From c6d4ec6cdca3b1de7ec0095c8d65d26c0b86a1e2 Mon Sep 17 00:00:00 2001 From: Robert Fekete Date: Wed, 20 Nov 2024 12:23:47 +0100 Subject: [PATCH 1/4] Removes unused topic file --- ...topic-elasticsearch2-practical-examples.md | 22 ------------------- 1 file changed, 22 deletions(-) delete mode 100644 content/headless/chunk/topic-elasticsearch2-practical-examples.md diff --git a/content/headless/chunk/topic-elasticsearch2-practical-examples.md b/content/headless/chunk/topic-elasticsearch2-practical-examples.md deleted file mode 100644 index de877cdf..00000000 --- a/content/headless/chunk/topic-elasticsearch2-practical-examples.md +++ /dev/null @@ -1,22 +0,0 @@ ---- ---- - - -## Example use cases of sending logs to Elasticsearch - -This section aims to give you some practical examples about how to make the most of your Elasticsearch-based logging using `syslog-ng`. Read the following blog posts to learn how to: - - - [Parse data with syslog-ng, store in Elasticsearch, and analyze with Kibana](https://syslog-ng.com/blog/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/) - - - [Get started on Red Hat Enterprise Linux / CentOS using Elasticsearch 6 and syslog-ng](https://syslog-ng.com/blog/syslog-ng-and-elasticsearch-6-getting-started-on-rhelcentos/) - - - [Send netdata metrics through syslog-ng to Elasticsearch](https://syslog-ng.com/blog/sending-netdata-metrics-syslog-ng-elasticsearch/) - - - Visualize your data using: - - - [heat maps](https://syslog-ng.com/blog/creating-heat-maps-using-new-syslog-ng-geoip2-parser/) - - This example uses the GeoIP2 parser. For details about the GeoIP2 parser, see {{% xref "/chapter-enrich-data/geoip2-parser/_index.md" %}}. - - - [time lapse videos](https://syslog-ng.com/blog/creating-time-lapse-videos-log-messages-using-openshot/) - From e87423c57a5c953ee44702d6a368605fb2103be0 Mon Sep 17 00:00:00 2001 From: Robert Fekete Date: Wed, 20 Nov 2024 12:51:19 +0100 Subject: [PATCH 2/4] Remove references to unavailable patterndb samples --- .../concepts-artificial-ignorance/_index.md | 2 +- .../patterndb-download/_index.md | 21 ------------------- .../reference-patterndb-schemes/_index.md | 2 +- 3 files changed, 2 insertions(+), 23 deletions(-) delete mode 100644 content/chapter-parsers/chapter-patterndb/configuring-pattern-databases/patterndb-download/_index.md diff --git a/content/chapter-parsers/chapter-patterndb/concepts-pattern-databases/concepts-artificial-ignorance/_index.md b/content/chapter-parsers/chapter-patterndb/concepts-pattern-databases/concepts-artificial-ignorance/_index.md index cc522b0f..05bde534 100644 --- a/content/chapter-parsers/chapter-patterndb/concepts-pattern-databases/concepts-artificial-ignorance/_index.md +++ b/content/chapter-parsers/chapter-patterndb/concepts-pattern-databases/concepts-artificial-ignorance/_index.md @@ -8,4 +8,4 @@ Artificial ignorance is a method used to detect anomalies. When applied to log a The AxoSyslog application can classify messages using a pattern database: messages that do not match any pattern are classified as unknown. This provides a way to use artificial ignorance to review your log messages. You can periodically review the unknown messages — AxoSyslog can send them to a separate destination, and add patterns for them to the pattern database. By reviewing and manually classifying the unknown messages, you can iteratively classify more and more messages, until only the really anomalous messages show up as unknown. -Obviously, for this to work, a large number of message patterns are required. The radix-tree matching method used for message classification is very effective, can be performed very fast, and scales very well. Basically the time required to perform a pattern matching is independent from the number of patterns in the database. For sample pattern databases, see {{% xref "/chapter-parsers/chapter-patterndb/configuring-pattern-databases/patterndb-download/_index.md" %}}. +Obviously, for this to work, a large number of message patterns are required. The radix-tree matching method used for message classification is very effective, can be performed very fast, and scales very well. Basically the time required to perform a pattern matching is independent from the number of patterns in the database. diff --git a/content/chapter-parsers/chapter-patterndb/configuring-pattern-databases/patterndb-download/_index.md b/content/chapter-parsers/chapter-patterndb/configuring-pattern-databases/patterndb-download/_index.md deleted file mode 100644 index 1700e4b6..00000000 --- a/content/chapter-parsers/chapter-patterndb/configuring-pattern-databases/patterndb-download/_index.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: "Downloading sample pattern databases" -weight: 300 ---- - - -To simplify the building of pattern databases, {{% param "product.companyabbrev" %}} has released sample databases. You can download sample pattern databases from the [{{% param "product.companyabbrev" %}} GitHub page](https://github.com/syslog-ng/syslog-ng-patterndb/). - -Note that these pattern databases are only samples and experimental databases. They are not officially supported, and may or may not work in your environment. - -The pattern databases are available under the Creative Commons Attribution-Share Alike 3.0 (CC by-SA) license. This includes every pattern database written by community contributors or the {{% param "product.companyabbrev" %}} staff. It means that: - - - You are free to use and modify the patterns for your needs. - - - If you redistribute the pattern databases, you must distribute