
<p dir="ltr">It really is cool, thanks for this tool. Nevertheless, the journal source should have something to suppress old entries. Can you file an issue about that?</p>

<p dir="ltr">Thanks</p>

<div class="gmail_quote">On Jun 2, 2016 11:27 AM, &quot;Matwey V. Kornilov&quot; &lt;<a href="mailto:matwey.kornilov@gmail.com">matwey.kornilov@gmail.com</a>&gt; wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">31.05.2016 13:04, Matwey V. Kornilov пишет:<br>

&gt; Hello,<br>

&gt;<br>

&gt; I am running syslog-ng 3.7.1 and journald v210. The goal I want to reach<br>

&gt; is the following.<br>

&gt; I would like to replicate local system logs to remote endpoint using<br>

&gt; standard UDP protocol.<br>

&gt;<br>

&gt; So, I&#39;ve just disabled all destinations except the following one:<br>

&gt;<br>

&gt; destination logserver { udp(&quot;10.0.0.47&quot; port(514)); };<br>

&gt; log { source(src); destination(logserver); };<br>

&gt;<br>

&gt; The issue is the following. It seems that syslog-ng 3.7.1 uses journald<br>

&gt; natively for system() source. And I like it. The issue is that when I<br>

&gt; start syslog-ng it tries to sync all existing local journald data (about<br>

&gt; 5 GB of compressed journald data, 1.5 years of logs) from the beginning.<br>

&gt;<br>

&gt; I found in modules/systemd-journal/journal-reader.c that syslog-ng<br>

&gt; stores journald cursor in the persists file. I would like to point the<br>

&gt; cursor to the end of journald database in order to avoid unneeded log sync.<br>

&gt;<br>

&gt; The question is how could I do that in opensource syslog-ng version?<br>

<br>

I&#39;ve written simple yet useful application which solved the problem:<br>

<br>

<a href="https://github.com/matwey/syslog-ng-persist" rel="noreferrer" target="_blank">https://github.com/matwey/syslog-ng-persist</a><br>

<br>

&gt;<br>

&gt; ______________________________________________________________________________<br>

&gt; Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

&gt; Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

&gt; FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>

&gt;<br>

&gt;<br>

<br>

<br>

______________________________________________________________________________<br>

Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>

<br>

</blockquote></div>