Re: [syslog-ng] specify destination filename in message?
That's the solution you've picked.
I still haven't figured out how to actually do this in the configuration file.
What is the reasoning which lead you to pick this solution?
I am going to be using syslog to log messages from an app I am writing. I need to be able to have the messages start going into a new file at an arbitrary time.
If nothing else, there are significant security and denial of service issues inherent in this idea, especially when accepting UDP syslog messages, trivially spoofable.
I am only going to be handling messages from my app, not a catch-all source.
Hi, Robert Ulbrich <rulbrich@capsher.com> [20080507 13:19:52 -0500]:
That's the solution you've picked.
I still haven't figured out how to actually do this in the configuration file.
What is the reasoning which lead you to pick this solution?
I am going to be using syslog to log messages from an app I am writing. I need to be able to have the messages start going into a new file at an arbitrary time.
This is what I was prodding you towards for an answer in my last email :) The solution is probably to use the bits available to you in a syslog header. http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/ch02s10.html Severity and Facility should give you anything you need? If you need more than that I would recommend you either: * send out your syslog messages on a multicast address * open more ports your syslog server listens on and log different for each one, alternatively assign multiple IP's to your syslog server to do the same thing if you have to use 514/udp for all messages When you say 'arbitrary time', what prompts you system to change? More details and we might be able to suggest an idea system for you. Cheers Alex
Severity and Facility should give you anything you need? If you need more than that I would recommend you either: * send out your syslog messages on a multicast address * open more ports your syslog server listens on and log different for each one, alternatively assign multiple IP's to your syslog server to do the same thing if you have to use 514/udp for all messages
When you say 'arbitrary time', what prompts you system to change? More details and we might be able to suggest an idea system for you.
I am trying to keep this as general as possible but also give enough details so that it is clear what the problem is. What I would like is to create a "current" log file, which can be named according to when the file was created. Then I would like all the messages to go to the "current" log file. Then, at an arbitrary time (meaning at an event within my app), create a new file and designate it as the "current" file so that all messages will now go to it. Not to stop the genius minds at work, but here is the solution I am thinking about: 1. On System startup, create a log file in my log dir with current time (e.g. MyAppErrors_SUN_23_03_29) 2. Setup syslog-ng to output to file, lets say MyAppErrors. 3. Create a symbolic link (e.g. MyAppErrors -> MyAppErrors_SUN_23_03_29) 4. Within my app, on the event, call a script which will create a new file, say MyAppErrors_MON_01_23_42, relink MyAppErrors to the newly created file (e.g. MyAppErrors -> MyAppErrors_MON_01_23_42) Question: Do I need to "$/usr/bin/killall -HUP syslog-ng" before breaking the symbolic link? (I'll start a new thread for this question)
participants (2)
-
Alexander Clouter
-
Robert Ulbrich