When you compile pound, you can choose the facility it logs to. Normal
unix mentality would be to choose a facility that is unused, say,
local8, and use that. Then you can filter.
What I do is I use syslog-ng instead of a traditional syslogd, which
lets me do excerpts like this:
destination pound_access {
file("/var/log/pound/access_log.$YEAR.$MONTH.$DAY"
owner("root") group("root") perm(0400)
template("$MSGONLY\n")
template_escape(no)
);
};
destination pound_error {
file("/var/log/pound/error_log.$YEAR.$MONTH.$DAY"
owner("root") group("root") perm(0400)
template("$MSGONLY\n")
template_escape(no)
);
};
filter f_pound { program("pound"); };
filter f_notpound { not program("pound"); };
log { source(sys); filter(f_pound); filter(f_info);
destination(pound_access); };
log { source(sys); filter(f_pound); filter(f_error);
destination(pound_error); };
Which means I can use the f_notpound filter on my normal logs (like
/var/log/messages and /var/log/daemon/*) and the f_pound filter to dump
the pound access and error logs into files based on the date.
The advantage to syslog vs. stderr/stdout methods is that if your pipe
or logging process or drive gets full, it's possible pound's output
buffer will block waiting for the availability of the logfile, and stop
passing requests.
The syslog method is based on datagrams. The messages are sent to
syslog and syslog deals with them, or doesn't. You might lose some
messages under extreme load, but pound will continue to process traffic.
Even if my hard drive is completely full, it'll still function.
Joe
[...]
syslogd[...]
pound(at)apsis.ch.[...]
|
