On Thu, 22 Dec 2011, Sean Conner wrote:
It was thus said that the Great [email protected] once stated:
how hard would it be to make an adaptation of the input module that
controls /dev/log (imunixmux IIRC) so that you could have multiple
listeners, with a facility and/or priority set for each one? (similar to
how imfile works)
There's a discussion on the linux-kernel list about the android kernel
based logger and how it is 'better' than syslog
ignoring speed and size issues for the moment, the only functional thing i
can't figure out how to do is to have multiple /dev/log-type inputs and
have them each be labled differently.
A workaround (in case an adaptation of the input module can't be made) is
to have rsyslog log the various facilities/levels to multicast addresses.
At home, my main logging system [1] forwards all the logs to 239.255.0.1 (a
multicast address)---that way, I can have multiple programs monitoring this
address [2]. For me, it wouldn't be hard to set up multiple multicast
addresses for various combinations of facility/level and have listeners
register for what they are interested in.
Yes, it's UDP, and yes, it spams the local network with traffic, but it is
a work-around.
this doesn't solve what I'm looking for.
what I'm looking for is to have /dev/emer, /dev/info, etc and a line
written to /dev/info would be classified one way and /dev/ememr a
different way (this example uses severity instead of facility, but i
figure the mechanism that does one should be able to do both)
by the way, with your system, you may want to look at using multicast MAC
instead of a multicast address. the multicast address can be run through
routers, but it requires special software to deal with it, multicast MAC
has an IP address just like everything else on your network, and with both
you can have multiple machines listening to the traffic (with CLUSTERIP in
iptables on linux and the similar function on BSD you can have a farm of
machines split the traffic between them as well)
David Lang
-spc
[1] A custom syslog daemon written in C/Lua, only UDP, but supports
/dev/log, IPv4 and IPv6.
[2] I have a custom "front-end" on each computer that listens on
239.255.0.1 [3] and displays the entries in real time (my log volume
isn't so great that I can't read the display), color coded by level
(debug in blue, info in dark green, notice at light green, warning
in yellow, err in red, etc.). Makes for a neat screen saver.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
