I have an email alert script written in python to send me security alerts depending on criteria I have defined. I was working on something else and wanted to clean up so I did a pkill -9 python without remembering that I'm on the syslog server. Of course this killed the alert script, which I noticed didn't restart and syslog-ng kept running without it. So I tested it by creating a condition to generate a log and therefore an alert and I didn't get the email. Not very good. Syslog-ng didn't restart the script defined in program() in syslog-ng.conf, even when it had more input for it, which has gotten me thinking, what happens if the script really dies or is accidentally killed? Syslog-ng must have just dropped the output on the floor or something. The only way I can see to restart it is to restart syslog-ng itself. What is the best way to make this more resilient? I'm currently thinking a cron job to test for the python script and then restart the server if it is not found. Anybody got anything better? -h -- Hari Sekhon
On Fri, 2006-09-22 at 18:58 +0100, Hari Sekhon wrote:
I have an email alert script written in python to send me security alerts depending on criteria I have defined. I was working on something else and wanted to clean up so I did a pkill -9 python without remembering that I'm on the syslog server.
Of course this killed the alert script, which I noticed didn't restart and syslog-ng kept running without it. So I tested it by creating a condition to generate a log and therefore an alert and I didn't get the email. Not very good.
Syslog-ng didn't restart the script defined in program() in syslog-ng.conf, even when it had more input for it, which has gotten me thinking, what happens if the script really dies or is accidentally killed? Syslog-ng must have just dropped the output on the floor or something.
The only way I can see to restart it is to restart syslog-ng itself.
What is the best way to make this more resilient?
what version of syslog-ng are you running? i believe i have read that 2.0 is supposed to restart the program if it dies, 1.6 does not, to my knowledge. -- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Matt Zagrabelny wrote:
i believe i have read that 2.0 is supposed to restart the program if it dies, 1.6 does not, to my knowledge.
what version of syslog-ng are you running?
Ok then, I've got syslog-ng 1.6.9. I guess it will be worth the upgrade to 2.0 at some point when it becomes very solid. In the meantime I wrote a quick script to test the programs are alive and restart syslog-ng if one of them dies, which is good enough and gets the job done so I'm ok with that for now. -h -- Hari Sekhon
On Mon, 2006-09-25 at 10:01 +0100, Hari Sekhon wrote:
Matt Zagrabelny wrote:
i believe i have read that 2.0 is supposed to restart the program if it dies, 1.6 does not, to my knowledge.
what version of syslog-ng are you running?
Ok then, I've got syslog-ng 1.6.9. I guess it will be worth the upgrade to 2.0 at some point when it becomes very solid.
In the meantime I wrote a quick script to test the programs are alive and restart syslog-ng if one of them dies, which is good enough and gets the job done so I'm ok with that for now.
A reload should be fine too, and is less intrusive. -- Bazsi
thanks, that does work and you're right, it is less intrusive so I've changed my script to do that instead... -h Hari Sekhon Balazs Scheidler wrote:
On Mon, 2006-09-25 at 10:01 +0100, Hari Sekhon wrote:
Matt Zagrabelny wrote:
i believe i have read that 2.0 is supposed to restart the program if it dies, 1.6 does not, to my knowledge.
what version of syslog-ng are you running?
Ok then, I've got syslog-ng 1.6.9. I guess it will be worth the upgrade to 2.0 at some point when it becomes very solid.
In the meantime I wrote a quick script to test the programs are alive and restart syslog-ng if one of them dies, which is good enough and gets the job done so I'm ok with that for now.
A reload should be fine too, and is less intrusive.
participants (3)
-
Balazs Scheidler
-
Hari Sekhon
-
Matt Zagrabelny