[syslog-ng] Logging loop
nate at campin.net
Thu May 31 21:53:45 CEST 2007
On Thu, May 31, 2007 at 08:36:08AM +0200, Hiren Patel wrote:
> you could have syslog-ng log messages from itself (source internal) to a
> separate file and use something like logwatch (or other log monitoring
> programs) to watch for errors in the file and report issues.
...and if you're worried about that not being able to write to the file,
pipe the internal source directly to swatch/SEC/logwatch/whatever and
alert from there.
Of course if you alert via email and send via a local MTA and your local
disk is fried, it still might not get out. Make sure you're protecting
against real-world failure scenarios and that you account for them
properly. Something like this should work rather reliably:
syslog-ng -> pipe into log parser -> remote SMTP or trap or nagios passive alert
> On Thu, 2007-05-31 at 00:01 +0000, Bryan Henderson wrote:
> > My syslog-ng got into an infinite loop when it didn't have permission
> > to write to a file destination. It tried to log to that same
> > destination the fact that it failed to log.
> > Is there a recommended way to configure syslog-ng to avoid this?
> > Maybe I could route messages from Syslog itself to some relatively
> > reliable destination or just turn them off?
> > If not, what would be a good enhancement to the program to avoid loops?
> > I had the problem with syslog-ng 2.0.2.
> Hiren Patel
> This e-mail and its contents are subject to the Telkom SA Limited
> e-mail legal notice available at
> syslog-ng maillist - syslog-ng at lists.balabit.hu
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
"They [Computers] can rattle off the Manhattan telephone directory
unerringly time after time, which no human can do, but they cannot begin
to distinguish one face from another, as babies can do." - LEE DEMBART,
in New York Times
More information about the syslog-ng