In theory you could enable file MARK generation in syslog-ng. This will cause --MARK-- or similar such text to be written to the log destinations on which it is enabled every X minutes. Then you can look for consecutive MARK which are free of intervening messages. It's all in the manual. Have a look and reply back if you need more info. The only catch could be if MARKs only work on network logging and not local logging. At which point you could check the mtimes on the file for the longest amount of time expected between messages. Good Luck, Matthew. On Saturday, November 06, 2010 14:27:28 Ben Tisdall wrote:
Hi all,
I'm setting up logging from ec2 instances that will get destroyed when they've finished their work. Most of the log sources use the file driver.
Assuming the application has itself finished writing logs, is there any way of determining, from the client end, when syslog-ng has finished reading all of them?
Regards,
Ben Tisdall Photobox _________________________________________________________________________ _____ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.campin.net/syslog-ng/faq.html
-- Matthew Hall