects, so the syslog-ng parser knows how to parse them in the configuration file. `Plugin` objects are defined by: +{{ site.product.short_name }} needs a list of the module's plugins, in the form of `Plugin` objects, so the {{ site.product.short_name }} parser knows how to parse them in the configuration file. `Plugin` objects are defined by: 1. A `type` field, which is the context/block a plugin belongs in (source, destination, parser, etc.). This is set to one of the tokens defined under `lib/cfg-grammar.y` (e.g. `LL_CONTEXT_SOURCE`). 2. A `name` field, which is the string used to declare the use of the plugin. 3. A `parser` field, which is the `CfgParser` used to parse the plugin. Usually this is just the `CfgParser` for the module. -When the syslog-ng parser encounters `name` inside a context/block of the type, `type`, it will use `parser` to parse the block. +When the {{ site.product.short_name }} parser encounters `name` inside a context/block of the type, `type`, it will use `parser` to parse the block. -In this snippet of a config file, for example, the syslog-ng parser sees that it is inside a source context/block (`LL_CONTEXT_SOURCE`), and finds the string `file`, so it uses the parser for that plugin, which is `affile_parser`, to parse the configuration block. +In this snippet of a config file, for example, the {{ site.product.short_name }} parser sees that it is inside a source context/block (`LL_CONTEXT_SOURCE`), and finds the string `file`, so it uses the parser for that plugin, which is `affile_parser`, to parse the configuration block. ``` source s_local { @@ -214,7 +214,7 @@ CFG_PARSER_IMPLEMENT_LEXER_BINDING(affile_, LogDriver **) ## Structs as Classes -Syslog-ng is written in C but simulates the funcitonality of classes and objects by using structs. +{{ site.product.short_name }} is written in C but simulates the funcitonality of classes and objects by using structs. The first field of any struct that represents a subclass is `super`. The type of `super` is the struct that represents the superclass. This type is not a pointer. diff --git a/doc/_dev-guide/chapter_8/section_4.md b/doc/_dev-guide/chapter_8/section_4.md index b3755cd9..7b6d4209 100644 --- a/doc/_dev-guide/chapter_8/section_4.md +++ b/doc/_dev-guide/chapter_8/section_4.md @@ -3,7 +3,7 @@ title: Filter Function id: dev-plugin-dev-filter-func --- -This section will guide you through the process of creating a filter function, by going through the files of filter-length, a set of filter functions which filter log messages based on the length of their `${MESSAGE}`. `${MESSAGE}` refers to the syslog-ng macro and not MSG as defined by the syslog protocols. +This section will guide you through the process of creating a filter function, by going through the files of filter-length, a set of filter functions which filter log messages based on the length of their `${MESSAGE}`. `${MESSAGE}` refers to the {{ site.product.short_name }} macro and not MSG as defined by the syslog protocols. Filter functions are written under `lib/filter/`, and so they do not belong to any module and are not technically plugins. To add a filter function we only need to modify the parser and grammar files; there is no plugin file. diff --git a/doc/_doc-guide/02_Tools/01_Self_made_tools/01_Tests/README.md b/doc/_doc-guide/02_Tools/01_Self_made_tools/01_Tests/README.md index 070579ac..6bffc87e 100644 --- a/doc/_doc-guide/02_Tools/01_Self_made_tools/01_Tests/README.md +++ b/doc/_doc-guide/02_Tools/01_Self_made_tools/01_Tests/README.md @@ -24,7 +24,7 @@ macro in the destination definition. {: .notice--info} To parse non-syslog messages, for example, JSON, CSV, or other messages, -you can use the built-in parsers of syslog-ng OSE. For details, see +you can use the built-in parsers of {{ site.product.short_name }}. For details, see [[parser: Parse and segment structured messages]]. `multi line backticked @@ -33,10 +33,10 @@ text` Soft macros (sometimes also called name-value pairs) are either built-in macros automatically generated from the log message (for example, ${HOST}), or custom user-created macros generated by using -the syslog-ng pattern database or a CSV-parser. The SDATA fields of +the {{ site.product.short_name }} pattern database or a CSV-parser. The SDATA fields of RFC-5424 formatted