On Mon, 18 Feb 2002, Marcus J. Ranum wrote: > It seems to me that a decent enough approach would be to implement a > remote file by just having a process nail a fifo and let that appear > to be the output file. Then never bother log-rotating again; just let > the process transmit the data to a remote machine as fast as it comes > in (encryption optional...) and let the remote machine do log rolling, > etc. We're not We've been using this approach at my site. In fact, you can pretty much ditch syslogd at that point. We've instead replaced it with an 80 line C program which reads datagrams and prints them to stdout. We pipe it to a tee-like program which writes a local copy to disk (we use DJB's multilog) and ships another copy to the remote logserver. The remote logserver, of course, allows nothing but the appending of log lines (no execution of programs is allowed, no seeking within log files, etc). -Jeff --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 07:08:31 PST