[syslog-ng] Re: syslog_ng suggestion
Balazs Scheidler
bazsi@balabit.hu
Mon, 14 Jun 1999 19:05:03 +0200
Hi,
(cc-ing the message to the syslog-ng mailing list)
On Mon, Jun 14, 1999 at 01:45:02AM +0200, Marc Duponcheel wrote:
> First of all: CONGRATULATIONS with syslog_ng!
>
> UNIX is waiting 20 years already to get rid of the limited syslog
> daemon ;-)
Thanks.
>
> Since you use a real language to write syslog_ng.conf I would like you
> to propose a generalisation, which, I believe, should be easy (and
> powerful).
>
> You may have noticed that big parts of a syslog_ng.conf are simply
> substitutions of some template ...
>
> What about variables (coming out of the log itself)?
>
> like:
> variables=level,facility,program,host
>
> Then syslog_ng could interpret generic specifications resulting in
> generating multiple log files without the syslog_ng.conf writer having
> to worry about the actual possible values. For 'program' and 'host' I
> believe this could be a real win.
>
> Of course you should make ${program}=foo for such things like
> foo[NNN]: and foo:
>
> destination d_${variable} {
> file /var/log/${variable};
> };
> filter f_${variable} {
> level(${variable});
> };
> log { source src;
> filter f_${variable};
> destination d_${variable};
> };
>
>
> In fact one could combine variables (2 below) to generate any kind of
> combinations.
>
> destination d_${level}.${program} {
> file /var/log/${level}.${program};
> };
> filter f_${level}.${program} {
> level(${level});
> program(${program})
> };
> log { source src;
> filter f_${level}.${program};
> destination d_${level}.${program};
> };
this approach has some difficulties.
syslog-ng opens all files at startup and keeps them open, and using
variables above would make it rather difficult to find out the possible
files at startup. (= impossible)
A workaround would be to open a destination only when some output is written
there, but this would require quite big changes in syslog-ng internally.
The same effect you proposed above could be done using some config file
generation script:
for fac in mail news auth; do
for lev in crit alert debug; do
cat syslog-ng.template |
sed -e "s/\$\{facility\}/$fac/g" -e "s/\$\{level\}/$lev"
done
done
--
Bazsi