nsca and nrpe2 syslog facility

[Brian A. Seklecki]

On Tue, 2007-11-20 at 11:00 +0100, Andreas Ericsson wrote:
> Brian A. Seklecki wrote:
> > nsca.c @ line 134 of 1450
> > 
> >   openlog("nsca",LOG_PID|LOG_NDELAY,LOG_DAEMON); 
> >  
> >   prototype: void openlog(const char *ident, int logopt, int facility);
> > 
> > We should probably make that a config-file defined variable.  At the
> > *very* least, a GNU autoconf compile-time configure option -> #DEFINE
> > 
> 
> Err... say what now?

The facility should be adjustable away from LOG_DAEMON

[...]

> And no, most default syslog.conf files won't split nrpe logs to
> several destinations. They will all end up in /var/log/messages
> due to this line:
> 
> *.info;mail,cron,kern.none                    /var/log/messages

It's really distro-dependent.  I looked at FreeBSD 6x and Solaris.  

A really busy production Nagios system is probably going to disable the
in-tree syslogd(8).


> You could add something like this:
> daemon.*          /var/log/message/daemon.log

How does that help?  Now I've got NRPE and NSCA logging to the same
file, plus anything else in my userland that likes to log to LOG_DAEMON.
See below.

> Sure, but since there aren't enough facilities for every program to have
> its own, the facilities need to be shared. I fail to see the problem here,
> since so far the only ones you've mentioned are downright wrong.

Sure there are.  There are 8 localized facilities.  The system's
*primary* application demands a dedicated localized facility -- that's
what they were invented for.

Who runs more than 8 system-specific production applications on one
system?  No one -- its a bad administrative practice.

Well, maybe some low-end shops but *THAT'S* when you resort to syslog-ng
program-based filters.

For a nagios dedicated server, you're going to have at the most: Nagios,
NSCA, NRPE (local0, local1, local2). 

The system daemons (ntp, cron, ssh, sendmail, etc.) can all share the
"system" facilities: Daemon, Cron, Auth, Mail, UUCP, FTP, News

> > For example, there's only one or two LOG_DEBUG's, but the config file
> > only defines a boolean log statement.
> > 
> 
> True that. I wouldn't mind having various verbosity levels in nrpe, but
> that's got absolutely *NOTHING* to do with openlog(3).

I'll compile a small list of production quality applications that let
you specify the syslog facility:

- ISC BIND
- Net-SNMP
- Jabber
- OpenLDAP
- FreeRADIUS
- Sudo
- PostgreSQL
- ISC DHCP
- Cisco IOS
- Samba


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/