Best practice to tail a log and start it as service using rc.d scripts

Eugene Grosbein eugen at grosbein.net
Tue Jul 4 18:31:47 UTC 2017


05.07.2017 1:02, Matthias Fechner wrote:

> Am 03.07.2017 um 20:21 schrieb Eugene Grosbein:
>> For logs written using standard syslog service, there is much
>> effective way.
>> 1. The syslogd daemon can run a subprocess and duplicate log stream to its
>> standard input. For example, write to its config:
>>
>> mail.*	"|exec nc localhost 5699 -"
>>
>> See man syslog.conf for details. You can even pipe not full log
>> but some part of it, f.e. `mail.notice' instead of `mail.*'
>> for important event only (no debug lines, no informational mesages).
> thanks for this, I will test that more in detail.
> I correctly have the problem if the mailtrain app is stopped, it closes
> the network socket which causes nc to terminate.
> This is not what I would like to have, but maybe syslog is restarting nc
> in this case?

This is documented in the syslog.conf(5) manual page I mentioned previously:

         The command will only be started once data arrives that should be
         piped to it.  If it exited later, it will be restarted as necessary.

> If not syslog is maybe not the right solution, but I will test this first.
> 
>> 2. And you need not modify system /etc/syslog.conf but create file
>> named like /usr/local/etc/syslog.d/mailtrain.conf with that single line.
>> Then use `service syslogd reload' to apply additional configuration
>> and syslogd will run your "addon" when corresponding logs is updated.
> 
> are you sure about this?
> I cannot find that described in any man page, /etc/defaults/rc.conf neither.
> I tested it but it is not working.
> Just added a file: /usr/local/etc/syslog.d/mailtrain.conf with content:
> mail.*  /var/log/maillog.err
> 
> I touched the /var/log/maillog.err and reloaded syslogd.
> But nothing appears in that file.

I should have mentioned before that this depends on FreeBSD version.
This feature presents in FreeBSD 11 and newer and was merged to 10-STABLE
but for some reason was removed from 10-STABLE several days ago
by request of jhb at .



More information about the freebsd-ports mailing list