How about not even using program(), instead sending it to a destination that is a fifo (named pipe) and a program that listens to your fifo. This would at least save the overhead of loading the program called by program() every time a log is sent that way. Security wise, I guess you could make your program/script run as a different user. I'm pretty sure this would work, correct me otherwise. Cheers, John
Is using a program destination like "sed -e 's#<XX>#<YY>#' | your_prog" an option?
You can do that? I see that the program() destination is an execl() call - I didn't think a pipe would work there.
hmm .. I guess you're right .. so you'd have to use a wrapper script to do that for you.
Also, I noticed that items run via program() run as root - at least when syslog-ng is run as root. Is it possible to have syslog-ng drop priveledges? In fact, is it possible to have syslog-ng drop its own priveledges as soon as possible and run as a normal user? Perhaps as nobody?
For program destinations, you could use "su -c your_program".