[colug-432] named pipe vs tail -F /path/to/file

Rick Hornsby richardjhornsby at gmail.com
Thu Aug 2 19:50:45 EDT 2012

Curious about opinions/thoughts.  I have haproxy logging activity via
syslog.  HAproxy logs contain lots of useful information about HTTP
transactions (request, timing, result code, etc).  I'd like to process
the logs in real time, so I set up syslog to not only write the log to
a file, but also to a named pipe, /tmp/haproxy.log.pipe.  I figured
this would be the ideal way to peel off and process log data as it
happened (using awk, etc) - realtime.

Except for one thing - when syslog restarts for logrotate, the pipe is
broken for a moment.  Anything reading from the pipe dies, because
that's how pipes work.  So the script that was processing the log data
coming off the pipe goes away.

One alternative is to tail -F /var/log/haproxy.log |
/path/to/processor, but boy that just seems hackish - and not in the
good way.

Is a named pipe the right tool?  Does it make sense to somehow trap
the signal that is causing the script to bail?  It isn't critical that
every single log event be processed, but we want to make a best effort
so that we're not losing information.

More information about the colug-432 mailing list