Comment by growse
2 years ago
Careful, some people will be along any second pointing out your approach limits your ability to use "grep" and "cat" on your log after recovering it to your pdp-11 running in your basement. Also something about the "Unix philosophy" :p
Seriously though, I think this is a great idea, and would be interested in how easy it is to write sqlite output adaptors for the various logging libraries out there.
> some people will be along any second pointing out your approach limits your ability to use "grep" and "cat" on your log
And they won’t be wrong.
Unix philosophy still applies
sqlite3 logs.db "select log from logs" | grep whatever
by the same argument the systemd binary logs also follow the unix philosophy
2 replies →
How would you tail or watch a sqlite log? (on a pdp-11 if necessary :)
Write a program using
https://www.sqlite.org/c3ref/update_hook.html
On a PDP-11, run this program via telnet, rsh, or rexec.
If you're more ambitious, porting SQLite to 2.11BSD would be a fun exercise.
Update hook doesn't trigger if the write happened from a different process.
2 replies →
`watch -n 5 sqlite3 logs.db "select log from logs" | grep whatever`
Just what I wanted, additional overhead and a five-second delay.
> Careful, some people will be along any second pointing out your approach limits your ability to use "grep" and "cat" on your log after recovering it
I wish Splunk and friends would have an interface like that. Sure it does basic grep, and it is a much more powerful language, but sometimes you just needed some command line magic to find what you wanted.
I've learned so much about Splunk this month. I hate it. The UX is hot garbage. Why are settings scattered everywhere? Why does a simple word search not return any results? Why is there no obvious way to confirm data is being forwarded; like actual packets, not just what connections are configured.
Is there a way to mount the sqlite tables as a filesystem?