[syslog-ng] swatch in syslog-ng

[Martin Schütte]

R. V. C. schrieb:
> However when I try to use the read-pipe option,
> nothing ever comes out:
> destination swatch {
> program("/usr/local/bin/swatch --read-pipe=\"cat
> /dev/fd/0\"");
> };

There certainly is no Pipe called "cat /dev/fd/0".  ;)
But --read-pipe=/dev/fd/0 should work, as file descriptor 0 is stdin.

> I even tried using my mysql.pipe and creating a fifo
> pipe (swatch.pipe)
> just for swatch:
> destination swatch.pipe { pipe("/var/log/swatch.pipe"
> template("$FULLDATE $HOST $FACILITY:$PRIORITY $MSG\n")); };

This looks good.
But your config has no log-path that writes to destination(swatch.pipe).

> destination swatch { program("/usr/local/bin/swatch
> --config-file=/root/.swatchrc
> --tail-file=/var/log/swatch.pipe"); };

As this is a program()-destination syslog-ng will send the data to its
stdin -- but you tell swatch to read from swatch.pipe instead.

You could use 'echo Hello World > /var/log/swatch.pipe' to test the FIFO
itself.


The important point with FIFOs is that the reading programm can (and
have to) be started independently. You have to use a pipe-destination in
syslog-ng _and_ start the swatch process (on FreeBSD with
/usr/local/etc/rc.d/swatch)

I use FIFOs myself because it allows me to change and restart my
analyzer (I'm using logsurfer and SEC) without having to restart syslog-ng.

-- 
Martin