Merge remote branch 'upstream/master'

1 files changed, 180 insertions, 0 deletions

diff --git a/doc/imtcp.html b/doc/imtcp.html
new file mode 100644
index 00000000..b9f0b056
--- /dev/null
+++ b/doc/imtcp.html
@@ -0,0 +1,180 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Language" content="en">
+<title>TCP Syslog Input Module</title>
+</head>
+
+<body>
+<a href="rsyslog_conf_modules.html">back to rsyslog module overview</a>
+
+<h1>TCP Syslog Input Module</h1>
+<p><b>Module Name:&nbsp;&nbsp;&nbsp; imtcp</b></p>
+<p><b>Author: </b>Rainer Gerhards &lt;rgerhards@adiscon.com&gt;</p>
+<p><b>Multi-Ruleset Support: </b>since 4.5.0 and 5.1.1
+<p><b>Description</b>:</p>
+<p>Provides the ability to receive syslog messages via TCP.
+Encryption is natively provided by selecting the approprioate network stream driver and
+can also be provided by using <a href="rsyslog_stunnel.html">stunnel</a>
+(an alternative is the use the <a href="imgssapi.html">imgssapi</a> module).</p>
+
+<p><b>Configuration Directives</b>:</p>
+<p><b>Global Directives</b>:</p>
+<ul>
+<li><b>AddtlFrameDelimiter</b> &lt;Delimiter&gt;<br>
+This directive permits to specify an additional frame delimiter for plain tcp syslog.
+The industry-standard specifies using the LF character as frame delimiter. Some vendors,
+notable Juniper in their NetScreen products, use an invalid frame delimiter, in Juniper's
+case the NUL character. This directive permits to specify the ASCII value of the delimiter
+in question. Please note that this does not guarantee that all wrong implementations can
+be cured with this directive. It is not even a sure fix with all versions of NetScreen,
+as I suggest the NUL character is the effect of a (common) coding error and thus will
+probably go away at some time in the future. But for the time being, the value 0 can
+probably be used to make rsyslog handle NetScreen's invalid syslog/tcp framing.
+For additional information, see this
+<a href="http://kb.monitorware.com/problem-with-netscreen-log-t1652.html">forum thread</a>.
+<br><b>If this doesn't work for you, please do not blame the rsyslog team. Instead file
+a bug report with Juniper!</b>
+<br>Note that a similar, but worse, issue exists with Cisco's IOS implementation. They do
+not use any framing at all. This is confirmed from Cisco's side, but there seems to be
+very limited interest in fixing this issue. This directive <b>can not</b> fix the Cisco bug.
+That would require much more code changes, which I was unable to do so far. Full details
+can be found at the <a href="http://www.rsyslog.com/Article321.phtml">Cisco tcp syslog anomaly</a>
+page.
+<li><b>DisableLFDelimiter</b> &lt;on/<b>off</b>&gt;<br>
+Industry-strandard plain text tcp syslog uses the LF to delimit syslog frames. However,
+some users brought up the case that it may be useful to define a different delimiter and
+totally disable LF as a delimiter (the use case named were multi-line messages). This mode
+is non-standard and will probably come with a lot of problems. However, as there is need
+for it and it is relatively easy to support, we do so. Be sure to turn this setting to
+"on" only if you exactly know what you are doing. You may run into all sorts of troubles,
+so be prepared to wrangle with that!
+<li><b>NotifyOnConnectionClose</b> [on/<b>off</b>]<br>
+instructs imtcp to emit a message if the remote peer closes a connection.<br>
+<b>Important:</b> This directive is global to all listeners and must be given right
+after loading imtcp, otherwise it may have no effect.</li>
+<li><b>KeepAlive</b> &lt;on/<b>off</b>&gt;<br>
+enable of disable keep-alive packets at the tcp socket layer. The default is
+to disable them.</li>
+<li><b>FlowControl</b> &lt;<b>on</b>/off&gt;<br>
+This setting specifies whether some message flow control shall be exercised on the
+related TCP input. If set to on, messages are handled as "light delayable", which means
+the sender is throttled a bit when the queue becomes near-full. This is done in order
+to preserve some queue space for inputs that can not throttle (like UDP), but it
+may have some undesired effect in some configurations. Still, we consider this as
+a useful setting and thus it is the default. To turn the handling off, simply
+configure that explicitely.
+</li>
+<li><b>MaxListeners</b> &lt;number&gt;<br>
+Sets the maximum number of listeners (server ports) supported. Default is 20. This must be set before the first $InputTCPServerRun directive.</li>
+<li><b>MaxSessions</b> &lt;number&gt;<br> Sets the maximum number of sessions supported. Default is 200. This must be set before the first $InputTCPServerRun directive</li>
+<li><b>StreamDriver.Mode</b> &lt;number&gt;<br>
+Sets the driver mode for the currently selected <a href="netstream.html">network stream driver</a>. &lt;number&gt; is driver specifc.</li>
+<li><b>StreamDriver.AuthMode</b> &lt;mode-string&gt;<br>
+Sets the authentication mode for the currently selected <a href="netstream.html">network stream driver</a>. &lt;mode-string&gt; is driver specifc.</li>
+<li><b>PermittedPeer</b> &lt;id-string&gt;<br>
+Sets permitted peer IDs. Only these peers are able to connect to the
+listener. &lt;id-string&gt; semantics depend on the currently selected
+AuthMode and&nbsp; <a href="netstream.html">network stream driver</a>. PermittedPeer may not be set in anonymous modes.
+<br>PermittedPeer may be set either to a single peer or an array of peers either of type IP or name, depending on the tls certificate.
