A while back I sent a summary out and received a very interesting reply from
Bruce Pinn. Since I received it we had already commited to SWATCH, but I did
download the software and play with it and may some day lobby to replace SWATCH
Just wanted to let everyone know that there actually was something like I was
looking for in case they were interested.
------------- Begin Forwarded Message -------------
>From bwp@FundSERV.COM Sat Aug 12 05:29 CDT 1995
To: Al Venz <Al.Venz@seag.fingerhut.com>
Subject: Re: SUMMARY: can syslogd forward a message to a process?
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sorry for not responding to your original posting. I was lazy and thought
that someone else would respond with the answer that you wanted. I am
using a hacked version of syslogd that supports regular expression pattern
matching, and that has the ability to run a command based on a certain
pattern. The code is distributed with the TIS public domain firewall
(ftp.tis.com). Now for the caveats, the code originally was developed for
BSD and hence requires some modifications for SysV (not very hard). In
addition, the software comes with little if any support. However, it works
like a charm.
p.s. If you need help porting it to Solaris, let me know and i'll send
you my hacked version.
On Fri, 11 Aug 1995, Al Venz wrote:
> Hi everyone,
> It doesn't sound like Sun is planning on building in the feature I really need
> to syslogd, so I guess I just have to pick the best work around.
> There are basically three options people suggested:
> SWATCH - a set of free perl tools that do the tail -f on your messages file
> searchs for patterns you define in a rules file, and then acts upon
> those patterns in whatever way you tell it to in the rules file.
> Create a FIFO and tell syslogd to send messages to that "file." For this
> you need a process at the other end of the pipe that will process the
> Create a userid that will be used to process messages. I'm going to look into
> this option. You have to create a job that opens the server side of a
> pty and has a script monitoring this pty. You must then create a utmp
> entry to fake the system into thinking that this user is actually
> logged in. In your syslog.conf file you then tell whatever messages
> you want to process to notify this "user."
> As they stand, all of these options involve a process that is always running
> parse your messages. One of the people in my group is slightly against this,
> I thought I'd try to find a way around it. If syslogd could just work like
> inetd, and only kick off a deamon when needed life would be so much easier.
> We already have had SWATCH running here, and forwarding snmp traps to our
> network monitoring machine so icons can be colored, etc, so we'll probably
> keep working with that for now.
> Thanks for the help and suggestions!
> Rich Holland
> Mick Morgan
> Jean-Christopher Touvet
> Tim Pointing
> Brett Lymn
> Thanks again,
> ------------- Begin Forwarded Message -------------
> >From firstname.lastname@example.org Tue Aug 8 11:46 CDT 1995
> Sender: email@example.com
> Reply-To: Al.Venz@seag.fingerhut.com (Al Venz)
> Followup-To: junk
> To: firstname.lastname@example.org
> Subject: can syslogd forward a message to a process?
> Mime-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Md5: F/79Pw2FJ9F6NmEMw7dPeQ==
> Content-Type: text/plain; charset=us-ascii
> Content-Length: 860
> Hi everyone,
> I was wondering if anyone has configured syslogd to send messages to a script
> that will process the message rather than to a file, a user or another
> We're running a basic 2.4 environment.
> We're probably going to have a process doing a tail -f on a log file, and
> parsing it as we go, but it would be nice, and probably more efficient, to
> run the script when needed rather than all the time.
> For instance, assume we only want a certain action to occur if a very
> important(hopefully extremely infrequent) error occurs in a homeade
> with a "local0.emerg" priority tag. Rather than have some process monitoring
> log files or whatever all of the time, I'd like to be able to kick off a
> to deal with this message only when it occurs.
> Any ideas are very welcome, and of course I will summarize.
> ------------- End Forwarded Message -------------
Bruce Pinn | CORE*LAN Communications, Inc.
Work: (416) 362-1700 | 2, First Canadian Place
Fax: (416) 362-8772 | Suite 1730, Toronto, Ontario, Canada
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:33 CDT