Hello, I must log files in a directory The rules are : - this files are created with a name that i must to redirect to syslog-ng. - i must redirect a file just after his creation Do you know a solution that can that can resolve this problem. With searchs i have a idea with xtails but if a standard exist with this problem i prfer use it. Thanks for your answers. Nicolas de Marqué
On Mon, 16 Jul 2007 09:38:08 +0200, =?ISO-8859-1?Q?Nicolas_de_Marqu=E9_-_Fromentin?= said:
I must log files in a directory
The rules are :
- this files are created with a name that i must to redirect to syslog-ng. - i must redirect a file just after his creation
Do you know a solution that can that can resolve this problem.
Are you unable to use the syslog-ng facility for constructing the pathname of the logfile? It allows things like: destination d_auth { file("/logs/$HOST/$YEAR/$MONTH/seclog-$YEAR-$MONTH$DAY"); }; and there's a *lot* of other variables you can include in there. Or am I totally failing to understand the problem?
Hum, I don't want log in a directory but i wan't log the content of a directory. This directory change with the apparition of new files every second and i must redirect this flow thruth a syslog-ng client to a syslog-ng serveur and this server organize data with the rules you describe. 2007/7/16, Valdis.Kletnieks@vt.edu <Valdis.Kletnieks@vt.edu>:
On Mon, 16 Jul 2007 09:38:08 +0200, =?ISO-8859-1?Q?Nicolas_de_Marqu=E9_-_Fromentin?= said:
I must log files in a directory
The rules are :
- this files are created with a name that i must to redirect to syslog-ng. - i must redirect a file just after his creation
Do you know a solution that can that can resolve this problem.
Are you unable to use the syslog-ng facility for constructing the pathname of the logfile? It allows things like:
destination d_auth { file("/logs/$HOST/$YEAR/$MONTH/seclog-$YEAR-$MONTH$DAY"); };
and there's a *lot* of other variables you can include in there. Or am I totally failing to understand the problem?
On Mon, 16 Jul 2007 17:19:18 +0200,
This directory change with the apparition of new files every second and i must redirect this flow thruth a syslog-ng client to a syslog-ng serveur and this server organize data with the rules you describe.
Oh. This is going to become more complex. You are going to need a system-dependent hook of some sort to notice the new files arriving (under Linux, I'd recommend the inotify facility. I think Solaris has something similar), and then connect that to a userspace program that calls syslog() to send the message. If all else fails, if your kernel supports some sort of C2/LSPP auditing of syscalls, you could hijack that facility and use it to feed your program. However, that's probably going to be much higher overhead. In any case, it's not *really* a syslog-ng issue - the problem is identifying the files and generating the message.
participants (2)
-
Nicolas de Marqué - Fromentin
-
Valdis.Kletnieks@vt.edu