omprog is what you need >From phone rainer
----- Ursprüngliche Nachricht ----- Von: Jason Antman <[email protected]> Gesendet: Freitag, 8. Juli 2011 19:21 An: rsyslog-users <[email protected]> Betreff: [rsyslog] Send log lines to persistent program Hello, A colleague just finished migrating the last bits from our syslog-ng log centralized server to our new rsyslog server. In one case (actually a relatively important one, which has turned into a big problem), we were using the syslog-ng program() log destination. The syslog-ng docs describe it thusly: "This driver executes the specified program with the specified arguments and sends messages to the standard input (stdin) of the child. The program() driver has a single required parameter, specifying a program name to start. The program is executed with the help of the current shell, so the command may include both file patterns and I/O redirection, they will be processed. [...] Version 1.6 of syslog-ng executed the program once at startup, and kept it running until SIGHUP or exit. The reason was to prevent starting up a large number of programs for messages, which would have enabled an easy DoS attack. Versions 2.0 and later restart the program if it exits for reliability reasons. However it is not recommended to launch programs for single messages as that might easily cause a DoS for the system." Attention is drawn to the last few sentences. syslog-ng passes all matching log lines to STDIN of the program, and *leaves* the program running indefinitely (well, until syslog-ng gets a HUP or exits). It also restarts the child if it has died. $coworker translated this to a "^" action in rsyslog - the implications of this are pretty obvious, and even more troublesome if you know that the program being executed is a PHP script which does a whole bunch of string parsing and then sends the result to a MS SQL database. So... I haven't found anything in the docs, but I just wanted to confirm that rsyslog doesn't have an action or output module that replicates this functionality. Assuming that is the case (no directly comparable feature), what are your suggestions for an interim fix (our MS SQL DBA is on vacation for a week, so I need to hold off on doing omlibdbi/Ms-Sql until he gets back)? Try to get the PHP script running as a daemon, log to named pipe, have script read named pipe? Thanks for any advice/suggestions, Jason _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
