[opensuse-factory] rsyslog
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I just noticed that 11.2 uses rsyslog instead of syslog-ng that was used previously. What is the advantage? The syntax is rather weird. - -- Cheers / Saludos, Carlos E. R. (from 11.2-ex-factory "Emerald" GM) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkr+qIcACgkQU92UU+smfQWOYQCcCfgCKHf3SnXNDtlpD8VlikI1 eeQAoJNRZ3P6V1sx3B2StOfaakdJO0ib =4E6n -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Carlos E. R. wrote:
Hi,
I just noticed that 11.2 uses rsyslog instead of syslog-ng that was used previously. What is the advantage? The syntax is rather weird.
That's a coincidence - I have just recently been reading up on rsyslog, but I hadn't noticed that it was already in 11.2. Comparison of rsyslog / syslog-ng: http://www.rsyslog.com/doc-rsyslog_ng_comparison.html
From my point of view, the advantages are (roughly):
- it's multithreaded - support for include files in the config - guaranteed delivery in a central logging setup. There are no doubt others, but those are the ones that I'm interested in. I think(!) rsyslog might perform better in a high-load environment. /Per -- Per Jessen, Zürich (8.9°C) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/15/2009 10:46 AM, Per Jessen wrote:
Carlos E. R. wrote:
Hi,
I just noticed that 11.2 uses rsyslog instead of syslog-ng that was used previously. What is the advantage? The syntax is rather weird.
That's a coincidence - I have just recently been reading up on rsyslog, but I hadn't noticed that it was already in 11.2.
Comparison of rsyslog / syslog-ng:
I'm worried about this one: Config File config file format compatible to legacy syslogd but ugly clean but not backwards compatible because it makes for a hard transition, I don't undertand the syntax; although the ability to include files is interesting. I'll have to read the doc, find examples...
From my point of view, the advantages are (roughly):
- it's multithreaded - support for include files in the config - guaranteed delivery in a central logging setup.
There are no doubt others, but those are the ones that I'm interested in. I think(!) rsyslog might perform better in a high-load environment.
Maybe. For a home setup like mine that is not needed. For now, my next step is to be able to log external sources (my router). Then I have to learn how to fire an external script triggered on a certain message, and then add a line to a log on the output of that script. This is a nightmare with syslog-ng, because apparmour strongly dislikes it, so much that I had to disable AA for syslog-ng. - -- Cheers / Saludos, Carlos E. R. (from 11.2-ex-factory "Emerald" GM) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkr/84IACgkQU92UU+smfQXSvwCeK7Yno44ZHLxv/y87NXeLO9ry Uv0AnArVDkOCiB4ZR48k2NeYtEmYrXpv =2BwB -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Carlos E. R. wrote:
Comparison of rsyslog / syslog-ng: http://www.rsyslog.com/doc-rsyslog_ng_comparison.html
I'm worried about this one:
Config File
config file format compatible to legacy syslogd but ugly clean but not backwards compatible
because it makes for a hard transition, I don't undertand the syntax; although the ability to include files is interesting. I'll have to read the doc, find examples...
Yeah. rsyslog is not a drop-in replacement.
I think(!) rsyslog might perform better in a high-load environment.
Maybe. For a home setup like mine that is not needed.
Agree. I was surprised to see rsyslog being the default - I guess you could still install syslog-ng instead?
For now, my next step is to be able to log external sources (my router).
Should be easy, except if you have a Zyxel router.
Then I have to learn how to fire an external script triggered on a certain message, and then add a line to a log on the output of that script.
With syslog-ng(!), you can do that roughly like this: create a destination with pipe(), add appropriate filter. Then start e.g. a shell-script that reads from the pipe.
This is a nightmare with syslog-ng, because apparmour strongly dislikes it, so much that I had to disable AA for syslog-ng.
Uh, I've done that more than a few times, apparmor never got in the way AFAIR. /Per -- Per Jessen, Zürich (8.9°C) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/15/2009 07:51 PM, Per Jessen wrote:
Carlos E. R. wrote:
I think(!) rsyslog might perform better in a high-load environment.
Maybe. For a home setup like mine that is not needed.
Agree. I was surprised to see rsyslog being the default - I guess you could still install syslog-ng instead?
Yes, it is provided, if I'm not mistaken. I can't do a quick check, webpin still does not work.
For now, my next step is to be able to log external sources (my router).
Should be easy, except if you have a Zyxel router.
Not the case :-) I had it working with syslog-ng, I just have to learn how to do it here.
Then I have to learn how to fire an external script triggered on a certain message, and then add a line to a log on the output of that script.
With syslog-ng(!), you can do that roughly like this:
I know, I did it, it works.
create a destination with pipe(), add appropriate filter. Then start e.g. a shell-script that reads from the pipe.
This is a nightmare with syslog-ng, because apparmour strongly dislikes it, so much that I had to disable AA for syslog-ng.
Uh, I've done that more than a few times, apparmor never got in the way AFAIR.
It does here. AA does not allow syslog-ng to start any other process, even less a shell script. I had to dissable it. Perhaps writing to a named pipe instead would work :-? But never mind, my problem now is to replicate the setup with rsyslog. - -- Cheers / Saludos, Carlos E. R. (from 11.2-ex-factory "Emerald" GM) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAksAoGsACgkQU92UU+smfQVnKwCdH5GN8cYmSbZaJ0lqJj9P1ADW BAMAn05mViQfIrxpvg5oOv+Ua6v708xc =+KMS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Carlos E. R. wrote:
This is a nightmare with syslog-ng, because apparmour strongly dislikes it, so much that I had to disable AA for syslog-ng.
