Mercurial > syslog2iptables

diff xml/syslog2iptables.in @ 12:c2a2e35a85ac

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
final documentation, rpm builds properly
author carl
date Sat, 17 Dec 2005 16:17:09 -0800
parents a9b52f657f08
children 2a7161b03b94
line wrap: on
line diff
--- a/xml/syslog2iptables.in	Thu Dec 15 16:20:17 2005 -0800
+++ b/xml/syslog2iptables.in	Sat Dec 17 16:17:09 2005 -0800
@@ -3,10 +3,9 @@
     <partintro>
         <title>Packages</title>
         <para>The various source and binary packages are available at <ulink
-        url="http://www.five-ten-sg.com/syslog2iptables/packages">http://www.five-ten-sg.com/syslog2iptables/packages</ulink>
-        </para>
-        <para>The most recent documentation is available at <ulink
-        url="http://www.five-ten-sg.com/syslog2iptables/">http://www.five-ten-sg.com/syslog2iptables/</ulink>
+        url="http://www.five-ten-sg.com/@PACKAGE@/packages">http://www.five-ten-sg.com/@PACKAGE@/packages</ulink>
+        The most recent documentation is available at <ulink
+        url="http://www.five-ten-sg.com/@PACKAGE@/">http://www.five-ten-sg.com/@PACKAGE@/</ulink>
         </para>
     </partintro>
 
@@ -57,9 +56,19 @@
 
                 <para>Each ip address has an associated leaky bucket, which leaks one
                 token per second.  Once the bucket contains more than a configurable
-                number of tokens, that ip address is added to the INPUT chain with a
-                DROP target.  When the bucket is drained to zero, that ip address is
-                removed from the INPUT chain.</para>
+            threshold number of tokens, that ip address is added to the INPUT chain
+            with a DROP target.  When the bucket is drained to zero, that ip address
+            is removed from the INPUT chain.</para>
+
+            <para>The discussion has focused on syslog files, but any ascii text
+            file can be used, so long as some other process appends lines to that
+            file, and those lines containing hostname or ip addresses can be matched
+            with some regular expression.</para>
+
+            <para>Considering syslog files in particular, these are normally rotated
+            via logrotate.  <command>@PACKAGE@</command> properly detects and
+            handles this case by closing the old file, and reopening the newly
+            created file.</para>
         </refsect1>
 
         <refsect1 id='options.1'>
@@ -95,7 +104,8 @@
             <para>
                 The configuration file is documented in <citerefentry>
                 <refentrytitle>@PACKAGE@.conf</refentrytitle> <manvolnum>5</manvolnum>
-                </citerefentry>.
+                </citerefentry>.  Any change to the config file will cause it to be
+                reloaded within three minutes.
             </para>
         </refsect1>