[syslog-ng]Suggestions/enhancements miscellany

Balazs Scheidler bazsi@balabit.hu
Wed, 22 Jan 2003 11:56:36 +0100 

On Wed, Jan 22, 2003 at 10:20:02AM +0000, Ted_Rule@flextech.co.uk wrote:
> 
> 
> Whilst at least some of the following has been mentioned before, I'd like to
> make a
> another little plea for some extra features and tidyups to syslog-ng and its
> associated documentation.
> 
> a)   SIGHUP/keep-listening feature request
> 
> The current version supports the keepalive stream socket feature for both TCP
> and Unix-Stream which
> means that existing connections are kept open across a SIGHUP/reconfig. This is
> all well and good, and
> provides sufficient functionality to avoid losing a Stream Source Socket
> message. However, for UDP sockets,
> I believe the socket is closed/re-opened on SIGHUP, which thereby has the
> potential for loss of messages
> across a SIGHUP.

...

 this is addressed in my syslog-ng 2 tree

> 
> b)   SIGUSR1/logrotate feature.
> 
> To avoid losing UDP messages, one extra trick might be to include another signal
> - say SIGUSR1 - which is used merely to close
> all open destinations. This would be used for log rotation - I'm assuming there
> would never be a requirement to add open() code to this
> as well, as any required destination should be simply opened on demand. At
> present, SIGHUP is used to ensure destination closure
> for log rotation purposes, but this has the side-effect of closing sources, and
> hence potentially losing UDP messages. Adding SIGUSR1
> would avoid any loss of messages during the overnight rotation, although there
> is obviously still the potential for message loss during
> any other required SIGHUP/reconfiguration without the keep-listening() feature.

this is not yet, but also planned for 2

> 
> 
> c)   --checkconf option
> 
> Once a new syslog-ng.conf has been built, it may be dangerous to SIGHUP it into
> life; a simple spelling error or a missed semi-colon could
> in theory lead to death of the running daemon, I believe. In mimicry of bind9's
> named-checkconf utility, can we have an extra command-line
> option to syslog-ng which merely checks for all potential syntactical errors in
> syslog-ng.conf returning non-zero error code and messaging stderr
> with any syntax errors thus found. I suggest "--checkconf" for the command line
> option name.

syslog-ng reverts to the old configuration if the new one has errors in it.
but configuration checking would be a good feature.
> 
> d)   Default options settings documentation.
> 
> This page in the current copy of the documentation:
> 
>      http://www.balabit.hu/static/syslog-ng/reference/x564.html
> 
> would benefit greatly from a rewrite showing the default setting as an extra
> column for each option. Some options have their defaults listed here, but most
> do not.

The documentation needs some cleanup that's for sure.

> 
> 
> e)   Working examples of regex usage.
> 
> There are very few of the example configurations I have seen which show specific
>  examples of the regex matching capabilities of the filter() functions. If
> anyone has some samples
> perhaps some more examples could be added to either the FAQ or the Documentation
>  or both, please?

ditto.

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1