your modifications under the same license. - - - If you redistribute the pattern databases, you must make it obvious that the source of the original pattern databases is the [GitHub page](https://github.com/syslog-ng/syslog-ng-patterndb/). - -For legal details, the full text of the license is [available here](https://creativecommons.org/licenses/by-sa/3.0/us/legalcode). - -If you create patterns that are not available in the GitHub repository, consider sharing them with the community. To do this, open a GitHub issue, or {{% param "product.contact" %}}. diff --git a/content/chapter-parsers/chapter-patterndb/reference-parsers-pattern-databases/reference-patterndb-schemes/_index.md b/content/chapter-parsers/chapter-patterndb/reference-parsers-pattern-databases/reference-patterndb-schemes/_index.md index 7344f04d..95f4a6dd 100644 --- a/content/chapter-parsers/chapter-patterndb/reference-parsers-pattern-databases/reference-patterndb-schemes/_index.md +++ b/content/chapter-parsers/chapter-patterndb/reference-parsers-pattern-databases/reference-patterndb-schemes/_index.md @@ -4,7 +4,7 @@ weight: 500 --- -Pattern databases are XML files that contain rules describing the message patterns. For sample pattern databases, see {{% xref "/chapter-parsers/chapter-patterndb/configuring-pattern-databases/patterndb-download/_index.md" %}}. +Pattern databases are XML files that contain rules describing the message patterns. The following scheme describes the V5 format of the pattern database. This format is backwards-compatible with the earlier formats. From 5644de9a8069da37e3bebf0ed5a4e73cf958a66b Mon Sep 17 00:00:00 2001 From: Robert Fekete Date: Wed, 20 Nov 2024 12:51:45 +0100 Subject: [PATCH 3/4] Broken link updates --- content/chapter-concepts/concepts-high-availability/_index.md | 2 +- .../concepts-message-bsdsyslog-header/_index.md | 2 +- .../concepts-message-bsdsyslog-msg/_index.md | 2 +- .../concepts-message-bsdsyslog-pri/_index.md | 2 +- .../chapter-configuration-file/configuration-syntax/_index.md | 2 +- .../configuring-destinations-amqp/_index.md | 2 +- .../configuring-destinations-elasticsearch2/_index.md | 2 +- .../syslog-ng-elasticsearch2-search-guard/_index.md | 4 ++-- .../configuring-destinations-hdfs/_index.md | 2 +- .../configuring-destinations-kafka/_index.md | 2 +- .../reference-destination-mongodb/_index.md | 4 ++-- .../reference-destination-riemann/_index.md | 2 -- .../configuring-destinations-telegram/_index.md | 2 +- content/chapter-destinations/destination-collectd/_index.md | 2 +- .../destination-collectd-options/_index.md | 4 ++-- content/chapter-destinations/destination-slack/_index.md | 2 +- .../destination-slack/reference-destination-slack/_index.md | 2 +- .../destination-snmp/cisco-syslog-snmp/_index.md | 2 +- content/chapter-enrich-data/geoip-parser/_index.md | 2 +- .../referring-to-parts-of-the-message-as-a-macro/_index.md | 2 +- .../reference-template-functions/_index.md | 2 +- content/chapter-parsers/apache-access-log-parser/_index.md | 2 +- .../configuring-sources-network/proxy-prot-intro/_index.md | 2 +- .../proxy-prot-intro/proxy-prot-w-mech/_index.md | 2 +- content/chapter-sources/darwin/_index.md | 2 +- content/chapter-sources/python-source/_index.md | 2 +- .../chunk/option-description-destination-slack-throttle.md | 2 +- .../chunk/option-destination-http-use-system-cert-store.md | 2 +- 28 files changed, 30 insertions(+), 32 deletions(-) diff --git a/content/chapter-concepts/concepts-high-availability/_index.md b/content/chapter-concepts/concepts-high-availability/_index.md index e3788f3f..d073f53c 100644 --- a/content/chapter-concepts/concepts-high-availability/_index.md +++ b/content/chapter-concepts/concepts-high-availability/_index.md @@ -4,6 +4,6 @@ weight: 1300 --- -Multiple {{% param "product.abbrev" %}} servers can be run in fail-over mode. The {{% param "product.abbrev" %}} application does not include any internal support for this, as clustering support must be implemented on the operating system level. A tool that can be used to create UNIX clusters is Heartbeat (for details, see [this page](http://www.linux-ha.org/wiki/Main_Page/)). +Multiple {{% param "product.abbrev" %}} servers can be run in fail-over mode. The {{% param "product.abbrev" %}} application does not include any internal support for this, as clustering support must be implemented on the operating system level. Starting with {{% param "product.name" %}} version 3.2, {{% param "product.abbrev" %}} clients can be configured to send the log messages to failover servers in case the primary syslog server becomes unaccessible. For details on configuring failover servers, see the description of the `failover-servers()` destination option in {{% xref "/chapter-destinations/_index.md" %}}. diff --git a/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-header/_index.md b/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-header/_index.md index 4213c1f8..9a8a968e 100644 --- a/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-header/_index.md +++ b/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-header/_index.md @@ -4,7 +4,7 @@ weight: 300 --- -This section describes the `HEADER` message part of a syslog message, according to the [legacy-syslog or BSD-syslog protocol](https://tools.ietf.org/search/rfc3164). +This section describes the `HEADER` message part of a syslog message, according to the [legacy-syslog or BSD-syslog protocol](https://datatracker.ietf.org/doc/rfc3164/). For further details about the `MSG` and `PRI` parts of a syslog message, see the following sections: