Solis, Alex (EMC) wrote:
Thanks for the reply!
Is there any DoS possibility or performance problem when the program() destination is used in a high log volume environment? I can see a problem if the program is spawned (executed) each time a log comes in, which might be very often. I am hoping the program() destination keeps the program in memory; does it do this The manual says that it keeps the program running and feeding it stdin.
http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch08s02.html#re... Version 2 restarts it if the program exits but it's not recommended to use any program that exits early after 1 message or you'll open yourself up to a DoS. Version 1.6 doesn't do this so you'll need to write a script to watch that and restart if necessary (I did this for example). -h -- Hari Sekhon