srlog2

Index

NAME
SYNOPSIS
DESCRIPTION
ENVIRONMENT
FILES
SEE ALSO

NAME

srlog2 - Sends logs to a network receiver.

SYNOPSIS

SERVICE [SERVER] [[+-]PATTERN ...]

DESCRIPTION

srlog2 reads lines from standard input, filters them based on command line patterns, timestamps them, and writes them to a buffer. If a connection has been established with the receiver, it gathers together batches of lines and sends them to the receiver. Once the receiver acknowledges the receipt of the lines, the sender marks the lines as having been fully sent.

When reading input, an attempt is made to batch together as many lines into one packet as possible without significantly delaying transmission. To do this, srlog2 waits a short (configurable) time after each line to see if another line is coming before forming the outgoing message. The longer the time waited, the more likely to batch together lines, but the longer it will take for lines to get sent to the receiver.

ENVIRONMENT

ACK_TIMEOUT: The base time to wait (in milliseconds) for an acknowledgement from the receiver for each sent message. The second retransmit waits twice this length, the third three times, and so on. Defaults to 1000ms.
CID_TIMEOUT: The time to wait (in milliseconds) between sending connection initialization requests. Defaults to 5000ms.
CLEAN_BYTES: The minimum size (in bytes) of the buffer file (described below) before it is considered for truncation. Defaults to 100000 bytes.
EXITONEOF: If present then srlog2 will exit immediately when it reaches the end of its input instead of waiting until its buffer has been completely sent to the remote.
KEYDIR: The directory in which the key files are stored. On startup the sender secret keys are read from curve25519 and nistp224 in this directory, and the receiver public keys are read from the single file servers/$SERVER.
NOFILES: Do not create or write logs to files before sending them. With this option set, there is no way for srlog2 to recover logs that are lost in transit when it is interrupted.
PORT: The UDP port number on which to communicate. Defaults to 11014.
RETRANSMITS: The number of times to retransmit each message. Defaults to 4.
READWAIT: The time to wait after each line (in milliseconds) for more input data before forming an outgoing packet. Defaults to 100ms.
SENDER: The name of the sender to present to the receiving server. By default, the sender name is formed from the result of the gethostname(2) system call, truncated at the first ".".
SERVER: The host name or IP address of the system to which to send all traffic. This name is also used to look up the server's public key. If a server name is present on the command line, this variable is ignored.
STARTLINES: The maximum number of lines to buffer up before starting to send. Defaults to 250.

FILES

The sender modifies two files in the current directory:

buffer: Every line received from standard input is written to this file before sending it to the receiver. If there are no lines left to be sent (as indicated by the sequence file described below), it may be truncated. In normal operation, the sender will only truncate this file when it gets larger than a certain size, in order to prevent spending too much system time truncating the file.
sequence: The sender repeatedly writes two numbers to this file, seperated by a colon: the sequence number of the next line that needs to be sent and the sequence number to be assigned to the next line to be read. If the two numbers are equal, the buffer is effectively empty.