[syslog-ng]destination 'program'

[Dmitry Frolov]

On Mon, Feb 03, 2003 at 02:28:37PM +0100, Balazs Scheidler wrote:

> > It seems that syslog-ng starts external program to pipe logs through only at startup.
> > The documentation says so too and there's nothing about restart.
> > 
> > Syslog-ng only writes error message to internal log if program is terminated.
> > 
> > Feb  3 15:48:17 loghost syslog-ng[971]: io.c: do_write: write() failed (errno 32), Broken pipe
> > Feb  3 15:48:17 loghost syslog-ng[971]: pkt_buffer::do_flush(): Error flushing data
> > 
> > But, in some cases it's desirable to watch for this external filter program and restart
> > it when nesessary.
> > Program may die suddenly or may need full restart for reconfiguration.
> > I know that syslog-ng restarts external filter on SIGHUP, and sure i could write watcher
> > script for automatic SIGHUPing of syslog-ng, but automatic filter program restart,
> > perhaps with some frequency limitations would be quite useful.
> > Is there any considerations against that?
> 
> This is the intended behaviour as without this everybody would be putting 
> 
> program("mail -s alert `read`");
> 
> like scripts in their configuration which would effectively DoS their log
> server.


Well, everything may be misused or misconfigured but it's not a syslog-ng problem...
Sysadmin should consider this and other DoS possibilities when configuring logserver.
Besides, there might be some minimal startup frequency limit, 1 second for example.
Without automatic filter restart logserver loses log reporting functionality until
next syslog-ng restart or SIGHUP.

> Regardless syslog-ng 2 (the development branch) contains code to restart the
> program, but possibly it will come with a knob defaulting to FALSE whether
> this restart should be done.

Restart might be an option to 'program' destination which defaults to false..


-- 
Dmitry Frolov, Zenon N.S.P. (095) 250-4629, http://www.zenon.net/