log messages become soft macros as well. In contrast with hard macros, soft macros are writable and can be -modified within syslog-ng OSE, for example, using rewrite rules. +modified within {{ site.product.short_name }}, for example, using rewrite rules. **WARNING:** \{: .notice--warning\} Test \ for the list of hard and soft macros, see [[Hard versus soft macros]]. @@ -63,7 +63,7 @@ options { --------------------- -Introduction to syslog-ng is a test for pages without description/subtitle, but text part between the title and the first heading which can have tooltips too this way. +Introduction to {{ site.product.short_name }} is a test for pages without description/subtitle, but text part between the title and the first heading which can have tooltips too this way. Developer guide is a double (page title amd section heading) example with a description/subtitle. @@ -75,7 +75,7 @@ Test of forced link with anchored ID part [[Install Homebrew|dev-inst-macos#home 1. Same test like above in an enumeration [[Install Homebrew|dev-inst-macos#homebrew]]. -**Hint:** Same again in a notice block [[Install Homebrew|dev-inst-macos#homebrew]]. If you you have syslog-ng [[installed via brew|dev-inst-macos#installation]], as a reference, you can check the dependencies of the brew built version using `brew deps syslog-ng` +**Hint:** Same again in a notice block [[Install Homebrew|dev-inst-macos#homebrew]]. If you you have {{ site.product.short_name }} [[installed via brew|dev-inst-macos#installation]], as a reference, you can check the dependencies of the brew built version using `brew deps syslog-ng` {: .notice--info} Embedded [link test](https://grpc.io/docs/guides/keepalive/) from a different domain @@ -155,19 +155,18 @@ For details, see [[The syslog-ng.conf manual page]]. [[The syslog-ng.conf manual page]] -[[The syslog-ng manual page]] +[[The {{ site.product.short_name }} manual page]] Here comes an include doc/admin-guide/manpages-footnote.md test {% include doc/admin-guide/manpages-footnote.md %} When encoding is set in a source (using the encoding() option) and the message is longer (in bytes) than log-msg-size() in UTF-8 -representation, syslog-ng OSE splits the message at an undefined +representation, {{ site.product.short_name }} splits the message at an undefined location (because the conversion between different encodings is not trivial). -The following is a simple configuration file for syslog-ng Open -Source Edition that collects incoming log messages and stores them -in a text file. syslog-ng Open Source Edition. +The following is a simple configuration file for {{ site.product.name }} that collects incoming log messages and stores them +in a text file. {{ site.product.name }}. Aliast testing e.g ${LEVEL} or ${PRIORITY} should work like ${SDATA} diff --git a/doc/_doc-guide/README.md b/doc/_doc-guide/README.md index eee6262b..6dbe9c66 100644 --- a/doc/_doc-guide/README.md +++ b/doc/_doc-guide/README.md @@ -13,10 +13,10 @@ id: doc-guide 5. If you modify a file in the `_includes/doc/` directory, it is probably included to multiple parts of the documentation. Make sure that your changes make sense in each context. 6. Modify the files as you need (following our markup conventions). For example, you can add new examples, correct typos, and so on. 7. Validate the files to make sure that the `markdown` is well-formed. - 8. Commit and sign off your changes. If your changes apply only to syslog-ng OSE, begin the commit message with the `ose` prefix. If the changes apply only to specific versions, indicate them in the tag, for example, `ose 3.35` + 8. Commit and sign off your changes. If your changes apply only to {{ site.product.short_name }}, begin the commit message with the `ose` prefix. If the changes apply only to specific versions, indicate them in the tag, for example, `ose 3.35` 9. Push your changes, for example, `git push origin my-typo-fixes` 10. Submit a pull request. - 11. Sign the syslog-ng Open Source Edition Documentation Contributor License Agreement when prompted. + 11. Sign the {{ site.product.name }} Documentation Contributor License Agreement when prompted. 12. We will review your contribution and if accepted, integrate to the master branch of the documentation and publish it. ## Basic rules, conventions we try to follow