8.1.8. unix-stream() and unix-dgram()

The syslog-ng 3.0 Administrator Guide Document version: Thirteenth Release date: September 23, 2010 Latest version available at the BalaBit Documentation Page
Previous \| Up \| Home \| Contents \| Index \| Glossary \| Next

8.1.8. unix-stream() and unix-dgram()

These two drivers behave similarly: they open an AF_UNIX socket and start listening on it for messages.

Both unix-stream and unix-dgram have a single required argument, specifying the filename of the socket to create.

Declaration: 
    unix-stream(filename [options]);
    unix-dgram(filename [options]);

The following options can be specified for these divers:

Name	Type	Default	Description
encoding()	string		Specifies the characterset (encoding, e.g., `UTF-8`) of messages using the legacy BSD-syslog protocol. To list the available character sets on a host, execute the iconv -l command.
flags()	empty-lines, kernel, no-multi-line, no-parse, store-legacy-msghdr, syslog-protocol, validate-utf8	empty set	Specifies the log parsing options of the source. Use the `empty-lines` flag to keep the empty lines of the messages. By default, syslog-ng removes empty lines automatically. The `kernel` flag makes the source default to the `LOG_KERN \| LOG_CRIT` priority if not specified otherwise. The `no-multi-line` flag disables line-breaking in the messages; the entire message is converted to a single line. By default, syslog-ng parses incoming messages as syslog messages. If a source does not send properly formatted messages, use the `no-parse` flag to disable message parsing for the source. As a result, syslog-ng will generate a new syslog header and put the entire incoming message into the MSG part of the syslog message. The `no-parse` flag completely disables syslog message parsing and processes the complete line as the message part of a syslog message. Other information (timestamp, host, etc.) is added automatically. This flag is useful for parsing files not complying to the syslog format. If the `store-legacy-msghdr` flag is enabled, syslog-ng stores the original incoming header of the log message. This is useful of the original format of a non-syslog-compliant message must be retained (syslog-ng automatically corrects minor header errors, e.g., adds a whitespace before `msg` in the following message: `Jan 22 10:06:11 host program:msg`). Note that `store-legacy-msghdr` should be enabled when receiving messages from syslog-ng Agent for Windows clients that use the Snare-compatible mode. The `syslog-protocol` flag specifies that incoming messages are expected to be formatted according to the new IETF syslog protocol standard. Note that this flag is not needed for the `syslog` driver. The `validate-utf8` flag enables encoding-verification for messages formatted according to the new IETF syslog standard (see Section 2.19.2, “IETF-syslog messages” for details). If the BOM character is missing, but the message is otherwise UTF-8 compliant, syslog-ng automatically adds the BOM character to the message.
follow_freq()	number	1	Indicates that the source should be checked periodically instead of being polled. This is useful for files which always indicate readability, even though no new lines were appended. If this value is higher than zero, syslog-ng will not attempt to use `poll()` on the file, but checks whether the file changed every time the `follow_freq()` interval (in seconds) has elapsed. Floating-point numbers (e.g., `1.5`) can be used as well.
group()	string	root	Set the gid of the socket.
host_override()	string		Replaces the $HOST part of the message with the parameter string.
keep-alive()	yes or no	yes	Selects whether to keep connections open when syslog-ng is restarted; cannot be used with `unix-dgram()`.
keep_timestamp()	yes or no	yes	Specifies whether syslog-ng should accept the timestamp received from the sending application or client. If disabled, the time of reception will be used instead. This option can be specified globally, and per-source as well. The local setting of the source overrides the global option if available.
log_fetch_limit()	number	The value specified by the global `log_fetch_limit()` option, which defaults to `10`.	The maximum number of messages fetched from a source during a single poll loop. The destination queues might fill up before flow-control could stop reading if `log_fetch_limit()` is too high.
log_iw_size()	number	100	The size of the initial window, this value is used during flow control.
log_msg_size()	number	Use the global `log_msg_size()` option, which defaults to `8192`.	Specifies the maximum length of incoming log messages. Uses the value of the global option if not specified.
log_prefix() (DEPRECATED)	string		A string added to the beginning of every log message. It can be used to add an arbitrary string to any log source, though it is most commonly used for adding `kernel:` to the kernel messages on Linux. NOTE: This option is deprecated. Use `program_override()` instead.
max-connections()	number	256	Limits the number of simultaneously open connections. Cannot be used with `unix-dgram()`.
optional()	yes or no		Instruct syslog-ng to ignore the error if a specific source cannot be initialized. No other attempts to initialize the source will be made until the configuration is reloaded. This option currently applies to the `pipe()`, `unix-dgram`, and `unix-stream` drivers.
owner()	string	root	Set the uid of the socket.
pad_size()	number	0	Specifies input padding. Some operating systems (such as HP-UX) pad all 0 messages to block boundary. This option can be used to specify the block size. (HP-UX uses 2048 bytes). Syslog-ng will pad reads from the associated device to the number of bytes set in `pad_size()`. Mostly used on HP-UX where `/dev/log` is a named pipe and every write is padded to 2048 bytes.
perm()	number	0666	Set the permission mask. For octal numbers prefix the number with '0', e.g.: use 0755 for rwxr-xr-x.
program_override	string		Replaces the $PROGRAM part of the message with the parameter string. For example, to mark every message coming from the kernel, include the `program_override("kernel")` option in the source containing `/proc/kmsg`. NOTE: This option replaces the deprecated `log_prefix()` option.
so_broadcast()	yes or no	no	This option controls the `SO_BROADCAST` socket option required to make syslog-ng send messages to a broadcast address. See the socket(7) manual page for details.
so_keepalive()	yes or no	no	Enables keep-alive messages, keeping the socket open. This only effects TCP and UNIX-stream sockets. See the socket(7) manual page for details.
so_rcvbuf()	number	0	Specifies the size of the socket receive buffer in bytes. See the socket(7) manual page for details.
so_sndbuf()	number	0	Specifies the size of the socket send buffer in bytes. See the socket(7) manual page for details.
time_zone()	timezone in +/-HH:MM format		The default timezone for messages read from the source. Applies only if no timezone is specified within the message itself.

Table 8.7. Options for unix-stream() and unix-dgram()

[Example]

Example 8.11. Using the unix-stream() and unix-dgram() drivers

source s_stream { unix-stream("/dev/log" max-connections(10)); };

source s_dgram { unix-dgram("/var/run/log"); };

Prev	Up	Next
8.1.7. tcp(), tcp6(), udp() and udp6()	Home \| Contents	8.2. Destination drivers

© 2007-2010 BalaBit IT Security
Please send your comments or documentation bugs to: documentation@balabit.com