[Madlug] logger behaviour was MadLUG Logging Presentation

Tue Sep 25 18:35:43 CDT 2007

Martin,

I just now found this email.  In the end we decided to
rotate the logs daily and dump the contents to a SQL
server.  From there they get pulled to a central
server.  However I intend to use rsyslog to pipe other
kinds of logs to a central syslog server.  It just
turned out that for clustered web logs a partial
custom solution let us do what we wanted and remain
flexible enough to adapt to other needs.

Thanks.

--- "Martin A. Brown" <martin at linux-ip.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Greetings,
> 
>  : - I can pipe the logs to /usr/bin/logger which
> will send them to 
>  :   syslog; however this seems to be inefficient
> because it has to 
>  :   spawn logger all the time (unless i'm
> misunderstanding)
> 
> I had meant to reply to this message earlier.  I
> wanted to clarify 
> something here.  In fact this technique is not quite
> as inefficient 
> as you might guess.  The logger command (in
> util-linux on 
> RedHat-based systems, at absolute least) has smart
> behaviour.  You 
> can invoke logger in one of two primary fashions:
> 
>   A:  logger [options] -- ARG ARG ARG
>   B:  logger [options]
> 
> Note that in style A, any arguments are concatenated
> and sent to the 
> syslog listener as a single line, a single syslog
> message.  
> 
> However, when you use logger in an Apache
> configuration file, you 
> are using style B.  Note that there are no arguments
> to the logger 
> command.  The utility will, instead, read from its
> STDIN.  As an 
> instructive example, try running the following:
> 
>   ifconfig | logger -it 'ifconfig'
> 
> Now, you should see lines that look like most other
> logging lines, 
> but show the program as "ifconfig" and the PID. 
> You'll also notice 
> that the PID does not change (the -i flag causes
> logger to include 
> the PID).  Since the PID does not change, this means
> that you have 
> caused one fork/exec and logger is simply reading
> from STDIN, and 
> send()ing the data to the syslog listener.  The
> logger process will 
> exit when it reaches the EOF (end of file, end of
> the input).
> 
> Amusingly, logger does not connect() to the
> well-known log socket 
> (/dev/log) until it receives the first line on
> STDIN.  And, 
> robustly, the version of logger that comes with
> util-linux-2.13 is 
> also smart about reconnecting to the log socket when
> it encounters a 
> problem.  So, in theory, anyway, logger is safe to
> use in this 
> fashion, Travis.
> 
> For services with lower volume output, I have
> actually used logger 
> in exactly this fashion without a single problem (to
> date).  I do 
> not know how logger would hold up for higher volume
> logging, 
> though....sounds like a good potential experiment!
> 
> - -Martin
> 
> - -- 
> Martin A. Brown
> http://linux-ip.net/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> Comment: pgf-0.72
> (http://linux-ip.net/sw/pine-gpg-filter/)
> 
>
iD8DBQFG9sf6HEoZD1iZ+YcRAoZ/AKDyq1r7hqVux6bLtIQ4R03NC4DH0wCbBpGn
> Pz2Hpsd5Z8JnP4ldT3g7DrY=
> =BMCw
> -----END PGP SIGNATURE-----
> 

      ____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect.  Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 