Uh, I've done that more than a few times, apparmor never got in the way AFAIR.
It does here. AA does not allow syslog-ng to start any other process, even less a shell script. I had to dissable it.
Oh, I never tried that, I always write to a named pipe, then attach a process on the other end. /Per -- Per Jessen, Zürich (10.2°C) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hi,
2009/11/16 Carlos E. R.
For now, my next step is to be able to log external sources (my router).
I had it working with syslog-ng, I just have to learn how to do it here.
Was pretty easy for me here: seife:~ # cat /etc/rsyslog.d/remote.conf # UDP Syslog Server: $ModLoad imudp.so # provides UDP syslog reception $UDPServerRun 514 # start a UDP syslog server at standard port 514 if $fromhost-ip != '127.0.0.1' then -/var/log/remote;RSYSLOG_TraditionalFileFormat if $fromhost-ip != '127.0.0.1' then ~ Have fun, seife -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
2009/11/15 Carlos E. R.
For now, my next step is to be able to log external sources (my router). Then I have to learn how to fire an external script triggered on a certain message, and then add a line to a log on the output of that script.
The traditional way of doing that was with something like swatch(8) http://swatch.sourceforge.net/ it worked pretty well, and just use syslog(3) to add more logging output from perl type script, though logger(1) makes it easy for shell to. Sounds hacky, but that sufficed to do emergency delete of files to avoid filesystem corruption with full disks on SunOS 4 NFS servers. Rob -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
2009/11/15 Per Jessen
I just noticed that 11.2 uses rsyslog instead of syslog-ng that was used previously. What is the advantage? The syntax is rather weird.
That's a coincidence - I have just recently been reading up on rsyslog, but I hadn't noticed that it was already in 11.2.
Comparison of rsyslog / syslog-ng:
There are no doubt others, but those are the ones that I'm interested in.
I'm kind of relieved to hear about rsyslog. About 20 months ago, on the "Upstart" mailing list, which is this "event driven" replacement for init(8) which has been used in Ubuntu for a while, lead as own project by Scott J Remnant one of the Ubuntu guys. The syslog-ng Guy pops up looking for a cooperation, and explained this really complicated OTT plug-in architecture he was working on, basically letting you do 'burning requirements' like pretty-print the logs and so forth in RT. Anyway a lot of folk watching the Upstart developments are involved in embedded so these ideas to do something like going from perl4 to perl5, with module loading architecture and such forth didn't go down to well. The whole things smelt like a project, being done for the sake of it, and to do non-boring 'cool' programming, rather than be focussed on what infrastructure software needs to be. Often minimal is good a la Postfix, with things broken down into contained pieces, not a monolithic dynamically configurable 'environment'. Rob -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Carlos E. R. wrote:
Hi,
I just noticed that 11.2 uses rsyslog instead of syslog-ng that was used previously. What is the advantage?
I wouldn't mind knowing the reasons for this change - it doesn't seem to be something that was discussed a lot, yet it is quite significant. /Per -- Per Jessen, Zürich (10.7°C) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Montag 16 November 2009 schrieb Per Jessen:
Carlos E. R. wrote:
Hi,
I just noticed that 11.2 uses rsyslog instead of syslog-ng that was used previously. What is the advantage?
I wouldn't mind knowing the reasons for this change - it doesn't seem to be something that was discussed a lot, yet it is quite significant.
You're free to stay with syslog-ng, but for new users rsyslog is the better choice: - debian and fedora use rsyslog too, users coming from there will know the config format - rsyslog doesn't require wild hacks to improve boot time - it just works Most of the other reasons are already listed in the thread. Greetings, Stpehan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/16/2009 11:32 AM, Stephan Kulow wrote:
Am Montag 16 November 2009 schrieb Per Jessen:
Carlos E. R. wrote:
Hi,
I just noticed that 11.2 uses rsyslog instead of syslog-ng that was used previously. What is the advantage?
I wouldn't mind knowing the reasons for this change - it doesn't seem to be something that was discussed a lot, yet it is quite significant.
You're free to stay with syslog-ng, but for new users rsyslog is the better choice: - debian and fedora use rsyslog too, users coming from there will know the config format - rsyslog doesn't require wild hacks to improve boot time - it just works
Most of the other reasons are already listed in the thread.
Thanks. If you people think it is better, that's ok with me, I'll trust you. I just wanted to learn of the reasons for the change. You could think of posting reasons for packages changes somewhere, with tips and links to documentation for us ;-) - -- Cheers / Saludos, Carlos E. R. (from 11.2-ex-factory "Emerald" GM) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAksBo68ACgkQU92UU+smfQXa6QCfbKK8XkV0agrO40CW2uF3BTM8 nV4AniSNkMH6caOErulDVY9YqYNwt4pQ =wCJX -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
2009/11/16 Carlos E. R.
If you people think it is better, that's ok with me, I'll trust you. I just wanted to learn of the reasons for the change.
You could think of posting reasons for packages changes somewhere, with tips and links to documentation for us ;-)
+ 1 if it's not time consuming I am wondering about smolt, which was very visible in 11.1 and have asked on Project List if anything's happened with the data. It is still installed, but have we lost interest. Rob -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (8)
-
Carlos E. R. -
Carlos E. R. -
Carlos E. R. -
Per Jessen -
richard -rw- weinberger -
Rob OpenSuSE -
Stefan Seyfried -
Stephan Kulow