Talk:Syslog-NG Installation
(unfortunately) |
DrModiford (Talk | contribs) m (Sometimes the simplest way..) |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 10: | Line 10: | ||
Unfortunately, I haven't messed with syslog-ng at all and thus can't be of any assistance... but it's an interesting topic and I very much appreciate your sharing your experience here! --[[User:Jimbo|Jimbo]] 21:32, 6 June 2008 (EDT) | Unfortunately, I haven't messed with syslog-ng at all and thus can't be of any assistance... but it's an interesting topic and I very much appreciate your sharing your experience here! --[[User:Jimbo|Jimbo]] 21:32, 6 June 2008 (EDT) | ||
+ | |||
+ | == Not so much Syslog-NG but... == | ||
+ | |||
+ | ...the redirection script under the 'Syslog-NG Piping' section called 'syslog-pipe.sh'. All it does is constantly loop taking anything sent to the pipe in '/var/log/mysql.pipe' to MySQL. However it drops out for no apparent reason. I have used a cron-job to restart it, because (somewhat thankfully) the pipe queues up information so nothing is lost during this downtime. Not ideal but it's a work-around. | ||
+ | |||
+ | Thanks for the feedback Jimbo, hopefully it will be of use to others. | ||
+ | |||
+ | Best regards, | ||
+ | |||
+ | DrModiford. | ||
+ | |||
+ | == oh. THAT, I can answer: == | ||
+ | |||
+ | # Loop MySQL pipe function | ||
+ | while [ -e /var/log/mysql.pipe ] | ||
+ | |||
+ | As soon as you hit EOF one time on your pipe, the script breaks out of your while loop and is done. Try an infinite while with an if statement nested inside, instead of the conditional while you're using now. | ||
+ | |||
+ | What does this continuously looping shell script running in the background do to your CPU usage, btw? --[[User:Jimbo|Jimbo]] 08:16, 7 June 2008 (EDT) | ||
+ | |||
+ | == what I don't see is... == | ||
+ | |||
+ | What actually writes ''to'' mysql.pipe? I see a couple scripts (your rc.d script, and the /usr/local/bin script) that create the fifo and/or dump its contents into the mysql db, but I don't see any config stuff that would cause things to go INTO mysql.pipe to begin with. What am I missing? --[[User:Jimbo|Jimbo]] 08:22, 7 June 2008 (EDT) | ||
+ | |||
+ | == Mea culpa, mea culpa, mea maxima culpa... == | ||
+ | |||
+ | ...alright - perhaps maybe, just maybe, I missed a vital piece of configuration file for the Syslog-NG service itself! | ||
+ | |||
+ | Hopefully that clarifies how A gets to B now! | ||
+ | |||
+ | Thanks for the tip on the script - I shall update my server soon and let you know the utilization is, if any at all. | ||
+ | |||
+ | == Perhaps this will do it == | ||
+ | |||
+ | I did a search and found the following page (sorry for the Google Cache, the servers were "down for maintenance" at the time) | ||
+ | |||
+ | http://64.233.183.104/search?q=cache:O_RZM0qyDiQJ:www.ibm.com/developerworks/forums/thread.jspa%3FthreadID%3D120023%26tstart%3D0+sh+script+continuous+loop&hl=en&ct=clnk&cd=1&gl=uk | ||
+ | |||
+ | (the original http://www.ibm.com/developerworks/forums/thread.jspa?threadID=120023&tstart=0) | ||
+ | |||
+ | The last posting on the cached page had some good pointers, including a 'sleep' command to reduce CPU over-usage. | ||
+ | |||
+ | I suspect the original while-loop checks to see if there is anything in the pipe before continuing the process, so it may only get busy when a set of network-originating Syslog events are sent through to the pipe itself. While simply running as is (following the update to the code) it is not noticeable using 'top'. | ||
+ | |||
+ | == Sometimes the simplest way.. == | ||
+ | |||
+ | ...is to crib off someone else ;-) | ||
+ | |||
+ | As noted on the main article, I found a good method for piping directly to MySQL (still using the [[mkfifo]] command method) but without the external script on a Gentoo guide of a similar nature to this one. | ||
+ | |||
+ | Having implemented it on my production box its working fine, the script method would have dropped out by now! |
Latest revision as of 17:29, 9 June 2008
The Syslog / MySQL Pipe script is the best I could do from what I could gather from examples. It does however drop-out and require restarting. My fix was to use a cron job to restart it daily. Could any fellow Wiki member here care to expand on what I have missed in order to improve it?
There is just a few more things to add to the Syslog-NG article before it's finished, but any help on the above issue would be greatly beneficial.
Best regards,
DrModiford.
Contents |
[edit] unfortunately
Unfortunately, I haven't messed with syslog-ng at all and thus can't be of any assistance... but it's an interesting topic and I very much appreciate your sharing your experience here! --Jimbo 21:32, 6 June 2008 (EDT)
[edit] Not so much Syslog-NG but...
...the redirection script under the 'Syslog-NG Piping' section called 'syslog-pipe.sh'. All it does is constantly loop taking anything sent to the pipe in '/var/log/mysql.pipe' to MySQL. However it drops out for no apparent reason. I have used a cron-job to restart it, because (somewhat thankfully) the pipe queues up information so nothing is lost during this downtime. Not ideal but it's a work-around.
Thanks for the feedback Jimbo, hopefully it will be of use to others.
Best regards,
DrModiford.
[edit] oh. THAT, I can answer:
# Loop MySQL pipe function while [ -e /var/log/mysql.pipe ]
As soon as you hit EOF one time on your pipe, the script breaks out of your while loop and is done. Try an infinite while with an if statement nested inside, instead of the conditional while you're using now.
What does this continuously looping shell script running in the background do to your CPU usage, btw? --Jimbo 08:16, 7 June 2008 (EDT)
[edit] what I don't see is...
What actually writes to mysql.pipe? I see a couple scripts (your rc.d script, and the /usr/local/bin script) that create the fifo and/or dump its contents into the mysql db, but I don't see any config stuff that would cause things to go INTO mysql.pipe to begin with. What am I missing? --Jimbo 08:22, 7 June 2008 (EDT)
[edit] Mea culpa, mea culpa, mea maxima culpa...
...alright - perhaps maybe, just maybe, I missed a vital piece of configuration file for the Syslog-NG service itself!
Hopefully that clarifies how A gets to B now!
Thanks for the tip on the script - I shall update my server soon and let you know the utilization is, if any at all.
[edit] Perhaps this will do it
I did a search and found the following page (sorry for the Google Cache, the servers were "down for maintenance" at the time)
(the original http://www.ibm.com/developerworks/forums/thread.jspa?threadID=120023&tstart=0)
The last posting on the cached page had some good pointers, including a 'sleep' command to reduce CPU over-usage.
I suspect the original while-loop checks to see if there is anything in the pipe before continuing the process, so it may only get busy when a set of network-originating Syslog events are sent through to the pipe itself. While simply running as is (following the update to the code) it is not noticeable using 'top'.
[edit] Sometimes the simplest way..
...is to crib off someone else ;-)
As noted on the main article, I found a good method for piping directly to MySQL (still using the mkfifo command method) but without the external script on a Gentoo guide of a similar nature to this one.
Having implemented it on my production box its working fine, the script method would have dropped out by now!