nsca and nrpe2 syslog facility
Andreas Ericsson
ae at op5.se
Tue Nov 20 11:00:14 CET 2007
Brian A. Seklecki wrote:
> nsca.c @ line 134 of 1450
>
> openlog("nsca",LOG_PID|LOG_NDELAY,LOG_DAEMON);
>
> prototype: void openlog(const char *ident, int logopt, int facility);
>
> We should probably make that a config-file defined variable. At the
> *very* least, a GNU autoconf compile-time configure option -> #DEFINE
>
Err... say what now?
> Default syslog.conf(5)'s everywhere are going to split the destination
> into a variety of files (because of priorities), which is insanely
> annoying.
>
First off, let's get one thing straight right from the start.
Syslog uses a facility and severity pair which, combined, is called
priority. It's actually a single number, calculated like so:
pri = (fac << 3) + sev
What people normally do (in my experience) is to put logs from
different *facilities* in one file, and additionally log LOG_WARN
or LOG_ERR and above to somewhere else.
And no, most default syslog.conf files won't split nrpe logs to
several destinations. They will all end up in /var/log/messages
due to this line:
*.info;mail,cron,kern.none /var/log/messages
which tells syslogd to log all facilities with a severity worse
than "info" to /var/log/messages. mail, cron and kernel logs
are explicitly exempted.
> Most big shops end up using syslog-ng and filter on program:
>
> filter f_prog_nrpe { program("nrpe"); };
>
You could add something like this:
daemon.* /var/log/message/daemon.log
to get all NRPE logs in one file. Granted, it will be along with
every other application that logs to the LOG_DAEMON facility, but
you really don't want filter your events based on severity. That
way you can get a "WARNING: Internal inconsistency. Attempting autofix"
in one logfile and then immediately after "ERROR: Autofix failed,
quitting" in another logfile.
> Then we can route it out to destinations regardless of priorities before
> fall-back facility.priority(*) wildcard gets caught.
>
Sure, but since there aren't enough facilities for every program to have
its own, the facilities need to be shared. I fail to see the problem here,
since so far the only ones you've mentioned are downright wrong.
> For example, there's only one or two LOG_DEBUG's, but the config file
> only defines a boolean log statement.
>
True that. I wouldn't mind having various verbosity levels in nrpe, but
that's got absolutely *NOTHING* to do with openlog(3).
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
More information about the Developers
mailing list