On 1999 Jun 14, Balazs Scheidler wrote:

Hi,

(cc-ing the message to the syslog-ng mailing list)

Thanks, I better subscibe !

On Mon, Jun 14, 1999 at 01:45:02AM +0200, Marc Duponcheel wrote:

...

First of all: CONGRATULATIONS with syslog_ng!

UNIX is waiting 20 years already to get rid of the limited syslog daemon ;-)

Thanks.

...

Since you use a real language to write syslog_ng.conf I would like you to propose a generalisation, which, I believe, should be easy (and powerful).

You may have noticed that big parts of a syslog_ng.conf are simply substitutions of some template ...

What about variables (coming out of the log itself)?

like: variables=level,facility,program,host

Then syslog_ng could interpret generic specifications resulting in generating multiple log files without the syslog_ng.conf writer having to worry about the actual possible values. For 'program' and 'host' I believe this could be a real win.

Of course you should make ${program}=foo for such things like foo[NNN]: and foo:

destination d_${variable} { file /var/log/${variable}; }; filter f_${variable} { level(${variable}); }; log { source src; filter f_${variable}; destination d_${variable}; };

In fact one could combine variables (2 below) to generate any kind of combinations.

destination d_${level}.${program} { file /var/log/${level}.${program}; }; filter f_${level}.${program} { level(${level}); program(${program}) }; log { source src; filter f_${level}.${program}; destination d_${level}.${program}; };

this approach has some difficulties.

syslog-ng opens all files at startup and keeps them open, and using variables above would make it rather difficult to find out the possible files at startup. (= impossible)

Yeah, I was somewhat aware of this and also about the dangers of having too many files opening closing all the time ...

A workaround would be to open a destination only when some output is written there, but this would require quite big changes in syslog-ng internally.

And would probably slow down things ... I don't know.

The same effect you proposed above could be done using some config file generation script:

for fac in mail news auth; do for lev in crit alert debug; do cat syslog-ng.template | sed -e "s/\$\{facility\}/$fac/g" -e "s/\$\{level\}/$lev" done done

That's indeed what I do for (fac, lev) ;-) but for program and hostname I don't have a list ... since any program or host could suddenly decide to log something, a fact by the way a sysadmin might be interested in (such a new program or host). -- Marc Duponcheel marc@offline.be [home] +32 (0)3 449.44.94 mduponch@cisco.com [work] +32 (0)2 704.52.40