I have been using syslog-ng and logdog.pl (http://caspian.dotconf.net/menu/Software/LogDog/) for quite some time but now want to move to SEC because of its thresholding and suppression features.  I noticed that SEC can monitor files and does not necessarily need a FIFO pipe.  I also noticed that syslog-ng can send logs directly to a program using the program() feature.  My question is which is the best way to implement the syslog-ng to SEC conduit?  Should I create a pipe and ask SEC to monitor that because its efficient?  Should I simply ask SEC to monitor syslog-ng’s destination file even though files are rotated every night?  Or should I use syslog-ng’s program() feature to send messages to SEC.  I guess all will work but which is the best option.

 

Thanks for any insight.

 

Alex