On 2008-03-09, Rainer Gerhards <[EMAIL PROTECTED]> wrote:
>
> Now let me take on the imfile example. The key point - at least IMHO -
> is that there is no single line in rsyslog core's code that has been
> added in support of imfile. And, more importantly, if imfile would go
> away, not a single line of code could be removed. So the imfile plugin
> (project) does neither add complexity nor code nor other overhead to
> rsyslog core. So can it be evil?
It's evil that you're forcing me to upgrade to rsyslog v3.x to take
advantage of it ;-) That's what triggered my previous post.. I want
to be tracking non-syslog logfiles, and if imfile/plugins where more
in the unix philosophy of small tools that chain easily.. I might have
been able to pick it from v3.x and use it on stable systems.
> from the small shell script you provided, it looks like there is a
> problem if
>
> a) script is in sleep period
> b) data is appended to text file
> c) text file is rotated
> d) new lines are written to text file
> e) script awake for new polling loop
>
> On a quick look, it looks like the data written in b) will never make it
> to the syslogd. Imfile handles that.
Yes, you're right. Cool that imfile handles it.
> On the mail output case (though I need to be a bit brief as dinner is
> approaching ;)): I actually intend to add an email output plugin.
The quote was about being able to *read* mail:
"Every program attempts to expand until it can read mail.
Those programs which cannot so expand are replaced by ones which can."
and I was thinking it not too far fetched since "splunk" can do it (it can
download email messages via IMAP, index them and create alerts on suspicious
content). It might seem like you want to take rsyslog in that direction, i.e.
your complete eventlogd&alertSystem fork of rsyslogd that can read any input
(syslog, other-logfile, email, snmptraps) and analyze and alert on the data.
That's not what *I* want from a syslog server. I just want it to reliably
collect and store the logs in an organized manner. Then I'll use other
tools to read and analyze them.
-jf
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
