[syslog-ng]source definition with pipe / 1.4x or 1.5x

[Balazs Scheidler]

On Thu, Nov 07, 2002 at 03:41:16PM +0100, D. Pille wrote:
> Hello Balázs,
> 
> I would like to migrate our servers from syslog to syslog-ng (weīre using
> SuSE 5.4 to 8.1, some clustered, mostly all Internet).
> Can you say about the next stable release or better: Should I use 1.4x now
> and then I can switch over to 1.5x - without greater reconfigurations?

1.5.x is mostly upward compatible, except for the DEFAULT filter that was
present in 1.4.x

1.5.x is quite stable since the last bug (involving an off-by-one I
announced a couple of weeks ago) was fixed. I'm planning to release 1.6.0
soon.

> 
> And another questions:
> 
> source src { pipe("/proc/kmsg"); unix-stream("/dev/log"); internal(); };
> 
> Is this source definition enough to leave klogd behind?

yet. I prefer using a file() source for /proc/kmsg, but pipe() and
file() are mostly the same.

you might change kernel logging to avoid getting kernel messages on the
console (klogd automatically does this for you, syslog-ng doesn't, you need
an explicit dmesg call for that):

dmesg -n1 for no logs.

> Is it possible to use "pipe" in this manner for other logs - like them from
> proftpd? Itīs for me not clear how to grep a log message in a logfile to a
> central log-server when the source isnīt at /proc or /dev.
> Will "pipe" as source driver look around the file and, if a new line
> appears, pipe this new lines?

no, syslog-ng1.5 doesn't support growing files. syslog-ng 2 does, but it's
not yet released ;)

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1