[syslog-ng]syslog-ng log file rotation based on size

Richard E. Perlotto II rperlott@cisco.com
Sun, 2 Feb 2003 17:13:37 -0800 

Heh, did not mean to sound short.

You are correct in that, and what you gave was one good example.  I
would
like to see syslog-ng focused on what it's primary purpose is.  Which is
able to be a flexible logging mechanism that is much superior to regular
Syslog.  Bloat is only one reason to not have this functionality, but as
I said there is a lot of other functionality that would be good to have
before
we start looking at taking over the functionality of other programs as
well.

One thing I would really like to see is the capability to breakdown the
Syslog message itself into smaller chunks such that I do not have to
put it through yet another interrupter.  Although I would be concerned
with impacting the speed of the application then.

As an example, there are a lot of logging devices out there and the
content of those logs are not always consistent.  Before writing to
a database (or buffer file), I would like to make the logs a bit more
homogeneous for usefulness.  	For example, the differences between
what I get from the logs from Cisco devices verses Shorewall (IPTables).

There is a lot of extra information that is contained in each of those
logs.  Not all of it do I care about.  It would be really nice to be
able
to take certain specific pieces and only track those in a database.

The ability to write to a PGP encrypted file would be excellent.
Although
I am not sure how this would be best implemented.  The idea of built-in
SSL
is another that would be nice to have.  While stunnel works, it is only
one more tack-on that could break when you are expecting your logs to
arrive
somewhere.

I am sure that there are many other features that many of us would like
to see as well.

Richard

> -----Original Message-----
> From: syslog-ng-admin@lists.balabit.hu 
> [mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Nate Campi
> Sent: Sunday, February 02, 2003 10:54 AM
> To: syslog-ng@lists.balabit.hu
> Subject: Re: [syslog-ng]syslog-ng log file rotation based on size
> 
> 
> On Sun, Feb 02, 2003 at 08:09:15AM -0800, Richard E. Perlotto 
> II wrote:
> 
> > I really do not think that it is necessary to add this to a logging 
> > program.  There are other features that I would prefer to 
> see before 
> > this.  There are a lot of other programs that already have this 
> > functionality for syslog-ng.  If you run these often enough 
> you should 
> > not have your log size problem.
> 
> It's not mandatory in syslog-ng, I just want to discuss ways 
> of addressing the issue of file size. You'll notice I already 
> gave suggestions on perfectly good ways to manage the file 
> sizes (complete with a working example cfengine config).
> 
> It's simply that we already have a program that knows which 
> logs are used, is already running, and is written/maintained 
> by a trusted author (syslog-ng). Giving syslog-ng users a 
> method to address this, when many aren't in a position to 
> write their own utilities, or address it on their own, is a 
> good thing. I see it as a matter of reducing complexity for 
> the user population, not for me personally.
> 
> Hmm, I fully expect this idea to be rejected for a good 
> reason, the bloat issue...but I wanted to see it discussed.
> -- 
> Nate Campi   http://www.campin.net 
> 
> "A computer lets you make more mistakes faster than any 
> invention in human history - with the possible exceptions of 
> handguns and tequila." 
>  -Mitch Ratliffe  
>  
> "Never trust a computer you can't throw out a window."  
> -Steve Wozniak  
> 
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu 
> https://lists.balabit.hu/mailman/listinfo/sysl> og-ng
> 
> Frequently asked questions at 
> http://www.campin.net/syslog-ng/faq.html
> 
> 
>