It doesn't sound like Sun is planning on building in the feature I really need
to syslogd, so I guess I just have to pick the best work around.
There are basically three options people suggested:
SWATCH - a set of free perl tools that do the tail -f on your messages file
searchs for patterns you define in a rules file, and then acts upon
those patterns in whatever way you tell it to in the rules file.
Create a FIFO and tell syslogd to send messages to that "file." For this option
you need a process at the other end of the pipe that will process the
Create a userid that will be used to process messages. I'm going to look into
this option. You have to create a job that opens the server side of a
pty and has a script monitoring this pty. You must then create a utmp
entry to fake the system into thinking that this user is actually
logged in. In your syslog.conf file you then tell whatever messages
you want to process to notify this "user."
As they stand, all of these options involve a process that is always running to
parse your messages. One of the people in my group is slightly against this, so
I thought I'd try to find a way around it. If syslogd could just work like
inetd, and only kick off a deamon when needed life would be so much easier. :-)
We already have had SWATCH running here, and forwarding snmp traps to our
network monitoring machine so icons can be colored, etc, so we'll probably just
keep working with that for now.
Thanks for the help and suggestions!
------------- Begin Forwarded Message -------------
>From email@example.com Tue Aug 8 11:46 CDT 1995
Reply-To: Al.Venz@seag.fingerhut.com (Al Venz)
Subject: can syslogd forward a message to a process?
Content-Type: text/plain; charset=us-ascii
I was wondering if anyone has configured syslogd to send messages to a script
that will process the message rather than to a file, a user or another machine.
We're running a basic 2.4 environment.
We're probably going to have a process doing a tail -f on a log file, and
parsing it as we go, but it would be nice, and probably more efficient, to just
run the script when needed rather than all the time.
For instance, assume we only want a certain action to occur if a very
important(hopefully extremely infrequent) error occurs in a homeade application
with a "local0.emerg" priority tag. Rather than have some process monitoring
log files or whatever all of the time, I'd like to be able to kick off a process
to deal with this message only when it occurs.
Any ideas are very welcome, and of course I will summarize.
------------- End Forwarded Message -------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:31 CDT