From owner-freebsd-hackers Thu Feb 20 16:59:54 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA21621 for hackers-outgoing; Thu, 20 Feb 1997 16:59:54 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA21598 for ; Thu, 20 Feb 1997 16:59:50 -0800 (PST) Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by who.cdrom.com (8.7.5/8.6.11) with SMTP id OAA25536 for ; Thu, 20 Feb 1997 14:21:02 -0800 (PST) Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id XAA12753 for freebsd-hackers@freebsd.org; Thu, 20 Feb 1997 23:20:57 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.8.5/8.6.9) id WAA29125; Thu, 20 Feb 1997 22:54:40 +0100 (MET) Message-ID: Date: Thu, 20 Feb 1997 22:54:40 +0100 From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-hackers@freebsd.org Subject: Re: License to kill annoying syslog feature? References: <199702200713.RAA08383@ogre.devetir.qld.gov.au> X-Mailer: Mutt 0.55-PL10 Mime-Version: 1.0 X-Phone: +49-351-2012 669 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: <199702200713.RAA08383@ogre.devetir.qld.gov.au>; from Stephen McKay on Feb 20, 1997 17:13:17 +1000 Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk As Stephen McKay wrote: > >I am very happy with the IRIX 5.3 syslog. It supports the syntax > > > >*.debug;kern.none;user.none |/var/syslog/log-filter /var/syslog/all > Shouldn't we add better log filtering to syslogd instead? That wouldn't have helped me, however. That's why i remembered IRIX, and implemented the subprocess pipe stuff for syslogd. To make the picture short: A customer suffers from a bug in his telecommunications equipment. Unfortunately, this one has been made by the ``German IBM'', thus it's expensive, and said company is unflexible enough so nobody hopes for a bugfix within the next two or three years. Now, they've got a router that jams whenever the telco experiences this bug. This router logs to that FreeBSD machine, and the jamming is detectable by making educated guesses on the logged messages. To do this, i pipe the log messages of some facility into a Perl script, which in turn telnets to the router if it detects the failure condition, and simply reboots the router. It's a gross solution, but it had the advantage that it works, and that it doesn't depend on anybody else (so it was available within a week). > Add some new syntax supporting arbitrary regular expressions. That should > be enough for everyone. Show me how you would solve my problem with arbitrary regular expressions. You win a prize. :-) -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)