diff --git a/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-msg/_index.md b/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-msg/_index.md index 44f2678a..94e0a986 100644 --- a/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-msg/_index.md +++ b/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-msg/_index.md @@ -4,7 +4,7 @@ weight: 500 --- -This section describes the `MSG` message part of a syslog message, according to the [legacy-syslog or BSD-syslog protocol](https://tools.ietf.org/search/rfc3164). +This section describes the `MSG` message part of a syslog message, according to the [legacy-syslog or BSD-syslog protocol](https://datatracker.ietf.org/doc/rfc3164/). For further details about the `HEADER` and `PRI` message parts of a syslog message, see the following sections: diff --git a/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-pri/_index.md b/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-pri/_index.md index da20cd68..2a02874b 100644 --- a/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-pri/_index.md +++ b/content/chapter-concepts/concepts-message-structure/concepts-message-bsdsyslog/concepts-message-bsdsyslog-pri/_index.md @@ -4,7 +4,7 @@ weight: 100 --- -This section describes the `PRI` message part of a syslog message, according to the [legacy-syslog or BSD-syslog protocol](https://tools.ietf.org/search/rfc3164). +This section describes the `PRI` message part of a syslog message, according to the [legacy-syslog or BSD-syslog protocol](https://datatracker.ietf.org/doc/rfc3164/). For further details about the `HEADER` and `MSG` parts of a syslog message, see the following sections: diff --git a/content/chapter-configuration-file/configuration-syntax/_index.md b/content/chapter-configuration-file/configuration-syntax/_index.md index a49ab917..a14dcb01 100644 --- a/content/chapter-configuration-file/configuration-syntax/_index.md +++ b/content/chapter-configuration-file/configuration-syntax/_index.md @@ -30,7 +30,7 @@ The following is a very simple configuration file for `syslog-ng`: it collects t }; ``` -As a `syslog-ng` user described on a [mailing list](https://lists.gt.net/gentoo/user/209108): +As a `syslog-ng` user described on a mailing list: > Alan McKinnon > diff --git a/content/chapter-destinations/configuring-destinations-amqp/_index.md b/content/chapter-destinations/configuring-destinations-amqp/_index.md index 08d95b14..c54e6c2c 100644 --- a/content/chapter-destinations/configuring-destinations-amqp/_index.md +++ b/content/chapter-destinations/configuring-destinations-amqp/_index.md @@ -6,7 +6,7 @@ short_description: "Publish messages using AMQP" --- -The `amqp()` driver publishes messages using the [AMQP (Advanced Message Queuing Protocol)](http://www.amqp.org/). {{% param "product.abbrev" %}} supports AMQP versions 0.9.1 and 1.0. The {{% param "product.abbrev" %}} `amqp()` driver supports persistence, and every available exchange types. +The `amqp()` driver publishes messages using the [AMQP (Advanced Message Queuing Protocol)](https://en.wikipedia.org/wiki/Advanced_Message_Queuing_Protocol). {{% param "product.abbrev" %}} supports AMQP versions 0.9.1 and 1.0. The {{% param "product.abbrev" %}} `amqp()` driver supports persistence, and every available exchange types. The name-value pairs selected with the `value-pairs()` option will be sent as AMQP headers, while the body of the AMQP message is empty by default (but you can add custom content using the `body()` option). Publishing the name-value pairs as headers makes it possible to use the Headers exchange-type and subscribe only to interesting log streams. This solution is more flexible than using the `routing-key()` option. diff --git a/content/chapter-destinations/configuring-destinations-elasticsearch2/_index.md b/content/chapter-destinations/configuring-destinations-elasticsearch2/_index.md index 7f0099f6..d4e6c9d0 100644 --- a/content/chapter-destinations/configuring-destinations-elasticsearch2/_index.md +++ b/content/chapter-destinations/configuring-destinations-elasticsearch2/_index.md @@ -116,6 +116,6 @@ The following example send messages to Elasticsearch over HTTP using its REST AP - For the list of options, see {{% xref "/chapter-destinations/configuring-destinations-elasticsearch2/reference-destination-elasticsearch2/_index.md" %}}. -The `elasticsearch2()` driver is actually a reusable configuration snippet configured to receive log messages using the Java language-binding of {{% param "product.abbrev" %}}. For details on using or writing such configuration snippets, see {{% xref "/chapter-configuration-file/large-configs/config-blocks/_index.md" %}}. You can find the source of the elasticsearch configuration snippet on [GitHub](https://github.com/axoflow/axosyslog/blob/master/scl/elasticsearch/plugin.conf). For details on extending {{% param "product.abbrev" %}} in Java, see the [Getting started with syslog-ng development](https://syslog-ng.gitbooks.io/getting-started/content/chapters/chapter_5/section_2.html) guide. +The `elasticsearch2()` driver is actually a reusable configuration snippet configured to receive log messages using the Java language-binding of {{% param "product.abbrev" %}}. For details on using or writing such configuration snippets, see {{% xref "/chapter-configuration-file/large-configs/config-blocks/_index.md" %}}. You can find the source of the elasticsearch configuration snippet on [GitHub](https://github.com/axoflow/axosyslog/blob/main/scl/elasticsearch/elastic-http.conf). {{< include-headless "wnt/note-jvm-reload.md" >}} diff --git a/content/chapter-destinations/configuring-destinations-elasticsearch2/syslog-ng-elasticsearch2-search-guard/_index.md b/content/chapter-destinations/configuring-destinations-elasticsearch2/syslog-ng-elasticsearch2-search-guard/_index.md index c20157b8..cec5cb06 100644 --- a/content/chapter-destinations/configuring-destinations-elasticsearch2/syslog-ng-elasticsearch2-search-guard/_index.md +++ b/content/chapter-destinations/configuring-destinations-elasticsearch2/syslog-ng-elasticsearch2-search-guard/_index.md @@ -7,7 +7,7 @@ weight: 700 ## Purpose: -Version 3.9 and later supports the [Search Guard](https://floragunn.com/searchguard/) Elasticsearch plugin (version 2.4.1.16 and newer) to encrypt and authenticate your connections to from {{% param "product.abbrev" %}} to Elasticsearch 2 and newer. To configure {{% param "product.abbrev" %}} to send messages to an Elasticsearch 2.x cluster that uses Search Guard, complete the following steps. +Version 3.9 and later supports the [Search Guard](https://search-guard.com/) Elasticsearch plugin (version 2.4.1.16 and newer) to encrypt and authenticate your connections to from {{% param "product.abbrev" %}} to Elasticsearch 2 and newer. To configure {{% param "product.abbrev" %}} to send messages to an Elasticsearch 2.x cluster that uses Search Guard, complete the following steps. To connect to an Elasticsearch 5.x or newer cluster, use HTTPS mode. @@ -21,7 +21,7 @@ To connect to an Elasticsearch 5.x or newer cluster, use HTTPS mode. sudo /usr/share/elasticsearch/bin/plugin install -b com.floragunn/search-guard-ssl/ ``` -2. Create a certificate for your {{% param "product.abbrev" %}} host, and add the certificate to the `SYSLOG_NG-NODE_NAME-keystore.jks` file. You can configure the location of this file in the Elasticsearch resources file under the `path.conf` parameter. For details, see the [Search Guard documentation](https://github.com/floragunncom/search-guard-ssl-docs/blob/master/certificates.md). +2. Create a certificate for your {{% param "product.abbrev" %}} host, and add the certificate to the `SYSLOG_NG-NODE_NAME-keystore.jks` file. You can configure the location of this file in the Elasticsearch resources file under the `path.conf` parameter. For details, see the [Search Guard documentation](https://docs.search-guard.com/latest/configuring-tls#using-keystore-and-truststore-files). 3. Configure an Elasticsearch destination in {{% param "product.abbrev" %}} that uses the `searchguard` client mode. For example: diff --git a/content/chapter-destinations/configuring-destinations-hdfs/_index.md b/content/chapter-destinations/configuring-destinations-hdfs/_index.md index 46c43912..90d23e84 100644 --- a/content/chapter-destinations/configuring-destinations-hdfs/_index.md +++ b/content/chapter-destinations/configuring-destinations-hdfs/_index.md @@ -56,6 +56,6 @@ The following example defines an `hdfs` destination using only the required para - For the list of options, see {{% xref "/chapter-destinations/configuring-destinations-hdfs/reference-destination-hdfs/_index.md" %}}. -The `hdfs()` driver is actually a reusable configuration snippet configured to receive log messages using the Java language-binding of {{% param "product.abbrev" %}}. For details on using or writing such configuration snippets, see {{% xref "/chapter-configuration-file/large-configs/config-blocks/_index.md" %}}. You can find the source of the hdfs configuration snippet on [GitHub](https://github.com/axoflow/axosyslog/blob/master/scl/hdfs/plugin.conf). For details on extending {{% param "product.abbrev" %}} in Java, see the [Getting started with syslog-ng development](https://syslog-ng.gitbooks.io/getting-started/content/chapters/chapter_5/section_2.html) guide. +The `hdfs()` driver is actually a reusable configuration snippet configured to receive log messages using the Java language-binding of {{% param "product.abbrev" %}}. For details on using or writing such configuration snippets, see {{% xref "/chapter-configuration-file/large-configs/config-blocks/_index.md" %}}. You can find the source of the hdfs configuration snippet on [GitHub](https://github.com/axoflow/axosyslog/blob/master/scl/hdfs/plugin.conf). {{< include-headless "wnt/note-jvm-reload.md" >}} diff --git a/content/chapter-destinations/configuring-destinations-kafka/_index.md b/content/chapter-destinations/configuring-destinations-kafka/_index.md index 3d8799b5..b1fd065d 100644 --- a/content/chapter-destinations/configuring-destinations-kafka/_index.md +++ b/content/chapter-destinations/configuring-destinations-kafka/_index.md @@ -49,6 +49,6 @@ The following example defines a `kafka` destination, using only the required par - For the list of options, see {{% xref "/chapter-destinations/configuring-destinations-kafka/reference-destination-kafka/_index.md" %}}. -The `kafka()` driver is actually a reusable configuration snippet configured to receive log messages using the Java language-binding of {{% param "product.abbrev" %}}. For details on using or writing such configuration snippets, see {{% xref "/chapter-configuration-file/large-configs/config-blocks/_index.md" %}}. You can find the source of the kafka configuration snippet on [GitHub](https://github.com/axoflow/axosyslog/blob/master/scl/kafka/plugin.conf). For details on extending {{% param "product.abbrev" %}} in Java, see the [Getting started with syslog-ng development](https://syslog-ng.gitbooks.io/getting-started/content/chapters/chapter_5/section_2.html) guide. +The `kafka()` driver is actually a reusable configuration snippet