Hi all,
I'm a recent metalog convert (I like the config syntax and the automatic log rolling/timestamping).
However, I found a bug (the 'zero maxtime divide by zero' bug) and a lack of a few features (inability to easily compress logs after rotation, and inability to supress repeated message summarization) that I prevented me from using metalog in a production environment.
I decided to give patching the source a go (the code is surprisingly clean & readable; kudos to the authors!) and wanted to share the fruits of my labors. I've uploaded 3 patches to the metalog's sourceforge patch page:
metalog-0.8_rc4-zero_maxtime.patch:
Fixes the 'divide by zero' error that you get if you attempt to disable time-based log rotation by setting the 'maxtime' variable in metalog.conf to 0.
metalog-0.8_rc4-postrotate_cmd.patch:
Allows metalog to run a command/shell script after file rotation. This can be useful if you want to compress or backup your log files after rotating them.
metalog-0.8_rc4-showrepeats.patch
This can be useful if you require prompt reporting of identical entries (i.e. if you are using a log monitor, such as SWATCH or SEC), as the repeat summary can cause duplicate lines to be delayed an indeterminate amount of time before being written to the log.
Note that the patches need to be applied in the order listed (maxtime, postrotate_cmd, showrepeats). You might be able to apply them with some fuzz, but I can't speak for what happens if you do.
Hope somebody finds these useful,
-Eric
|
