hi,
what does the syslog-ng manual say about the program() statement? If I
am not mistaken, older versions of syslog-ng forked a separate process
for each matching message. Is this happening in your environment as well?
BR,
risto
Clayton Dukes wrote:
> Hi,
> I'm new to SEC but am very pleased thus far - thanks for a great tool.
>
> I'm wondering if it's normal for sec to spawn multiple processes for
> every incoming message?
>
> I'm using syslog-ng, my config:
> destination d_sec {
> file("/var/log/sec_debug.log"
>
> template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n")
> template_escape(no));
> program("/usr/bin/sec -input=\"-\" -conf=/etc/sec/cisco.conf
> -log=/var/log/sec_run.log -intevents -debug=5"
>
> template("$HOST\t$FACILITY\t$PRIORITY\t$LEVEL\t$TAG\t$YEAR-$MONTH-$DAY\t$HOUR:$MIN:$SEC\t$PROGRAM\t$MSG\n")
> );
> };
>
> log {
> source(s_all);
> destination(d_sec);
> };
>
>
> And my test config for sec:
> #################################################
> # %CCM_CALLMANAGER-CALLMANAGER
> type=Single
> ptype=RegExp
> pattern=(.*CCM_CALLMANAGER-CALLMANAGER.*)
> desc=CallManager
> action=pipe '$1' /www/svn/php-syslog-ng/scripts/sec_db_dedup.pl
>
>
> The sec_db_dedup.pl script is doing database inserts and exiting.
> When I run syslog-ng, I get 30-40 processes for sec_db_dedup.pl and
> another 30-40 processes for sec
> Is this normal behavior?
>
>
>
>
------------------------------------------------------------------------------
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
