Hi,<br><br>I'm using syslog-ng 2.0.0 (yes I know...) on a debian loghost. Files generated via df_monitor (see configuration extract below) are deleted by the monitoring process about 4 min after having been written by syslog-ng.<br>
My problem is that these files remain opened (lsof | grep deleted) by syslog-ng after deleted whereas time_reap option is set to 30s.<br>I googled the issue and just found <a href="https://lists.balabit.hu/pipermail/syslog-ng/2003-January/004416.html">https://lists.balabit.hu/pipermail/syslog-ng/2003-January/004416.html</a> which is not my exact case (macros are actually used in filenames).<br>
I didn't find any bugfix/feature on time_reap in the changelog of subsequent versions ... <br><br>Thanks in advance for your help<br><br>Regards<br>Erwan<br><br><br>options {<br> chain_hostnames(0);<br> time_reopen(10);<br>
time_reap(30);<br> log_fifo_size(8192);<br> create_dirs(yes);<br> group(adm);<br> perm(0660);<br> dir_group(adm);<br> dir_perm(0755);<br> use_dns(no);<br> log_msg_size(4096);<br>
use_fqdn(yes);<br> keep_hostname(yes);<br> use_time_recvd(no);<br>};<br>source s_machines {<br> tcp(ip("890.123.456.789") port(514) max_connections(100)); <br>};<br>template tpl_monitor {<br>
template("$S_YEAR-$S_MONTH-$S_DAY $S_HOUR:$S_MIN:$S_SEC $FULLHOST ==$LEVEL== [$PROGRAM] $MESSAGE\n");<br> template_escape(no);<br>};<br>destination df_monitor {<br> file("/var/log/monitor/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR-$R_MIN" template(tpl_monitor) group(monitor) dir_perm(0775) dir_group(monitor) owner(loghost-maintainer));<br>
};<br>destination dh_backup-loghost {<br>
tcp("123.456.789.890" port(514)); <br>
};<br>
log{<br> source(s_machines);<br> destination(df_monitor);<br> destination(dh_backup-loghost);<br>};<br><br>