Re: [EXIM] syslog?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: James FitzGibbon
Date:  
À: Vadim Vygonets
CC: exim-users
Nouveaux-sujets: Feeping Creaturism (was Re: [EXIM] syslog?)
Sujet: Re: [EXIM] syslog?
On Thu, 24 Dec 1998, Vadim Vygonets wrote:

> > Somebody is now going to tell me that syslog allows you to separate
> > things off into separate files.
>
> Syslogd(8) allows you to separate things off into separate files.
> Erm. Ahem. Always at your service.
>
> > (Is it standard on all versions of Unix?)
>
> I think so. Even such beasts as IRIX and AIX can do that. Not
> to mention Solaris [ducks, runs and hides under an old SunOS
> 4.1.4 machine].


The TIS FWTK (Firewall Toolkit), which is free for use but requires a
license to download, comes with a nice syslog that implements regex support.
We took the FreeBSD syslog, the TIS syslog, and built one that we use
in-house to sort our logs into some 30 files with a much higher level of
resolution than the standard syslog (which can only differentiate on
facility and priority).

My next task is to rip out the standard regex library and replace it with
PCRE so that a config line could look like this (in theory):

"^([\w]+){3}\s(\w+)\."        /var/log/mail/pop/$1


Thus taking this line:

Dec 23 11:00:06 mail2.tor.pvt accpop3d[11640]: [142.154.179.77:932355]
LOGOFF - START 0 msgs 0 bytes - END 0 msgs 0 bytes - 84 bytes out - 8 bytes
in - 0 RETRs

And writing it to /var/log/mail/pop/mail2. I haven't actually tried to link
anything against PCRE, so this might be completely bogus, but it gives me
something to do during the otherwise boring week after Christmas.

> > Well, I just wasn't familiar with syslog when I started (and
> > still am not) and what I did was to copy the way smail did things,
> > except that I invented a separate rejectlog.
>
> It would be nice to have syslog support. Then, we could send all


Agreed. This is a common request. Anyone who's been on this list for a
while knows that Philip is trying to wind down the feature creeping in
Exim, but I hope that this one is up near the top of the list.

It occurs to me that since all the logging functions are encapsulated in
log.c, it would be relatively simple to do something like this:

#ifndef USE_SYSLOG
void
log_write(int level, int flags, char *format, ...)
{
    [do writing to files on disk]
}
#else
void
log_write(int level, int flags, char *format, ...)
{   
    [do syslog(3) stuff]
} 
#endif


Granted, that is an all-or-nothing approach to integrating syslog, and using
#ifdefs makes it a compile-time option, but the concept is the same: adding
selection to the logging routines is easy due to the way that the logging
functions are currently organized.

> Also, it seems to me that this list is mostly European, as most
> of the things show up when it's afternoon or evening GMT (hmm,
> weird definition).


There are a few U.K. expatriates lurking about. 8-)

--
j.

James FitzGibbon                                                james@???
System Engineer, ACC Global Net                   Voice/Fax (416)207-7171/7610



--
*** Exim information can be found at http://www.exim.org/ ***