Specialized Syslog Collector for Metrics via Syslog

I figured I would throw this out to the wolves, before working on any of the
ideas, in hope of collecting experience from any who have worked with this
idea before me. I’m likely to implement at least a proof of concept unless
someone points out a glaring show-stopping logic flaw.


Collect Graphite (or Graphite-style) centralized metrics (anything you can think of) via syslog. We don’t need a new way to send and collect small UDP messages.


“Why not?” is the question really.

“Why?” is easy:

  1. Uses as much omnipresent tooling as possible.
  2. Uses established system library calls instead of requiring developers to write, install, or copy/paste new ones.
  3. Because I found myself asking the following this past week: “Why am I about to build and package GNU netcat, for distribution to all of our Solaris 10 boxes, to get remarkably simple frigging UDP packets sent from shell commands?”

How: Client (Ideas)

Standard syslog configuration:

well-known-facility.well-known-severity        @metricshost

Developers use standard syslog calls specifying the well-known-facility and well-known-severity

For non-real-time metrics from “shell land”, just use logger(1)

How: Server (Ideas)

Tweak rsyslog or other well-known syslog “collector” product to:

  1. Parse basic Graphite or Graphite-like metric messages and perform RRD and/or Whisper writes. Additionally could implement built-in stats aggregation stuff like StatsD quite easily.
  2. Ignore all non-metric-conforming syslog data

Thanks for any thoughts below or via the original thread that links here.