0

Some services (nginx, buildbot, et cetera) only support logging to a file. Is there a way to reliably capture these log messages using syslog and friends, so that the log message can be reflected in the system logs and/or forwarded to a log service on another server?

Would it be feasible to create additional devices like /dev/log and point the service to log to those? In this case, would it be necessary to use some sort of wrapper in order for the service to open and write to /dev/log just like any other file?

Or would it be feasible for syslog to create a UNIX socket listener, and for a service to open and write to that just like any other file?

Monica For CEO
  • 330
  • 1
  • 17
  • 3
    Both rsyslog and syslog-ng can read from a file. It would be a good idea to at least glance through the documentation before posting. – Jenny D Aug 14 '15 at 17:41
  • Looking through the manpages now... with this approach would you happen to know whether or not there might be issues when the non-syslog log files are rotated, for example, if syslog ended up watching the rotated file instead of the new one? – Monica For CEO Aug 14 '15 at 17:47
  • Don't move the file when rotating; do copy-truncate instead. – Jenny D Aug 14 '15 at 17:48
  • 1
    As for rsyslog, details (about log-rotation and other stuff) are reported in the official documentation, here: http://www.rsyslog.com/doc/v8-stable/configuration/modules/imfile.html – Damiano Verzulli Aug 14 '15 at 17:50
  • For syslog-ng file monitoring https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-3.5-guides/en/syslog-ng-ose-v3.5-guide-admin/html/configuring-sources-file.html – Monica For CEO Aug 14 '15 at 18:00
  • Instead of monitoring the log file, might it be feasible to eliminate the extra log file... seems wasteful to write to disk and then read from disk an extra time for every log message... – Monica For CEO Aug 14 '15 at 18:02

1 Answers1

0

You can log anything that is written to a file. A while back, I wrote a blog post about logging from apache to syslog-ng.

Tom Damon
  • 149
  • 3