Hi guys, i'm using syslog-ng with SEC using the program stream. I have 2
issues.
1: Write to file w/ date in the name..
trying to do something like this, but haven't gotten it working..
type=single
desc=Set log file and addressee list
ptype=substr
pattern=SEC_STARTUP
context=SEC_INTERNAL_EVENT
action=eval %d ( $date = strftime "%Y-%m-%d", localtime;);\
assign %f /opt/log/remote-bytype/comware-%d.log;
type=single
desc=Log messages to file
ptype=regexp
pattern=(.+)
action=write %f $1
But, this doesn't work, and %t and %u do not seem appropriate for this use.
2.
I'm using this method to launch SEC
destination d_netscaler { program("`/usr/local/sbin/secStart netscaler`"
template("$R_DATE $HOST $MSG\n") template_escape(no)); };
destination d_comware { program("`/usr/local/sbin/secStart comware`"
template("$R_DATE $HOST $MSG\n") template_escape(no)); };
/usr/local/sbin/secStart
#!/bin/sh
#
# secStart
usage () {
echo "usage: $progname config
'config' is the name of an SEC config file in /etc/sec/." >&2
exit 2
}
progname=`basename $0`
[ $# -eq 1 ] || usage
echo "/usr/local/sbin/sec -conf=/etc/sec/$1.conf -pid=/tmp/sec-$1.pid
-dump=/tmp/sec-$1.dump -debug=5 -syslog=local1 -intevents -input=-"
In the olden days when I did this, restarting syslog-ng would kill SEC and
restart it along side itself. It does not seem that is the case any more,
the processes hang around forever until I manually kill them. What are
other folks doing for this?
I wrote an awful script to stop syslog-ng, kill -9 all the .pids of sec,
start syslog-ng and that works for the meantime, but its pretty awful.
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
