Event driven based on syslog messages

[Luc Larochelle]

Hi there, I'm not so sure this is the right forum to discuss these matters, but I'm curious and I know there are some fine folks around here who might have various interests so here we go :)

I'd like to build an event driven API based engine to work with, but not exclusively, syslog messages as actuators. That would be a first experience with Mojo::IOLoop for me, but it seems appropriate for this project.

The part I'm wondering about is how to capture relevant syslog messages. I have rsyslogd on the server already listening and configured with filters for message forwarding. Would that be the correct way to achieve this ? Messages should be forwarded to a socket that could parse them (Sys::Syslog or such?) and act upon ?  Or are there modules in the framework I could use for that purpose ? 

I need guidance on this, any relevant comment would be highly appreciated.

Cheers,

Luc

[Heiko Jansen]

Bit late to the party, but anyhow....

If you tell rsyslogd to send output to a socket (using omuxsock), you can then use Mojo::IOLoop::Client to connect() to a socket via the "path" argument.

Afterwards you can make use of the IOLoop to process events for reading from the socket.

That's what you want? 

[Luc Larochelle]

Hello Heiko, this seems absolutely right after reading a bit about it.  Since I've never used Unix sockets nor Mojo::IOLoop, I'd like to double check my comprehension with you :)

So rsyslogd sends output to a Unix Socket (in occurence, a file ?) and Mojo::IOLoop::Client reads its content in real time ? Or is this some sort of queue ? 

IOLoop::Client would be used as an extension to feed some core function in IOLoop ? If you could explain the interactions that would be give me an edge ... and help kickstart my lab :) 

In the meanwhile I'll keep reading. 

Cheers,

Luc

[Heiko Jansen]

Sorry, completely missed your follow-up...

I'd say the synopsis of Mojo::IOLoop mostly shows what to do. Never tried it myself, but something along these lines should work:

use Mojo::IOLoop;


my $id = Mojo::IOLoop->client({ path => '/tmp/myapp.sock' } => sub {
  my ($loop, $err, $stream) = @_;
 
  $stream->on(read => sub {
    my ($stream, $bytes) = @_;
 
    # Process input
    say "Input: $bytes";
  });
});
 
# Start event loop if necessary
Mojo::IOLoop->start unless Mojo::IOLoop->is_running;

There may be other ways to achieve what you want, but this seems the easiest solution to me.

Of course there's no guarantee that your "read" callback is called exactly once for one complete new syslog entry. You may receive only parts of one log entry or a whole bunch of log entries at once and you have to parse and split them yourself, sometimes waiting for the rest of an entry to bee provided in the next call of your callback...

[Luc Larochelle]

Well thanks for taking the time to reply, I'll have a look into it. You wrote a long time ago, I was totally absorbed in a project.

Best regards,

Luc