configured to receive log messages using the Java language-binding of {{% param "product.abbrev" %}}. For details on using or writing such configuration snippets, see {{% xref "/chapter-configuration-file/large-configs/config-blocks/_index.md" %}}. You can find the source of the kafka configuration snippet on [GitHub](https://github.com/axoflow/axosyslog/blob/main/scl/kafka/kafka.conf). {{< include-headless "wnt/note-jvm-reload.md" >}} diff --git a/content/chapter-destinations/configuring-destinations-mongodb/reference-destination-mongodb/_index.md b/content/chapter-destinations/configuring-destinations-mongodb/reference-destination-mongodb/_index.md index 130811fa..0fe229fd 100644 --- a/content/chapter-destinations/configuring-destinations-mongodb/reference-destination-mongodb/_index.md +++ b/content/chapter-destinations/configuring-destinations-mongodb/reference-destination-mongodb/_index.md @@ -17,7 +17,7 @@ The `mongodb()` destination has the following options: Available in {{% param "product_name" %}} version 4.3.0 and newer. -*Description:* Enables [bulk insert](http://mongoc.org/libmongoc/current/bulk.html) mode. If disabled, each messages is inserted individually. +*Description:* Enables [bulk insert](https://mongoc.org/libmongoc/current/mongoc_bulk_operation_insert.html) mode. If disabled, each messages is inserted individually. > Note: Bulk sending is only efficient if you use a constant [collection](#mongodb-option-collection) (without templates), or the used template does not lead to too many collections switching within a reasonable time range. @@ -41,7 +41,7 @@ Available in {{% param "product_name" %}} version 4.3.0 and newer. Available in {{% param "product_name" %}} version 4.3.0 and newer. -*Description:* Enables [unordered bulk operations](http://mongoc.org/libmongoc/current/bulk.html) mode. +*Description:* Enables [unordered bulk operations](http://mongoc.org/libmongoc/1.23.3/bulk.html) mode. ## collection() {#mongodb-option-collection} diff --git a/content/chapter-destinations/configuring-destinations-riemann/reference-destination-riemann/_index.md b/content/chapter-destinations/configuring-destinations-riemann/reference-destination-riemann/_index.md index 8071200b..ad27fb93 100644 --- a/content/chapter-destinations/configuring-destinations-riemann/reference-destination-riemann/_index.md +++ b/content/chapter-destinations/configuring-destinations-riemann/reference-destination-riemann/_index.md @@ -61,8 +61,6 @@ Note that the time format parameter requires: In older versions of riemann-c-client, the microseconds option is not available. - In case your distribution does not contain a recent enough version of riemann-c-client and you wish to use microseconds, install a new version from [](https://github.com/algernon/riemann-c-client). - If you installed the new version in a custom location (instead of the default one), make sure that you append the directory of the pkg-config file (`.pc` file) to the environment variable `export PKG_CONFIG_PATH=...`. After calling `configure`, you should see the following message in the case of successful installation: diff --git a/content/chapter-destinations/configuring-destinations-telegram/_index.md b/content/chapter-destinations/configuring-destinations-telegram/_index.md index 251e07a2..f2f54682 100644 --- a/content/chapter-destinations/configuring-destinations-telegram/_index.md +++ b/content/chapter-destinations/configuring-destinations-telegram/_index.md @@ -8,7 +8,7 @@ short_description: "Send messages to Telegram" The `telegram()` destination sends log messages to [Telegram](https://core.telegram.org/ "https://core.telegram.org"), which is a secure, cloud-based mobile and desktop messaging app. -Note that this destination automatically uses the certificate store of the system (for details, see the [curl documentation](https://curl.haxx.se/sslcerts.html)). +Note that this destination automatically uses the certificate store of the system (for details, see the [curl documentation](https://curl.se/docs/sslcerts.html)). ## Declaration: diff --git a/content/chapter-destinations/destination-collectd/_index.md b/content/chapter-destinations/destination-collectd/_index.md index 88558e8c..b7549256 100644 --- a/content/chapter-destinations/destination-collectd/_index.md +++ b/content/chapter-destinations/destination-collectd/_index.md @@ -6,7 +6,7 @@ short_description: "Send metrics to collectd" --- -The `collectd()` destination uses the [unixsock plugin of the collectd application](https://collectd.org/documentation/manpages/collectd-unixsock.5.shtml) to send log messages to the [collectd system statistics collection daemon](https://collectd.org). You must install and configure collectd separately before using this destination. +The `collectd()` destination uses the [unixsock plugin of the collectd application](https://www.collectd.org/documentation/manpages/collectd-unixsock.html) to send log messages to the [collectd system statistics collection daemon](https://collectd.org). You must install and configure collectd separately before using this destination. Available in {{% param "product.abbrev" %}} version 3.20 and later. diff --git a/content/chapter-destinations/destination-collectd/destination-collectd-options/_index.md b/content/chapter-destinations/destination-collectd/destination-collectd-options/_index.md index 45167eed..48680399 100644 --- a/content/chapter-destinations/destination-collectd/destination-collectd-options/_index.md +++ b/content/chapter-destinations/destination-collectd/destination-collectd-options/_index.md @@ -78,7 +78,7 @@ The `collectd()` destination has the following options. The `plugin()` and `type | Type: | path | | Default: | /var/run/collectd-unixsock | -*Description:* The path to the socket of collectd. For details, see the [collectd-unixsock(5) manual page](https://collectd.org/documentation/manpages/collectd-unixsock.5.shtml). +*Description:* The path to the socket of collectd. For details, see the [collectd-unixsock(5) manual page](https://www.collectd.org/documentation/manpages/collectd-unixsock.html). ```shell type("gauge"), @@ -105,7 +105,7 @@ The `collectd()` destination has the following options. The `plugin()` and `type | Type: | string or template | | Default: | | -*Description:* Identifies the type and number of values passed to collectd. For details, see the [types.db manual page](https://collectd.org/documentation/manpages/types.db.5.shtml). For example: +*Description:* Identifies the type and number of values passed to collectd. For details, see the [types.db manual page](https://www.collectd.org/documentation/manpages/types.db.html). For example: ```shell type("gauge"), diff --git a/content/chapter-destinations/destination-slack/_index.md b/content/chapter-destinations/destination-slack/_index.md index 4aa221a2..44a45651 100644 --- a/content/chapter-destinations/destination-slack/_index.md +++ b/content/chapter-destinations/destination-slack/_index.md @@ -20,7 +20,7 @@ The `slack()` destination driver sends messages to a [Slack](https://slack.com/) ``` -The driver allows you to modify nearly every field of the HTTP request. For details, see the [Slack API documentation](https://api.slack.com/message-attachments). +The driver allows you to modify nearly every field of the HTTP request. For details, see the [Slack API documentation](https://api.slack.com/docs). {{% include-headless "chunk/destination-http-proxy-settings.md" %}} diff --git a/content/chapter-destinations/destination-slack/reference-destination-slack/_index.md b/content/chapter-destinations/destination-slack/reference-destination-slack/_index.md index cb710335..6742658e 100644 --- a/content/chapter-destinations/destination-slack/reference-destination-slack/_index.md +++ b/content/chapter-destinations/destination-slack/reference-destination-slack/_index.md @@ -14,7 +14,7 @@ The `slack` destination of {{% param "product.abbrev" %}} can directly post log | Type: | string or template | | Default: | 'host: ${HOST} | program: ${PROGRAM}(${PID}) | severity: ${PRIORITY}' | -*Description:* The sender of the message as displayed in Slack. For details, see the [author_name option in the Slack documentation](https://api.slack.com/message-attachments). +*Description:* The sender of the message as displayed in Slack. For details, see the [author_name option in the Slack documentation](https://api.slack.com/reference/surfaces/formatting#attachments). diff --git a/content/chapter-destinations/destination-snmp/cisco-syslog-snmp/_index.md b/content/chapter-destinations/destination-snmp/cisco-syslog-snmp/_index.md index f5b7fa94..4d790eff 100644 --- a/content/chapter-destinations/destination-snmp/cisco-syslog-snmp/_index.md +++ b/content/chapter-destinations/destination-snmp/cisco-syslog-snmp/_index.md @@ -16,7 +16,7 @@ The {{% param "product.abbrev" %}} application can convert the syslog messages s To accomplish this, {{% param "product.abbrev" %}} has to use a special pattern database to parse the Cisco-specific syslog messages, because these messages do not comply with the standard syslog formats. -For details on the Cisco-specific SNMP trap format, see [CISCO-SYSLOG-MIB](http://tools.cisco.com/ITDIT/MIBS/servlet/index) on the Cisco website. +For details on the Cisco-specific SNMP trap format, see [CISCO-SYSLOG-MIB](https://github.com/cisco/cisco-mibs/blob/main/schema/CISCO-SYSLOG-MIB.schema). ## Parsing Cisco-specific message fields with patterndb diff --git a/content/chapter-enrich-data/geoip-parser/_index.md b/content/chapter-enrich-data/geoip-parser/_index.md index be8b4c42..97f8d5f2 100644 --- a/content/chapter-enrich-data/geoip-parser/_index.md +++ b/content/chapter-enrich-data/geoip-parser/_index.md @@ -10,7 +10,7 @@ The {{% param "product.abbrev" %}} application can lookup IPv4 addresses from an {{% alert title="Note" color="info" %}} -To access longitude and latitude information, download the [GeoLiteCity](http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz) database, and unzip it (for example, to the `/usr/share/GeoIP/GeoLiteCity.dat` file). The default databases available on Linux and other platforms usually contain only the country codes. +To access longitude and latitude information, download the [GeoLite2City](https://dev.maxmind.com/geoip/geolite2-free-geolocation-data/) database, and unzip it (for example, to the `/usr/share/GeoIP/GeoLiteCity.dat` file). The default databases available on Linux and other platforms usually contain only the country codes. {{% /alert %}} diff --git a/content/chapter-enrich-data/geoip2-parser/referring-to-parts-of-the-message-as-a-macro/_index.md b/content/chapter-enrich-data/geoip2-parser/referring-to-parts-of-the-message-as-a-macro/_index.md index 6730fbe2..3563dd5b 100644 --- a/content/chapter-enrich-data/geoip2-parser/referring-to-parts-of-the-message-as-a-macro/_index.md +++ b/content/chapter-enrich-data/geoip2-parser/referring-to-parts-of-the-message-as-a-macro/_index.md @@ -22,4 +22,4 @@ The name of the package depends on the Linux distribution. The package mentioned The resulting dump file will contain the keys that you can use. -For