[syslog-ng] Macro expansion in program destination

[Evan Rempel]

I understand that the program destination should only be opened once  
and the messages sent to it but why does that mean the macro expansion  
should not be permitted?

The only work around right now is for the program to parse each  
message to extract the parts that are needed to manage the log  
rotation. Syslog-ng already does this AND syslog-ng already has the  
necessary logic to open a different destination based on the macro  
expantion.

General purpose tools need to perform general function and do them in  
the most intelegent manner. Disabling functionality in specefic  
situations in the name of protecting me from my own stupidity results  
in situations wher the tool could solve the problem but does not  
because of an arbitrary division of the author.

Unless there is an more important consideration such as security then  
I think the disallow of macro expantion in program destinations should  
be permitted.

Evan Rempel
University Systems

On 2009-12-04, at 14:20, "chris packham" <chris.packham at alliedtelesis.co.nz 
 > wrote:

> This is intentional behaviour.
>
> Syslog-ng starts any "program()" when syslog-ng is started and it  
> expects that the program will perform read from stdin and block  
> waiting for data. This protects syslog-ng againts the overhead of  
> forking a new process everytime a matching log message is seen.
>
> You can still use filters so I'd suggest modifying your program so  
> that it can have the $S_DAY fed to it at the start of each log  
> message.
>
>
>>>> Evan Rempel <erempel at uvic.ca> 12/04/09 4:07 PM >>>
>
> Is it possible to use macro expansion in the program destination.
> I wanted to write something like
>
> destination mydest{ program("/some/path/to/filter/program -options  
> >> /path/log.$S_DAY"));};
>
> I was hoping that syslog-ng would not open this destination until  
> the first message
> was ready for this destination.
>
> I was hoping that syslog-ng would open a new one when the $S_DAY  
> changed, allowing
> me to have each day of logs processed by my program with outputs  
> based on day.
>
> Does anyone know if macro expantion can be used on program  
> destinations?
>
> If not, can someone explain what I am overlooking that makes this a  
> bad thing?
>
> Thanks,
>
> -- 
> Evan Rempel
> ______________________________________________________________________________
 

> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
> ______________________________________________________________________________
 

> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>