[syslog-ng] Feature request - program style destination that can use syslog-ng macros/tags

[Evan Rempel]

I would like to see a program style destination that uses macro expansion.

I would like to have arguments to my program that can bake use of tags, dates, facilities etc.

Examples of this are statistical type calculators. For example, I may want to count the messages for each
1 minute interval. Having a script that merely counts them, and calling it with an argument of the hour:min
I could reuse the same program for every minute and I don't have to wast CPU in parsing the hour/minute again.
Also, if messages arrive with slightly different time stamps, they would appear to be out of order with regards
to the time stamp. Using syslog-ng to separate these streams and sending them to the program would save CPU.

Currently program destinations are started and restarted even if there are no messages being delivered to them.
Program destinations should follow the same reaping and starting rules as open files.

Currently, getting the statistics via the syslog-ng-ctl program, program destinations do NOT have $var names expanded.
This means that the static destination name looks like


dst.program;d_statistics#0;/usr/local/sbin/syslog-ng-stats $SYSLOG_INSTANCE $SYSLOG_CONTROL;a;dropped;0


which is not very useful.

I would propose a new destination type for this, perhaps "executable", but if you feel that the "program" destination
should be augmented, I would suggest that the current use of $var for environment variables be changed to an escape,
such as

program("/my/path/to/program $macro \$env_var")

Thanks for all of the good things in syslog-ng. We couldn't live without it, but I think there is still room for growth.

Evan.