a more complete list of keys, you can also check the [GeoIP2 City and Country CSV Databases](https://dev.maxmind.com/geoip/geoip2/geoip2-city-country-csv-databases/). However, note that the {{% param "product.abbrev" %}} application works with the `mmdb` (GeoIP2) format of these databases. Other formats, like `csv` are not supported. +For a more complete list of keys, you can check the [GeoIP Databases of MaxMind](https://dev.maxmind.com/geoip/). However, note that the {{% param "product.abbrev" %}} application works with the `mmdb` (GeoIP2) format of these databases. Other formats, like `csv` are not supported. diff --git a/content/chapter-manipulating-messages/customizing-message-format/reference-template-functions/_index.md b/content/chapter-manipulating-messages/customizing-message-format/reference-template-functions/_index.md index 5af21b00..46a55544 100644 --- a/content/chapter-manipulating-messages/customizing-message-format/reference-template-functions/_index.md +++ b/content/chapter-manipulating-messages/customizing-message-format/reference-template-functions/_index.md @@ -569,7 +569,7 @@ The following databases are supported: *Syntax:* `$(graphite-output parameters)` -*Description:* Available in {{% param "product.abbrev" %}} 3.6 and later. This template function converts value-pairs from the incoming message to the Graphite plain text protocol format. It is ideal to use with the messages generated by the [monitor-source plugin](https://github.com/syslog-ng/syslog-ng-incubator/tree/master/modules/monitor-source/) (currently available in the syslog-ng incubator project). +*Description:* Available in {{% param "product.abbrev" %}} 3.6 and later. This template function converts value-pairs from the incoming message to the Graphite plain text protocol format. For details on selecting value-pairs in {{% param "product.abbrev" %}} and for possibilities to specify which information to convert to Graphite plain text protocol format, see {{% xref "/chapter-concepts/concepts-value-pairs/_index.md" %}}. Note that the syntax of `graphite-output` is different from the syntax of `value-pairs()`: `graphite-output` uses a the command-line syntax used in the [format-json template function]({{< relref "/chapter-manipulating-messages/customizing-message-format/reference-template-functions/_index.md" >}}). diff --git a/content/chapter-parsers/apache-access-log-parser/_index.md b/content/chapter-parsers/apache-access-log-parser/_index.md index 13a8705f..cf6451b9 100644 --- a/content/chapter-parsers/apache-access-log-parser/_index.md +++ b/content/chapter-parsers/apache-access-log-parser/_index.md @@ -4,7 +4,7 @@ weight: 100 --- -The Apache access log parser can parse the access log messages of the Apache HTTP Server. The {{% param "product.abbrev" %}} application can separate these log messages to name-value pairs. For details on using value-pairs in {{% param "product.abbrev" %}} see {{% xref "/chapter-concepts/concepts-value-pairs/_index.md" %}}. The `apache-accesslog-parser()` supports both the Common Log Format and the Combined Log Format of Apache (for details, see the [Apache HTTP Server documentation](https://httpd.apache.org/2.4/logs.html#accesslog)). The following is a sample log message: +The Apache access log parser can parse the access log messages of the Apache HTTP Server. The {{% param "product.abbrev" %}} application can separate these log messages to name-value pairs. For details on using value-pairs in {{% param "product.abbrev" %}} see {{% xref "/chapter-concepts/concepts-value-pairs/_index.md" %}}. The `apache-accesslog-parser()` supports both the Common Log Format and the Combined Log Format of Apache (for details, see the [Apache HTTP Server documentation](https://httpd.apache.org/docs/2.4/logs.html#accesslog)). The following is a sample log message: ```shell 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 diff --git a/content/chapter-sources/configuring-sources-network/proxy-prot-intro/_index.md b/content/chapter-sources/configuring-sources-network/proxy-prot-intro/_index.md index bf45c9ae..f2f0efb5 100644 --- a/content/chapter-sources/configuring-sources-network/proxy-prot-intro/_index.md +++ b/content/chapter-sources/configuring-sources-network/proxy-prot-intro/_index.md @@ -4,6 +4,6 @@ weight: 300 --- -If you connect load balancers to your {{% param "product.abbrev" %}} application, {{% param "product.abbrev" %}} identifies every connection that is connected to the load balancers identically by default, regardless of the source IP or the source protocol. Essentially, the load balancer masks the source IP unless you enable [Proxy Protocol](https://www.haproxy.com/blog/haproxy/proxy-protocol/) support for your proxy TLS `transport()` to inject information about the original connection into the forwarded TCP session. +If you connect load balancers to your {{% param "product.abbrev" %}} application, {{% param "product.abbrev" %}} identifies every connection that is connected to the load balancers identically by default, regardless of the source IP or the source protocol. Essentially, the load balancer masks the source IP unless you enable [Proxy Protocol](https://www.haproxy.com/documentation/haproxy-configuration-tutorials/client-ip-preservation/enable-proxy-protocol/) support for your proxy TLS `transport()` to inject information about the original connection into the forwarded TCP session. For further details about the working mechanism behind the Proxy Protocol support on {{% param "product.abbrev" %}} and the configuration details, see the following