quick version:
There are two types of config statements
startup statements
module loads
input definitions
global definitions
ruleset actions
actions
conditionals
functions
input modules accept messages (source depends on the module) and add them to a
queue (mail queue by default, but it could be a queue on a ruleset)
a worker thread goes through all the config items in a ruleset (default ruleset
by default, but you can define an input to invoke a different ruleset). This
includes the action() calls that invoke message modification and output modules,
and it's these modules that deliver the messages to all destinations.
imuxsock is the module that reads /dev/log
omfile is the module that would write to /var/log
does this answer your questions?
David Lang
On Tue, 21 May 2019, DOR Nelly via rsyslog wrote:
Date: Tue, 21 May 2019 15:13:00 +0200
From: DOR Nelly via rsyslog <[email protected]>
To: rsyslog-users <[email protected]>
Cc: DOR Nelly <[email protected]>
Subject: [rsyslog] Rsyslog - how it works
Hello,
I am currently trying to evaluate the portability of Rsyslog to exokernel-like
systems. I did not, however, find descriptions of the inner workings of the
software in its documentation. As exploring the source code doesn't help me
much at this stage, is there someone who could point me to sites or documents
that actually tell of the system routines that are used ? Or, if possible,
explain the different steps the program takes in order to fetch messages from
the /dev/log socket and deliver them to /var/log.
I do understand how the rsyslog config file is organized, how the message selection rules
work, etc. I can't see the "road" the program takes to use this config file in
order to do its work, or why it's organized the way it is : which functions create the
initial socket, how are the system calls and functions linked to one another, etc. In
other words, I don't understand the global pattern/diagram that illustrates how the
program actually fulfills its role...
Cheers, and thanks in advance for the help !
Nelly DOR
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
