Hi, On Fri, Jun 10, 2011 at 9:20 PM, Mike Gracy <mike@idle-games.com> wrote:
I am trying to use syslog-ng to monitor some files and push anything added to the file out to a splunk instance. Everytime syslong-ng starts, there is a burst of traffic, but nothing after that. I've run it manually in debug mode to see if there is anything, but I don't get any output. I'm thinking there is an issue with the config file, but I'm not sure what the problem might be. I took the stock config file (as it comes from Ubuntu 10.04.2: syslog-ng 2.0.9-4.2) and added several sources, filters and log directives all going to one destination:
You need the follow_freq() option, in syslog-ng 2.x it isn't enabled by default for file sources. BTW 2.0.9 is quite an old an no longer supported version. Regards, Sandor