[syslog-ng] Creating a named pipe (FIFO)

Evan Rempel erempel at uvic.ca
Wed Mar 22 18:21:19 CET 2006 

We do the opposite.

We wanted to use the message matching rules of syslog-ng to essentially 
rewrite the facility.level (priority) of messages and then log them again.
To accomplish this, we have a "normal" syslog-ng running that listens on 
the localhost:514 port that then logs to the local files, and to a central 
syslog-ng server.

We then start a second instance of syslog-ng within the startup script for 
the applications, such as apache.

- check for and create the named pipe(s)
- start syslong-ng specific to this application
- start the application that logs to the named pipe(s)

This instance of syslog-ng parses the messages and relogs via syslog to 
localhost with a new set of priorities.

This allows local syslog files to contain the appriopriate facitliy.level 
of messages as well as our central syslog-ng server. It also allows for a 
very complicated set of match rules for a given application without making 
an overly complicated syslong-ng configuration file. Basically you end up 
with one configuration file per application.

This is just our syslog architecture, so your milage may vary.

Evan.


On Wed, 22 Mar 2006, Cary, Kim wrote:

> Date: Wed, 22 Mar 2006 09:11:26 -0800
> From: "Cary, Kim" <Kim.Cary at pepperdine.edu>
> Reply-To: Syslog-ng users' and developers' mailing list
>     <syslog-ng at lists.balabit.hu>
> To: syslog-ng at lists.balabit.hu
> Subject: [syslog-ng] Creating a named pipe (FIFO)
> 
> We create our pipes by placing the appropriate commands in the syslog-ng
> startup file (/etc/init.d/syslog-ng).
>
> [Actually, we test to see if the pipe already exists; if not, we create
> it. We do this creation in /var/run and here the pipe needs to be
> recreated after every boot. We don't want to recreate it when we restart
> the process (syslog-ng) that is feeding it, since recreating it requires
> us to bounce the process that is reading from it (fisq.pl)].
>
> Kim Cary
> Infrastructure Security Administrator
> M-F 7-4 ~ 310 506 6655
>
>
>

--
Evan Rempel				erempel at uvic.ca
Senior Programmer Analyst		250.721.7691
Computing Services
University of Victoria

More information about the syslog-ng mailing list