This is what happens on the syslog-ng side:
Breakpoint hit etc/syslog-ng.conf:11:2
11 unix-stream("log");
Dec 15 16:14:05 bazsi: almafa
(syslog-ng)
At a breakpoint, syslog-ng displays where the break has occurred, quotes the source line and displays the message that is being processed.
Now it becomes interactive, you can inspect the message with various commands:
(syslog-ng) help
syslog-ng interactive console, the following commands are available
help, h, or ? Display this help
continue or c Continue until the next breakpoint
print, p Print the current log message
drop, d Drop the current message
quit, q Tell syslog-ng to exit
(syslog-ng) p $MSG
almafa
(syslog-ng) p
MESSAGE=almafa
PROGRAM=bazsi
LEGACY_MSGHDR=bazsi:
.unix.pid=18703
.unix.uid=1000
.unix.gid=1000
TAGS=
(syslog-ng) p "$(format-json --key *)"
{"_unix":{"uid":"1000","pid":"18703","gid":"1000"}, ... }
With the "continue" command, you can request syslog-ng to proceed to the next LogPipe, where it stops again. "drop" drops the current message, "quit" tells syslog-ng to exit.
I would really like to extend this to further ways, like:
- real breakpoints, instead of stopping everywhere
- inject messages
- change messages to make configuration testable
- single-step (to the next primitive LogPipe) and step-over (to the next 'real' LogPipe that is found in the configuration file)
- interactive REPL to template functions to make it easier to interact with them
What do you think?