From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/1164 Path: news.gmane.org!not-for-mail From: Vincent Danen Newsgroups: gmane.comp.sysutils.supervision.general Subject: Re: monitoring svlogd-produced logfiles Date: Wed, 14 Jun 2006 18:10:05 -0600 Organization: Annvix Message-ID: <20060615001005.GR898@annvix.org> References: <20060614233508.GP898@annvix.org> <20060614235909.GA20474@home.power> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ItuD4UcHtAunF/cq" X-Trace: sea.gmane.org 1150330249 3510 80.91.229.2 (15 Jun 2006 00:10:49 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 15 Jun 2006 00:10:49 +0000 (UTC) Original-X-From: supervision-return-1400-gcsg-supervision=m.gmane.org@list.skarnet.org Thu Jun 15 02:10:46 2006 Return-path: Envelope-to: gcsg-supervision@gmane.org Original-Received: from antah.skarnet.org ([212.85.147.14]) by ciao.gmane.org with smtp (Exim 4.43) id 1FqfRZ-0003Bd-Eg for gcsg-supervision@gmane.org; Thu, 15 Jun 2006 02:10:41 +0200 Original-Received: (qmail 30759 invoked by uid 76); 15 Jun 2006 00:11:02 -0000 Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Archive: Original-Received: (qmail 30750 invoked from network); 15 Jun 2006 00:11:02 -0000 Original-To: supervision@list.skarnet.org Content-Disposition: inline In-Reply-To: <20060614235909.GA20474@home.power> X-Mailer: Mutt 1.5.x/OS X 10.4.x X-PGP-Key: http://linsec.ca/vdanen.asc X-URL: http://annvix.org/ User-Agent: Mutt/1.5.10i X-SA-Exim-Connect-IP: 68.149.37.7 X-SA-Exim-Mail-From: vdanen@annvix.org X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on hades.annvix.org X-Spam-Level: X-Spam-Status: No, score=-1.4 required=6.0 tests=ALL_TRUSTED autolearn=ham version=3.1.0 X-SA-Exim-Version: 4.2 (built Wed, 01 Feb 2006 18:29:36 -0700) X-SA-Exim-Scanned: Yes (on hades.annvix.org) Xref: news.gmane.org gmane.comp.sysutils.supervision.general:1164 Archived-At: --ItuD4UcHtAunF/cq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Alex Efros [2006-06-15 02:59:09 +0300]: > There a lot of ways to do what you need and I think you overcomplicate. Very possible... =3D) > If you don't need svlogd writing to disc and wish to redirect it output > to some 'summarize' program, then why not use that program instead of > svlogd in ./log/run? Main svlogd task is reliable _writing_to_disc_! No, I do need svlogd to write to disk. Well, maybe not. I'm using socklog for my logging so, for instance, I have /var/log/system/all which has a config of "*.*". I can duplicate that to something else, but svlogd is handling all of the logging from socklog. So I do need svlogd to do it's thing (unless I setup another socklog service to read /dev/log... can I have two socklog processes doing that?) > But you can configure svlogd to duplicate your logs (optionally filtered) > to STDERR (in addition to writing to disc). In degenerate case you even > can configure svlogd to write nothing to disc and send all log lines to > STDERR, but I don't understand why you need svlogd in this case. :) No, I need svlogd to write the logs to disk. In addition to the on-disk logs, I want something to process those logs in realtime... to make a summary log and something that I can have sitting open writing matched entries to STDOUT so I can view it over ssh on my desktop... in realtime. > Then, in ./log/run you redirect svlogd's STDERR to some FIFO file: > svlogd /var/log/something 2>/var/log/MYFIFO > (you can configure a lot of different svlogd to output into single FIFO) > and setup special service which will fetch data from /var/log/MYFIFO, > summarize it, print colored to /dev/tty12 or everything - ./run example: > exec my_cool_summarizer <>/var/log/MYFIFO What does <> do? I've never seen that notation before. > Only one important note about FIFOs - if your 'my_cool_summarizer' > service will be down and will not read from /var/log/MYFIFO all other > svlogd which write into FIFO will also stop soon (after they fill kernel > buffers) and in turn will stop services which they logging. Right... if there's nothing to empty the buffer, it'll block svlogd. That's fine... I can make sure, via dependency handling, that the summarizing service is started first. Some ideas... =3D) BTW, I think I sent the response on the "tail -F" thing to you and not the list... to summ, I did try "-n 0 -F" and it didn't follow. Could be a swatch thing tho... I'll have to try it again and see if it still doesn't work. If it doesn't, I still need to find an alternative to it, so any suggestions are welcome. --=20 {FEE30AD4 : 7F6C A60C 06C2 4811 FA1C A2BC 2EBC 5E32 FEE3 0AD4} mysql> SELECT * FROM users WHERE clue > 0; Empty set (0.00sec) :: Annvix - Secure Linux Server: http://annvix.org/ :: --ItuD4UcHtAunF/cq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFEkKVdLrxeMv7jCtQRAm3sAJ0eg629v5pwHRthk9f7MuElsSCGjACcCMdh heIWUqh7D+SKNUjIm9qLu7A= =BlXh -----END PGP SIGNATURE----- --ItuD4UcHtAunF/cq--