[syslog-ng] Simple Doubt
dottom at gmail.com
Wed Jun 6 18:18:02 CEST 2007
> > On 6/5/07, Alexander Clouter <ac56 at soas.ac.uk> wrote:
> > >
> > >If you are logging to a file and having Perl munch on a log file you
> > >remove the perl script and pipe from the whole works. syslog-ng can be
> > >configured to read in directly a log file; it effectively does a 'tail
> > >on the file.
> > Except for cases where you need the Perl script to post-process the log
> > to produce a normalized or custom syslog message format.
> Agreed, however a better design would be:
> <Log> ---> <Perl> ---> <Log2>
> <Log2> --[using 'tail' function]--> syslog-ng -> syslog-ng
> These would be disconnected and you would not run into any nasty problems.
> Another advantage being that if the perl code soaks up the CPU cycles and
> logging is not urgent (needed at the final destination ASAP) you could
> down the priority of the process to prevent it stomping in on syslog-ng's
But that scenario only supports logs that are "syslog friendly". If you
have to do any kind of normalization or post-processing or dealing with
multi-line records in a log file, you have to use a post-processing process
such as Perl. Not all logs have human-friendly readable text and the
post-processing Perl script can translate the log record into something more
The CPU cycles required by Perl parsing is minimal and is a common myth that
Perl is a CPU hog. I have Perl scripts processing billions of log events
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the syslog-ng