[syslog-ng] Bazsi's blog: syslog-ng flexibility improvements

Mon Jan 16 21:58:32 CET 2012

Sent: Mon Jan 16 2012 15:45:14 GMT-0500 (EST)
From: Evan Rempel <erempel at uvic.ca>
To: Syslog-ng users' and developers' mailing list 
<syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Bazsi's blog: syslog-ng flexibility improvements
> Balazs Scheidler wrote:
>> On Mon, 2012-01-16 at 09:22 -0500, Patrick Hemmer wrote:
>>
>>>> source s_apache {
>>>>    log {
>>>>      source { file("/var/log/apache/error.log"); };
>>>>      parser(p_apache_parser); };
>>>>    };
>>>> };
>>>>
>>>> log { source(s_apache); ... };
>>>>
>>> This just doesnt feel right. I'm not quire sure how else to put it :-)
>>> I mean that I think of `log` statements as output handlers for a
>>> message. They control how the message leaves syslog-ng, whether it be
>>> to a file, database, pipe, whatever. To me it seems to make more sense
>>> if the `log` statement is called something else here (inside the
>>> `source` block), though what I dont know. Maybe at the least an alias,
>>> so that log and the alias are the exact same things, but that reading
>>> the config would make it look more logical.
>> Sure, I was also thinking hard what keywords to use in this case.
>> Internally a log {} is called a "sequence", but sure an alias would be
>> easy to do.
>>
>> Do you perhaps have a suggestion? I'm not a native English speaker, thus
>> naming thing is sometimes difficult for me.
> How about one of these
>
> pipe
> stream
> channel
> conduit
> tube
> flow
> spout
> duct
> chute
>
> I prefer one of
>
> channel
> conduit
> duct
I dont see those being much better than 'log' and 'junction'. I think 
the names for each should be related together. Like pgroup (parallel 
group) for junction, and sgroup (sequential/serial group) for log. 
Though I'm not too fond of this either.
Maybe 'union' for log, and 'division' for junction. Still not quite 
right though. I think the name union is apt, but division just sounds 
odd. Maybe union and junction?
I'll keep pondering.
>>> I dont know if I'm understanding the distinctions between `log` and
>>> `junctions` properly, but it seems as if `log`s are a serial execution
>>> of the statements within, and `junction`s are a parallel execution of
>>> the statements within, so maybe names to better reflect this?
>> The functionality is exactly as you have described.