[syslog-ng]sync question, feature request

[Wiktor Wodecki]

hello again (sorry if I start to irk you :-),


I'm a little bit irritated about the sync option. As I understood it
from the docs (my tests confirmed them) syslog-ng holds up to n lines in
a buffer before they get written down to disk. However, what happens if
a machine dies and the buffer on the loggingserver isn't full yet? I'm
not quite sure, but what would happen to the data in buffer? I didn't
test it, but I think time_reap() would catch this and close the file
after m minutes. However, imagine the following situation: You've got a
central logginghost and you know that an intruder is working right at
the moment on that machine; Seconds later the machine dies and you want
to know what the last syslog message was. In this case one'd have to
wait till syslog-ng closes that file. It would be nice to have a handler
or a command line argument to make syslog-ng write down all current
buffers to disk.

I've got another question, I haven't really looked at the 1.5 tree yet,
but I think about making patch to syslog-ng which would include the
strftime functions. I want to be able to use things like $Y/$m/$d in the
destination file path, this would effectively eliminate logrotation
scripts. Is there such an effort already in work or is this feature
planned?

-- 

Regards,

Wiktor Wodecki
Unix-Administration
Wapme Systems AG