[syslog-ng]destination { program(); } failures...

Gregor Binder gb@rootnexus.net
Wed, 6 Jun 2001 16:34:02 +0200


David Douthitt on Wed, Jun 06, 2001 at 09:21:18AM -0500:

Hi,

> > I think what most people think program() is for, is spawning their
> > script for every message, which is obviously not a good thing to do :)
> 
> Well, that would be the OBVIOUS thing to do - though from a system
> standpoint, that would likely lead to some serious performance
> degradation.  The idea of continually "feeding message after message"
> makes more sense, but has to be programmed for, and isn't the first
> thing thought of.

well, it's not only performance, it's some very serious potential for a
DoS condition (exhaustion of process table, RAM, etc.) of both your
computer and possibly your cellphone, pager, emailbox, or whatever is
receiving those notifications. You will need to define and check 
tresholds somewhere, and it's sort of tough to keep state across program
calls (would have to be file-based or something ugly like that).

> I also noticed that the messages thus sent still have their
> syslog-based "<99>message" format; is there - could there be - an
> option to strip the "<XX>" from the message?  My program which is
> responding is a generic program so I don't want to put it in there -
> it responds to things other than syslog messages.

Is using a program destination like "sed -e 's#<XX>#<YY>#' | your_prog"
an option?

Regards,

-- 
 ____ ____ 
/  _/| -  >  Gregor Binder <gb@(rootnexus.net|sysfive.com)>
| / || _\ \
\__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B