[syslog-ng] program() doesn't restart if it dies

[Hari Sekhon]

I have an email alert script written in python to send me security 
alerts depending on criteria I have defined. I was working on something 
else and wanted to clean up so I did a pkill -9 python without 
remembering that I'm on the syslog server.

Of course this killed the alert script, which I noticed didn't restart 
and syslog-ng kept running without it. So I tested it by creating a 
condition to generate a log and therefore an alert and I didn't get the 
email. Not very good.

Syslog-ng didn't restart the script defined in program() in 
syslog-ng.conf, even when it had more input for it, which has gotten me 
thinking, what happens if the script really dies or is accidentally 
killed? Syslog-ng must have just dropped the output on the floor or 
something.

The only way I can see to restart it is to restart syslog-ng itself.

What is the best way to make this more resilient?

I'm currently thinking a cron job to test for the python script and then 
restart the server if it is not found.

Anybody got anything better?

-h

-- 
Hari Sekhon