+<br>Single peer: PermittedPeer="127.0.0.1"
+<br>Array of peers: PermittedPeer=["test1.example.net","10.1.2.3","test2.example.net","..."]</li>
+</ul>
+<p><b>Action Directives</b>:</p>
+<ul>
+<li><b>Port</b> &lt;port&gt;<br>
+Starts a TCP server on selected port</li>
+<li><b>Name</b> &lt;name&gt;<br>
+Sets a name for the inputname property. If no name is set "imtcp" is used by default. Setting a 
+name is not strictly necessary, but can be useful to apply filtering based on which input
+the message was received from.
+<li><b>Ruleset</b> &lt;ruleset&gt;<br>
+Binds the listener to a specific <a href="multi_ruleset.html">ruleset</a>.</li>
+<li><b>SupportOctetCountedFraming</b> &lt;<b>on</b>|off&gt;<br>
+If set to "on", the legacy octed-counted framing (similar to RFC5425 framing) is
+activated. This is the default and should be left unchanged until you know
+very well what you do. It may be useful to turn it off, if you know this framing
+is not used and some senders emit multi-line messages into the message stream.
+</li>
+<li><b>RateLimit.Interval</b> [number] - (available since 7.3.1) specifies the rate-limiting
+interval in seconds.  Default value is 0, which turns off rate limiting. Set it to a number
+of seconds (5 recommended) to activate rate-limiting.
+</li>
+<li><b>RateLimit.Burst</b> [number] - (available since 7.3.1) specifies the rate-limiting
+burst in number of messages. Default is 10,000.
+</li>
+</ul>
+<b>Caveats/Known Bugs:</b>
+<ul>
+<li>module always binds to all interfaces</li>
+<li>can not be loaded together with <a href="imgssapi.html">imgssapi</a>
+(which includes the functionality of imtcp)</li>
+</ul>
+<p><b>Example:</b></p>
+<p>This sets up a TCP server on port 514 and permits it to accept up to 500 connections:<br>
+</p>
+<textarea rows="15" cols="60">module(load="imtcp" MaxSessions="500")
+input(type="imtcp" port="514")
+</textarea>
+<p>Note that the global parameters (here: max sessions) need to be set when the module is loaded. Otherwise, the parameters will not apply. 
+</p>
+
+<p><b>Legacy Configuration Directives</b>:</p>
+<ul>
+<li><b>$InputTCPServerAddtlFrameDelimiter &lt;Delimiter&gt;</b><br>
+equivalent to: AddtlFrameDelimiter
+<li><b>$InputTCPServerDisableLFDelimiter</b> &lt;on/<b>off</b>&gt; (available since 5.5.3)<br>
+equivalent to: DisableLFDelimiter
+<li><b>$InputTCPServerNotifyOnConnectionClose</b> [on/<b>off</b>] (available since 4.5.5)<br>
+equivalent to: NotifyOnConnectionClose<br>
+</li>
+<li><b>$InputTCPServerKeepAlive</b> &lt;on/<b>off</b>&gt;<br>
+equivalent to: KeepAlive</li>
+<li><b>$InputTCPServerRun</b> &lt;port&gt;<br>
+equivalent to: Port</li>
+<li><b>$InputTCPFlowControl</b> &lt;<b>on</b>/off&gt;<br>
+equivalent to: FlowControl
+</li>
+<li><b>$InputTCPMaxListeners</b> &lt;number&gt;<br>
+equivalent to: MaxListeners</li>
+<li><b>$InputTCPMaxSessions</b> &lt;number&gt;<br> 
+equivalent to: MaxSessions</li>
+<li><b>$InputTCPServerStreamDriverMode</b> &lt;number&gt;<br>
+equivalent to: StreamDriver.Mode</li>
+<li><b>$InputTCPServerInputName</b> &lt;name&gt;<br>
+equivalent to: Name
+<li><b>$InputTCPServerStreamDriverAuthMode</b> &lt;mode-string&gt;<br>
+equivalent to: StreamDriver.AuthMode</li>
+<li><b>$InputTCPServerStreamDriverPermittedPeer</b> &lt;id-string&gt;<br>
+equivalent to: PermittedPeer.</li>
+<li><b>$InputTCPServerBindRuleset</b> &lt;ruleset&gt;<br>
+equivalent to: Ruleset</a>.</li>
+<li><b>$InputTCPSupportOctetCountedFraming</b> &lt;<b>on</b>|off&gt;<br>
+equivalent to: SupportOctetCountedFraming
+</li>
+</ul>
+<b>Caveats/Known Bugs:</b>
+<ul>
+<li>module always binds to all interfaces</li>
+<li>can not be loaded together with <a href="imgssapi.html">imgssapi</a>
+(which includes the functionality of imtcp)</li>
+</ul>
+<p><b>Example:</b></p>
+<p>This sets up a TCP server on port 514 and permits it to accept up to 500 connections:<br>
+</p>
+<textarea rows="15" cols="60">$ModLoad imtcp # needs to be done just once
+$InputTCPMaxSessions 500
+$InputTCPServerRun 514
+</textarea>
+<p>Note that the parameters (here: max sessions) need to be set <b>before</b> the listener
+is activated. Otherwise, the parameters will not apply.
+</p>
+<p>[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
+[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]</p>
+<p><font size="2">This documentation is part of the <a href="http://www.rsyslog.com/">rsyslog</a>
+project.<br>
+Copyright &copy; 2008,2009 by <a href="http://www.gerhards.net/rainer">Rainer Gerhards</a> and
+<a href="http://www.adiscon.com/">Adiscon</a>.
+Released under the GNU GPL version 3 or higher.</font></p>
+</body>
+</html>