File: benefits.html

package info (click to toggle)
socklog 2.1.0%2Brepack-4
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 1,128 kB
  • sloc: ansic: 3,422; sh: 362; makefile: 323
file content (128 lines) | stat: -rw-r--r-- 4,997 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<title>socklog - benefits</title>
</head>
<body>
<a href="http://smarden.org/pape/">G. Pape</a><br>
<a href="index.html">socklog</a>
<hr>
<h1>socklog - benefits</h1>
<hr>
<a href="#logrotation">Log file rotation based on file size</a><br>
<a href="#selecting">Selecting and de-selecting log entries</a><br>
<a href="#network">Modular, reliable network logging</a><br>
<a href="#sortable">Sortable logs</a><br>
<a href="#smallcode">Small code size</a>
<hr>
Most of the benefits described here are actually benefits of
<a href="http://smarden.org/runit/svlogd.8.html">svlogd</a> and
<a href="http://cr.yp.to/daemontools/multilog.html">multilog</a>.
But since <i>socklog</i> uses
<a href="http://smarden.org/runit/svlogd.8.html">svlogd</a>
as its back-end, the benefits apply
to <i>syslogging</i> with <i>socklog</i>.
<hr>
<h2><a name="logrotation">Log file rotation based on file size</a></h2>
<p>
<a href="http://smarden.org/runit/svlogd.8.html">svlogd</a>
supports automatically rotated logs, there is no need for any other
tool running from cron or similar to rotate the logs.
<p>
<a href="http://smarden.org/runit/svlogd.8.html">svlogd</a>
keeps a specified number of log files with a maximum file size, so it is
possible to calculate a log file partition properly.
<p>
For example, this <tt>log/run</tt> file
<pre>
  #!/bin/sh
  LOGDIR=/var/log/socklog
  exec setuidgid log svlogd ${LOGDIR}/main ${LOGDIR}/debug
</pre>
with these log <tt>config</tt> files
<pre>
  # cat /var/log/socklog/main/config
  s4999999
  n10
  # cat /var/log/socklog/debug/config
  s999999
  n5
  -*
  +*.debug*
</pre>
causes
<a href="http://smarden.org/runit/svlogd.8.html">svlogd</a>
to hold maximal 10 log files, each of maximal size
4999999 bytes in <tt>/var/log/socklog/main/</tt>, and maximal 5 log files,
each of maximal size 999999 bytes in <tt>/var/log/socklog/debug/</tt>.
<p>
So the maximal used space for these both logs is less then:
<p>
<tt>(10 * 5000000) + (5 * 1000000) = 55000000 bytes < 55 MB</tt>
<p>
If there is any service acting up and filling up your logs rapidly,
you will never run into a filled up log partition, causing loss of new
log entries, even of other services.
You can lose old log entries from this service, but will ever have the
recent ones.
<p>
Please note that above numbers could change if you use 
<a href="http://smarden.org/runit/svlogd.8.html">svlogd</a>
with a <i>processor</i>.
<hr>
<h2><a name="selecting">Selecting and de-selecting log entries</a></h2>
<a href="http://smarden.org/runit/svlogd.8.html">svlogd</a>
supports selecting and de-selecting log lines based on pattern matching.
<p>
This is much more flexible than the usual <i>syslogd</i> support for
selecting log entries by <tt>facility</tt> and <tt>priority</tt>.
Of course, selecting entries by <tt>facility</tt> or <tt>priority</tt> is
still possible with <i>socklog</i> and
<a href="http://smarden.org/runit/svlogd.8.html">svlogd</a>,
just like the default <i>socklog-unix</i> configuration shows.
<p>
This line selection feature is also used for <i>socklog</i>'s instant
<a href="notify.html">Log events notification</a>.
<hr>
<h2><a name="network">Modular, reliable network logging</a></h2>
The <i>socklog-inet</i> service can be used to replace a <i>syslog</i>
network server, receiving log messages on UDP port 514.
Usually <i>syslog</i> clients try to transmit their logs to that port
using UDP.
<p>
<i>socklog</i> does not support this UDP network logging on the client
side.
<i>socklog</i> provides a different modular, reliable
<a href="network.html">Network logging concept</a> instead.
Logs are transmitted through network using a TCP connection in the default
configuration, log transmission failures are handled.
The modular design of
<a href="http://smarden.org/runit/">runit</a> and
<i>socklog</i> makes it possible to insert encryption, authentication,
compression, and more, easily.
<hr>
<h2><a name="sortable">Sortable logs</a></h2>
If <a href="http://smarden.org/runit/svlogd.8.html">svlogd</a> is
told to prepend log lines with time-stamps, the resulting logs are sortable.
So it is possible to merge different logs and sort them chronologically
without special effort.
<hr>
<h2><a name="smallcode">Small code size</a></h2>
One of the <i>socklog</i> project's principles is to keep the code size
minimal. As of version 0.8.0 of <i>socklog</i>, the <tt>socklog.c</tt>
source contains only about 400 lines of code; the <tt>uncat.c</tt> source is
about 200 lines of code.
<p>
This minimizes the possibility of bugs introduced by programmer's fault,
and makes it more easy for security related people to proofread the source
code.
<p>
Of course this also means that <i>socklog</i> never will evolve to a
multi-/over-featured, bloated project.
<hr>
<address><a href="mailto:pape@smarden.org">
Gerrit Pape &lt;pape@smarden.org&gt;
</a></address>
<small>$Id: benefits.html,v 1.12 2003/08/09 16:15:38 pape Exp $</small
</body>
</html>