Also been playing with the event logging stuff, and it's really nice in
conjunction with the svcctl feature. It's kind of weird on implementation
though. Couple of thoughts here.
First, the eventlog daemon should have a command-line switch to read in
single-line logfiles directly. Right now there is a three-stage conversion
process where single-line text has to be converted to multi-line text, and
then gets converted to binary for storage. This is far more complicated
and fragile than needed, and eventlogd should be able to read single-line
text directly with a command-line switch (or even be smart enough to
recognize that it isn't getting multi-line text and switch to the correct
mode automatically).
Going beyond that, it would be nice if the event logger was a
multi-threaded daemon, that was capable of reading multiple inputs
simutaneously. Currently each input has to use at least two processes (not
counting the master process that starts each of the source-specific
converter child processes), which further adds to the fragility.
Going plus-plus on that, it would be really nice if the multi-threaded
event logger daemon could simply read pipe inputs. I can tell syslog-ng to
send log activity to one or more pipes... it would be nice if I could tell
the event logger daemon to monitor said pipes.
>From a configuration POV this might be easiest to implement with an
[eventlog] section in smb.conf, with entries that direct the daemon to the
input pipes and/or files, and which tell it which output event logs to map
the input to. EG:
[eventlog]
event source = "System", 1, /var/log/messages
event source = "DHCP", 2, /var/log/dhcpd.pipe
Thanks
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/