sections: diff --git a/content/chapter-sources/configuring-sources-network/proxy-prot-intro/proxy-prot-w-mech/_index.md b/content/chapter-sources/configuring-sources-network/proxy-prot-intro/proxy-prot-w-mech/_index.md index 1cb5570b..380788d8 100644 --- a/content/chapter-sources/configuring-sources-network/proxy-prot-intro/proxy-prot-w-mech/_index.md +++ b/content/chapter-sources/configuring-sources-network/proxy-prot-intro/proxy-prot-w-mech/_index.md @@ -4,7 +4,7 @@ weight: 100 --- -This section describes how {{% param "product.name" %}} supports the [Proxy Protocol](https://www.haproxy.com/blog/haproxy/proxy-protocol/). +This section describes how {{% param "product.name" %}} supports the [Proxy Protocol](https://www.haproxy.com/documentation/haproxy-configuration-tutorials/client-ip-preservation/enable-proxy-protocol/). ## The working mechanism behind the Proxy Protocol diff --git a/content/chapter-sources/darwin/_index.md b/content/chapter-sources/darwin/_index.md index 62758c6a..49a1e6be 100644 --- a/content/chapter-sources/darwin/_index.md +++ b/content/chapter-sources/darwin/_index.md @@ -87,7 +87,7 @@ The `darwin-oslog()` source has the following options: | Default: | `0` (no limit) | {{% alert title="Warning" color="warning" %}} -This option is currently disabled because of an [OSLog API bug](https://openradar.appspot.com/radar?id=5597032077066240). +This option is currently disabled because of an OSLog API bug. {{% /alert %}} {{% include-headless "chunk/option-description-source-log-fetch-limit.md" %}} diff --git a/content/chapter-sources/python-source/_index.md b/content/chapter-sources/python-source/_index.md index 0b15ce84..0aa9df31 100644 --- a/content/chapter-sources/python-source/_index.md +++ b/content/chapter-sources/python-source/_index.md @@ -63,7 +63,7 @@ This section describes server-style sources. For details on fetcher-style source Server-style Python sources must be inherited from the `syslogng.LogSource` class, and must implement at least the `run` and `request_exit` methods. Multiple inheritance is allowed, but only for pure Python super classes. -You can implement your own event loop, or integrate the event loop of an external framework or library, for example, [KafkaConsumer](https://kafka-python.readthedocs.io/en/master/apidoc/KafkaConsumer.html), [Flask](http://flask.pocoo.org/), [Twisted engine](https://twistedmatrix.com/trac/), and so on. +You can implement your own event loop, or integrate the event loop of an external framework or library, for example, [KafkaConsumer](https://kafka-python.readthedocs.io/en/master/apidoc/KafkaConsumer.html), [Flask](http://flask.pocoo.org/), [Twisted engine](https://twisted.org/), and so on. To post messages, call `LogSource::post_message()` method in the `run` method. diff --git a/content/headless/chunk/option-description-destination-slack-throttle.md b/content/headless/chunk/option-description-destination-slack-throttle.md index 153f029b..f1e20cd9 100644 --- a/content/headless/chunk/option-description-destination-slack-throttle.md +++ b/content/headless/chunk/option-description-destination-slack-throttle.md @@ -1,4 +1,4 @@ --- --- -By default, the `throttle()` option is set to 1, because Slack has a 1 message/second limit on Webhooks. It can allow more message in short bursts, so you can set it to 0, if you only expect messages in a short period of time. For details, see the [Web API rate limiting in the Slack documentation](https://api.slack.com/rate-limits). +By default, the `throttle()` option is set to 1, because Slack has a 1 message/second limit on Webhooks. It can allow more message in short bursts, so you can set it to 0, if you only expect messages in a short period of time. For details, see the [Web API rate limiting in the Slack documentation](https://api.slack.com/apis/rate-limits). diff --git a/content/headless/chunk/option-destination-http-use-system-cert-store.md b/content/headless/chunk/option-destination-http-use-system-cert-store.md index bd23041b..cdb040a8 100644 --- a/content/headless/chunk/option-destination-http-use-system-cert-store.md +++ b/content/headless/chunk/option-destination-http-use-system-cert-store.md @@ -9,5 +9,5 @@ | Type: | `yes` or `no` | | Default: | `no` | -*Description:* Use the certificate store of the system for verifying HTTPS certificates. For details, see the [curl documentation](https://curl.haxx.se/sslcerts.html). +*Description:* Use the certificate store of the system for verifying HTTPS certificates. For details, see the [curl documentation](https://curl.se/docs/sslcerts.html). From b66fbf63e912d7916c4fc0f02ee01c329c709469 Mon Sep 17 00:00:00 2001 From: Robert Fekete Date: Wed, 20 Nov 2024 13:23:12 +0100 Subject: [PATCH 4/4] Update content/chapter-configuration-file/configuration-syntax/_index.md Thanks! Co-authored-by: Szilard Parrag --- .../chapter-configuration-file/configuration-syntax/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/chapter-configuration-file/configuration-syntax/_index.md b/content/chapter-configuration-file/configuration-syntax/_index.md index a14dcb01..0adb5dfa 100644 --- a/content/chapter-configuration-file/configuration-syntax/_index.md +++ b/content/chapter-configuration-file/configuration-syntax/_index.md @@ -30,7 +30,7 @@ The following is a very simple configuration file for `syslog-ng`: it collects t }; ``` -As a `syslog-ng` user described on a mailing list: +As a `syslog-ng` user described on a [mailing list](https://archives-cdn-origin.gentoo.org/gentoo-user/201003172231.28032.alan.mckinnon@gmail.com): > Alan McKinnon >