--- On Wed, 10/27/10, da...@lang.hm <da...@lang.hm> wrote:
> From: da...@lang.hm <da...@lang.hm> > Subject: Re: [Simple-evcorr-users] New feature requests > To: "Risto Vaarandi" <rvaara...@yahoo.com> > Cc: simple-evcorr-users@lists.sourceforge.net, peif...@umn.edu > Date: Wednesday, October 27, 2010, 1:11 AM > On Tue, 26 Oct 2010, Risto Vaarandi > wrote: > > > As for changing syslog tag field dynamically for every > message -- unfortunately, the openlog(3) C-library function > sets the program name for all subsequent logging, so this > means that connection to syslog would have to be reopened > and closed for each call to syslog(3) function. I think > there is no clean way to replace the program name string > temporarily with something else, so I will have to > investigate what would be the possible performance penalty > of opening and closing connection to syslogd for each > logging attempt. > > syslog is a very simple protocol, if the libc functions > don't give you the flexibility that you need, why not offer > a plainer option? > > all you really need to do is to open /dev/log and then > write an appropriatly formatted message. the only think > that's at all 'hard' about the message is setting the > facility/severity number. The protocol itself is indeed very simple, in fact, I've presented it to students several times as a part of an introductory lecture to system monitoring solutions. The complexity lies in how to handle the syslog style logging nicely on different platforms. Linux and some other UNIX flavors use /dev/log, but other platforms use a different file; in Linux /dev/log is a socket, but on HP-UX it is a named pipe, while on Solaris it is a special device that uses the streams protocol if I remember correctly. As a result, you need to access this special file in very different ways on different platforms. Even if we make an assumption that /dev/log is a UNIX domain socket, then on some platforms you have to open it in datagram mode and on others in stream mode. One major advantage of Perl Sys::Syslog and libc functions is that they hide these platform differences from you. Therefore it seems to me that if one wishes to emit syslog messages directly, it might be more useful to write a small SEC Perl routine for that purpose for a given platform specifically, and invoke it through the 'call' action. In fact, I could do it myself and post the SEC rule to this list :) Would that be a suitable solution for the problem? kind regards, risto > > David Lang > > > kind regards, > > risto > > > > --- On Sun, 10/24/10, Tim Peiffer <peif...@umn.edu> > wrote: > > > >> From: Tim Peiffer <peif...@umn.edu> > >> Subject: [Simple-evcorr-users] New feature > requests > >> To: simple-evcorr-users@lists.sourceforge.net > >> Date: Sunday, October 24, 2010, 12:31 AM > >> I would like to get a new feature - > >> configuration file includes. I > >> would like to have an alternate method of > specifying > >> configurations that > >> would load up @conffiles similar to multiple > invocations of > >> > >> -conf=file1.cfg -conf=file2.cfg. I don't > know > >> if I want a new > >> configuration style, recycle from the current > config > >> style. For me, > >> this is a housekeeping issue more than a > performance > >> issue. I would > >> like to run one correlator for several services, > keeping a > >> separate > >> config for each service. I have about a > >> half dozen discreet areas that > >> I monitor logs now. I expect that to grow in > the > >> coming months. > >> > >> type=include > >> desc=this is configuration file1 > >> pattern=/home/sec/includes/file1.cfg > >> source=file1 > >> > >> type=include > >> desc=this is configuration file2 > >> pattern=/home/sec/includes/file2.cfg > >> source=file2 > >> > >> A second new feature is the ability to specify the > syslog > >> options. This > >> would allow me to write log events at varying > priorities, > >> and allow me > >> to specify error numbers I would like tag > similar to > >> 'logger -t > >> <tag>'. I think I would like it to be an > option > >> to logonly, and would > >> conceivably replace $progname in open_syslog() > >> > >> Please advise, > >> Tim Peiffer > >> > >> -- > >> Tim Peiffer > >> Network Support Engineer > >> Office of Information Technology > >> University of Minnesota/NorthernLights GigaPOP > >> > >> +1 612 626-7884 (desk) > >> > >> > >> > ------------------------------------------------------------------------------ > >> Nokia and AT&T present the 2010 Calling All > >> Innovators-North America contest > >> Create new apps & games for the Nokia N8 for > consumers > >> in U.S. and Canada > >> $10 million total in prizes - $4M cash, 500 > devices, nearly > >> $6M in marketing > >> Develop with Nokia Qt SDK, Web Runtime, or Java > and Publish > >> to Ovi Store > >> http://p.sf.net/sfu/nokia-dev2dev > >> _______________________________________________ > >> Simple-evcorr-users mailing list > >> Simple-evcorr-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > >> > > > > > > > > > > > ------------------------------------------------------------------------------ > > Nokia and AT&T present the 2010 Calling All > Innovators-North America contest > > Create new apps & games for the Nokia N8 for > consumers in U.S. and Canada > > $10 million total in prizes - $4M cash, 500 devices, > nearly $6M in marketing > > Develop with Nokia Qt SDK, Web Runtime, or Java and > Publish to Ovi Store > > http://p.sf.net/sfu/nokia-dev2dev > > _______________________________________________ > > Simple-evcorr-users mailing list > > Simple-evcorr-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > > ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
