[syslog-ng] pattern matching on xxx#
Martin Holste
mcholste at gmail.com
Sat Oct 16 16:19:21 CEST 2010
Certainly! It's not an optimal solution, but the one big benefit you
get is that the regexp happens in a different PID, so syslog-ng, in
its current single-threaded model, doesn't have to burn resources
doing the parsing. This is, of course, assuming that the parsing
would be a greater overhead than the pipe overhead, which may or may
not be true. Unless you're seeing high CPU utilization on syslog-ng,
I totally agree with you and recommend keeping everything in Syslog-NG
if at all possible.
On Fri, Oct 15, 2010 at 11:39 PM, Balazs Scheidler <bazsi at balabit.hu> wrote:
> On Fri, 2010-10-15 at 14:43 -0500, Martin Holste wrote:
>> I'll chime in here to once again recommending piping to Perl using
>> program() if you have crazy stuff to do. In your case, you could have
>> a very simple (one liner, really) script that does the regex hostname
>> rewrite so that hostXX would get rewritten to just XX or something
>> easy for syslog-ng to filter on and route to the appropriate
>> destination. Just have a socket source available as the destination
>> from Perl and a source in syslog-ng to complete the circuit.
>
> syslog-ng itself is able to do regexp transformations, it is just hidden
> under "filter" currently. you don't need to pipe out perl and back
> again.
>
> --
> Bazsi
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>
More information about the syslog-ng
mailing list