Module Name: omfile
Author:Rainer Gerhards <rgergards@adiscon.com>
Description:
The omfile plug-in provides the core functionality of writing messages to files residing inside the local file system (which may actually be remote if methods like NFS are used). Both files named with static names as well files with names based on message content are supported by this module. It is a built-in module that does not need to be loaded.
Module Parameters:
Set the default template to be used if an action is not configured
to use a specific template.
Sets the default DirCreateMode to be used for an action if no
explicit one is specified.
Sets the default DirCreateMode to be used for an action if no
explicit one is specified.
Action Parameters:
Sets the template to be used for this action. If not specified, the
default template is applied.
Applies only if dynamic filenames are used. Specifies the number of DynaFiles that will be kept open. The
default is 10. Note that this is a per-action value, so if you have multiple dynafile actions, each of them have their individual caches (which means the numbers sum up). Ideally, the cache size exactly matches the need. You can use impstats to tune this value. Note that a too-low cache size can be a very considerable performance bottleneck.
if greater 0, turns on gzip compression of the output file. The
higher the number, the better the compression, but also the more CPU is required for zipping.
VeryRobustZip [on/off] (v7.3.0+) - if ZipLevel is greater 0, then this setting controls if extra headers are written to make the resulting file extra hardened against malfunction. If set to off, data appended to previously unclean closed files may not be accessible without extra tools. Note that this risk is usually expected to be bearable, and thus “off” is the default mode. The extra headers considerably degrade compression, files with this option set to “on” may be four to five times as large as files processed in “off” mode.
Defines, in seconds, the interval after which unwritten data is
flushed.
if turned on, the files will be written in asynchronous mode via a
separate thread. In that case, double buffers will be used so that one buffer can be filled while the other buffer is being written. Note that in order to enable FlushInterval, AsyncWriting must be set to “on”. Otherwise, the flush interval will be ignored. Also note that when FlushOnTXEnd is “on” but AsyncWriting is off, output will only be written when the buffer is full. This may take several hours, or even require a rsyslog shutdown. However, a buffer flush can be forced in that case by sending rsyslogd a HUP signal.
Omfile has the capability to write output using a buffered writer.
Disk writes are only done when the buffer is full. So if an error happens during that write, data is potentially lost. In cases where this is unacceptable, set FlushOnTXEnd to on. Then, data is written at the end of each transaction (for pre-v5 this means after each log message) and the usual error recovery thus can handle write errors without data loss. Note that this option severely reduces the effect of zip compression and should be switched to off for that use case. Note that the default -on- is primarily an aid to preserve the traditional syslogd behaviour.
size of the buffer used to writing output data. The larger the
buffer, the potentially better performance is. The default of 4k is quite conservative, it is useful to go up to 64k, and 128K if you used gzip compression (then, even higher sizes may make sense)
Set the file owner for directories newly created. Please note that
this setting does not affect the owner of directories already existing. The parameter is a user name, for which the userid is obtained by rsyslogd during startup processing. Interim changes to the user mapping are not detected.
Set the file owner for directories newly created. Please note that
this setting does not affect the owner of directories already existing. The parameter is a numerical ID, which is used regardless of whether the user actually exists. This can be useful if the user mapping is not available to rsyslog during startup.
Set the group for directories newly created. Please note that this
setting does not affect the group of directories already existing. The parameter is a group name, for which the groupid is obtained by rsyslogd on during startup processing. Interim changes to the user mapping are not detected.
Set the group for directories newly created. Please note that this
setting does not affect the group of directories already existing. The parameter is a numerical ID, which is used regardless of whether the group actually exists. This can be useful if the group mapping is not available to rsyslog during startup.
Set the file owner for files newly created. Please note that this
setting does not affect the owner of files already existing. The parameter is a user name, for which the userid is obtained by rsyslogd during startup processing. Interim changes to the user mapping are not detected.
Set the file owner for files newly created. Please note that this
setting does not affect the owner of files already existing. The parameter is a numerical ID, which which is used regardless of whether the user actually exists. This can be useful if the user mapping is not available to rsyslog during startup.
Set the group for files newly created. Please note that this setting
does not affect the group of files already existing. The parameter is a group name, for which the groupid is obtained by rsyslogd during startup processing. Interim changes to the user mapping are not detected.
