[logs] syslog config file format poll

David Corlette dcorlette at novell.com
Fri Sep 7 10:52:07 PDT 2007 

Actually, I hate the syslog-ng format.  It's poorly documented and exampled, try finding any references on how to set it up to forward messages to another remote syslog daemon. 

Here's the relevant manpage section:

DESTINATIONS
       Destinations can be created using the destination keyword:
       destination <destname> { destdriver params; destdriver params; ... ; };
       * udp <ip>,<port> - network destination using the UDP protocol

Here's what a reasonable person would guess that means:

destination d_slesauth { udp 164.99.18.122, 514; };

And here's what actually works:

destination d_slesauth { udp("164.99.18.122" port(514)); };

Why not a comma after the IP? Where did the parens come from? Why is the IP quoted, and not the port? Why does it fail to parse if I get the tiniest thing wrong?

I'm sure there are perfectly good reasons for all the questions above, but without an example to follow I found this pretty tricky.

IIRC one of my favorite config formats of yore was from Nagios. But I guess my point really is: whatever format you choose, make your parser forgiving and document well (with lots of examples!).



>>> On Fri, Sep 7, 2007 at  6:30 AM, in message
<20070907103049.GN6000 at red-sonja.frakir.org>, "Mordechai T. Abzug"
<morty at frakir.org> wrote: 
> On Thu, Sep 06, 2007 at 05:13:16PM -0400, Marcus J. Ranum wrote:
>> Marcin Antkiewicz wrote:
>> >>I also like XML, because I work with XML-lovers who know how to parse
>> 
>> Minor nit: use of XML is actually prima facie evidence that you DON'T
>> know how to parse.
> 
> Heh.
> 
> I vote against XML.  Or at least for XML to not be the only way to
> config; you can always allow for multiple config mechanisms, and
> accept whichever is present, and/or merge multiple config methods if
> present.
> 
> syslog-ng has a perfectly good config format.  Might as well use
> something similar to that.
> 
> So, what does rsyslog do that syslog-ng doesn't?
> 
> - Morty
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis

More information about the LogAnalysis mailing list