[syslog-ng]feature request
Balazs Scheidler
bazsi@balabit.hu
Thu, 6 Jun 2002 09:44:44 +0200
On Wed, Jun 05, 2002 at 12:30:56PM -0700, Nate Campi wrote:
> Can output from programs started by syslog-ng get logged by syslog-ng to
> the logs, perhaps under the syslog facility with the program name as the
> TAG field:
>
> Jun 5 12:15:04 hostname swatch[15895]: syntax error at /root/.swatch_script.1395 line 1581, near "."
>
> Or use syslog-ng as the TAG and put the actual program just after:
>
> Jun 5 12:15:04 hostname syslog-ng[15892]: swatch: syntax error at /root/.swatch_script.1395 line 1581, near "."
>
> I have a separate log architecture I setup for our networking devices,
> and the network engineers maintain it. The problem is that they didn't
> know swatch wasn't running due to swatch errors, and swatch is started
> from syslog-ng (as described here:
> http://www.campin.net/newlogcheck.html#swatch).
>
> Having the swatch errors caught and logged would even have allowed me to
> send an alert on it via some filters using "match()", or at least been
> easy for the network staff to see in the logs. They're good with ciscos
> but not as good with UNIX ;)
I'll add this on my todo list. As long as it is not implemented, you might
try to redirect the program's output to a named pipe like this:
destination d_swatch { program("swatch 2> /var/run/swatch.err"); };
source s_swatch { pipe("/var/run/swatch.err"); };
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1