Set the group for files newly created. Please note that this setting
does not affect the group of files already existing. The parameter is a numerical ID, which is used regardless of whether the group actually exists. This can be useful if the group mapping is not available to rsyslog during startup.
The FileCreateMode directive allows to specify the creation mode
with which rsyslogd creates new files. If not specified, the value 0644 is used (which retains backward-compatibility with earlier releases). The value given must always be a 4-digit octal number, with the initial digit being zero. Please note that the actual permission depend on rsyslogd’s process umask. If in doubt, use “$umask 0000” right at the beginning of the configuration file to remove any restrictions. FileCreateMode may be specified multiple times. If so, it specifies the creation mode for all selector lines that follow until the next $FileCreateMode directive. Order of lines is vitally important.
This is the same as FileCreateMode, but for directories
automatically generated.
This option modifies behaviour of file creation. If different owners
or groups are specified for new files or directories and rsyslogd fails to set these new owners or groups, it will log an error and NOT write to the file in question if that option is set to “on”. If it is set to “off”, the error will be ignored and processing continues. Keep in mind, that the files in this case may be (in)accessible by people who should not have permission. The default is “on”.
create directories on an as-needed basis
enables file syncing capability of omfile. Note that this causes an
enormous performance hit if enabled.
If the file already exists, new data is appended to it. Existing
data is not truncated. If the file does not already exist, it is created. Files are kept open as long as rsyslogd is active. This conflicts with external log file rotation. In order to close a file after rotation, send rsyslogd a HUP signal after the file has been rotated away.
For each message, the file name is generated based on the given
template. Then, this file is opened. As with the ``file’’ property, data is appended if the file already exists. If the file does not exist, a new file is created. A cache of recent files is kept. Note that this cache can consume quite some memory (especially if large buffer sizes are used). Files are kept open as long as they stay inside the cache. Currently, files are only evicted from the cache when there is need to do so (due to insufficient cache size). To force-close (and evict) a dynafile from cache, send a HUP signal to rsyslogd.
Selects a signature provider for log signing. Currently, there only
is one provider called “gt”.
Selects a crypto provider for log encryption. Currently, there only
is one provider called “gcry”.
See Also
Caveats/Known Bugs:
One needs to be careful with log rotation if signatures and/or encryption are being used. These create side-files, which form a set and must be kept together.
For signatures, the ”.sigstate” file must NOT be rotated away if
signature chains are to be build across multiple files. This is because .sigstate contains just global information for the whole file set. However, all other files need to be rotated together. The proper sequence is to
This sequence will ensure that all files inside the set are atomically closed and in sync. HUPing only after a subset of files have been moved results in inconsistencies and will most probably render the file set unusable.
Sample:
The following command writes all syslog messages into a file.
action(type=”omfile” DirCreateMode=”0700” FileCreateMode=”0644” File=”/var/log/messages”)
Legacy Configuration Directives:
equivalent to the “dynaFileCacheSize” parameter
equivalent to the “zipLevel” parameter
equivalent to the “flushInterval” parameter
equivalent to the “asyncWriting” parameter
equivalent to the “flushOnTXEnd” parameter
equivalent to the “IOBufferSize” parameter
equivalent to the “dirOwner” parameter
equivalent to the “dirGroup” parameter
equivalent to the “fileOwner” parameter
equivalent to the “fileGroup” parameter
equivalent to the “dirCreateMode” parameter
equivalent to the “fileCreateMode” parameter
equivalent to the “failOnChOwnFailure” parameter
equivalent to the “ForceChOwn” parameter
equivalent to the “createDirs” parameter
equivalent to the “enableSync” parameter
equivalent to the “template” module parameter
Resets all configuration variables to their default value.
Legacy Sample:
The following command writes all syslog messages into a file.
$ModLoad omfile $DirCreateMode 0700 $FileCreateMode 0644 *.* /var/log/messages
[rsyslog.conf overview] [manual index] [rsyslog site]
This documentation is part of the rsyslog project.
Copyright © 2008-2013 by `Rainer
Gerhards <http://www.gerhards.net/rainer>`_ and Adiscon. Released under the GNU GPL version 3 or higher.