On Tuesday 29 January 2008, Porkchop wrote: > The problem: I need to take live syslog data from a pair of DHCP > servers, parse it, and write the results to a database. > > syslogd is running on the DHCP servers, writing to a master syslog-ng > server. That syslog-ng server logs everything for hundreds of remote > systems. I'm writing the dhcp logs to a regular file which rotates every > hour. > > Here's what I'd like to do. In addition to its usual logfile, I'll have > syslog-ng write to a named fifo. I'll have a script read from the fifo, > parse, and post to mysql. > > If my script falls on its face however, syslog-ng would block on write, > halting the rest of the syslog-ng server. Is there a better way to do > this?
The way I envision you doing essentially the same thing is having the script read the log file via 'tail -f' (or something like it). There are several programs that are written in C, or Python which watch log files and do things based on the behavior. For Python fail2ban and DenyHosts come to mind. > If nothing opens /dev/log, it doesn't write block everything on > the system, but its a special device right? > > Is this where I could use a socket? Linux/Documentation/devices.txt says that the device is a syslog local socket. I'm not sure why you'd want to use sockets in this situation; maybe you can explain what you were considering. -- Chris -- Chris Knadle [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
