[rsyslog-notify] Forum Thread: blocking ompipe - (Mode 'post')

[noreply at adiscon.com]

User: h0nIg 
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24911#p24911

Message: 
----------
Hey guys,

we got the following requirement:
our internal servers have a vlan and all internal servers are logging to a
central (internal) rsyslog instance via rsyslog relp. In addition we got
some external servers that are not connected to our internal network,
because of security concerns. To include the logs of the external servers
we need some kind of queue, where the central rsyslog instance can connect
to and pull the logs from. To achieve this requirement, i searched through
the rsyslog plugins and came across the omprog and the ompipe module. The
omprog got a pipe buffer of about 60kb (on ubuntu) and the messages are
lost if the called programm is crashed and the data is not read from the
pipe. A named pipe is solving the queue mechanism, but because the ompipe
module is opening the pipe with O_RDWR|O_NONBLOCK it seems that the plugin
is writing the messages successfully to the pipe instead of waiting that a
reader has connected to the other end of the pipe (default behavior). This
results in loosing the messages because they are not saved within the queue
on e.g. restart. Since rsyslog is opensource, i created a pluggable module
out of the ompipe module that blocks if no readers are connected and want
to share that extension.

question 1: maybe it is possible to include the module into the main line?
I created the module for ubuntu 12.04 (5.8.6) and 14.04 (7.4.4) but i think
the current mainlive is 8.x?
question 2: is there some intention to create reverse relp plugins? e.g.
the "omrelpqueue" opens a port on an external server and is waiting for
connections that pulls the messages. The "imrelppull" connects to the
external server and pulls the messages.

regards
Hajo