R. V. C. schrieb:
However when I try to use the read-pipe option, nothing ever comes out: destination swatch { program("/usr/local/bin/swatch --read-pipe=\"cat /dev/fd/0\""); };
There certainly is no Pipe called "cat /dev/fd/0". ;) But --read-pipe=/dev/fd/0 should work, as file descriptor 0 is stdin.
I even tried using my mysql.pipe and creating a fifo pipe (swatch.pipe) just for swatch: destination swatch.pipe { pipe("/var/log/swatch.pipe" template("$FULLDATE $HOST $FACILITY:$PRIORITY $MSG\n")); };
This looks good. But your config has no log-path that writes to destination(swatch.pipe).
destination swatch { program("/usr/local/bin/swatch --config-file=/root/.swatchrc --tail-file=/var/log/swatch.pipe"); };
As this is a program()-destination syslog-ng will send the data to its stdin -- but you tell swatch to read from swatch.pipe instead. You could use 'echo Hello World > /var/log/swatch.pipe' to test the FIFO itself. The important point with FIFOs is that the reading programm can (and have to) be started independently. You have to use a pipe-destination in syslog-ng _and_ start the swatch process (on FreeBSD with /usr/local/etc/rc.d/swatch) I use FIFOs myself because it allows me to change and restart my analyzer (I'm using logsurfer and SEC) without having to restart syslog-ng. -- Martin