[syslog-ng] feature request: Program restart
Evan Rempel
erempel at uvic.ca
Wed Sep 14 20:27:22 CEST 2005
I would like to see the ability for syslog-ng to restart the program in a
PROGRAM destination. I recognize the concern of denial of service attacks,
and that needs to be addressed, but I think it could be with configurable
options.
I recommend the following two options
1. Maximum messages.
After this number of messages, a SIG-QUIT is sent to the program, and a
new instance of the program is started. This behaves very similar to
the apache option for maximum requests that a process handles prior to
terminating.
The rational for this option is a safeguard for a program that might
leak resources.
2. RestartDelay in seconds
If a program terminate unexpectedly, syslog-ng has the ability to
buffer messages and dump them to the program once it is restarted.
With this delay, denial of service attacks can be addressed, and
a reliable backend can be generated. Since there is already an option
for the number of messages to buffer, the end user would be responsible
for ensuring that the buffer was large enough to hold the messages for
the duration of the RestartDelay.
Other considerations might be that the program is restarted immediatly for
a user specified number of times, after which the restart delay is used.
An option for resetting the restart counter after a time interval would
then be required, but this approach allows for periodic aborting of the
program without the requirement for huge buffers. Only if something went
wrong and repeated program aborts occured would a backoff algorithm be
required.
Thanks for an already excellent product. I hope that these suggestions
make it even better.
--
Evan Rempel erempel at uvic.ca
Senior Programmer Analyst 250.721.7691
Computing Services
University of Victoria
More information about the syslog-ng
mailing list