[syslog-ng] parser
Balazs Scheidler
bazsi at balabit.hu
Wed Oct 10 15:11:01 CEST 2007
On Wed, 2007-10-10 at 11:43 +0300, Yüce Sungur wrote:
> I am developing a reporting application based on syslog-ng log
> files,
> this is a fw log file,
> there is a filter in syslog-ng definition matching the "teardown"
> keyword, then it writes to a pipe
> and there is my perl code running in background and parsing the logs
> and inserts to db,
>
> when I check for the log file with grep -c -i teardown and my db
> entries there is a difference of % 0.3
>
> you think using program() in syslog-ng is more efficient than reading
> pipe,or instead of reading a pipe and filtering with syslog-ng, I can
> tail with perl the log file, and filter by perl?
>
>
> any ideas??
>
Filtering in syslog-ng must perform better, as you filter out unneeded
entries without having to write them to a pipe first.
>
--
Bazsi
More information about the syslog-ng
mailing list