RE: Better Syslog server

From: Rex Monty di Bona (rex@comsmiths.com.au)
Date: 03/19/03

Next message: Ivanov, Vladimir: "RE: Better Syslog server"

Previous message: mlh@zipperii.zip.com.au: "Re: Better Syslog server"
Maybe in reply to: Matt Harris: "Better Syslog server"
Next in thread: Ivanov, Vladimir: "RE: Better Syslog server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 19 Mar 2003 10:11:06 +1100
From: rex@comsmiths.com.au (Rex Monty di Bona)
To: focus-sun@securityfocus.com

One thing to note with the provided syslog server is that you can direct messages to a
local script. This allows easy parsing of the selected messages (all if desired)
without replacing syslog. Nice if you are afraid of patches etc.

Steps are:

create a named pipe:
# mknod /etc/syslog_pipe p

run the following script (or one like it) on the pipe:
#!/bin/sh
while :
do
        while read message
        do
                echo message is $message
        done < /etc/syslog_pipe
        echo syslog restarted
done

and add the appropriate lines to /etc/syslog.conf:

*.debug /etc/syslog_pipe

Next message: Ivanov, Vladimir: "RE: Better Syslog server"

Previous message: mlh@zipperii.zip.com.au: "Re: Better Syslog server"
Maybe in reply to: Matt Harris: "Better Syslog server"
Next in thread: Ivanov, Vladimir: "RE: Better Syslog server"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]