Thanks for the reply! Is there any DoS possibility or performance problem when the program() destination is used in a high log volume environment? I can see a problem if the program is spawned (executed) each time a log comes in, which might be very often. I am hoping the program() destination keeps the program in memory; does it do this? Alex -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of infosec@gmail.com Sent: Thursday, January 10, 2008 8:12 PM To: Syslog-ng users' and developers' mailing list; syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng] SEC and syslog I use the program destination because I log to files by date and sometimes a host system with a bad date screws things up. With program I'll see every message once and only once, see it right away and not have to worry about the pipe. I could see going with a pipe if you wanted to be able to restart syslog regularly (like if you had a mem leak or something), but program() is quick, reliable and easy. -----Original Message----- From: "Solis, Alex \(EMC\)" <axsolis@cps-ems.com> Subj: [syslog-ng] SEC and syslog Date: Thu Jan 10, 2008 8:30 am Size: 873 bytes To: <syslog-ng@lists.balabit.hu> I have been using syslog-ng and logdog.pl (http://caspian.dotconf.net/menu/Software/LogDog/) for quite some time but now want to move to SEC because of its thresholding and suppression features. I noticed that SEC can monitor files and does not necessarily need a FIFO pipe. I also noticed that syslog-ng can send logs directly to a program using the program() feature. My question is which is the best way to implement the syslog-ng to SEC conduit? Should I create a pipe and ask SEC to monitor that because its efficient? Should I simply ask SEC to monitor syslog-ng's destination file even though files are rotated every night? Or should I use syslog-ng's program() feature to send messages to SEC. I guess all will work but which is the best option. Thanks for any insight. Alex --- attachment noname 1.html --- --- message truncated --- _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html