Sent: Martedì 7 Settembre 2010 19.42.52
From: Matthew Hall <mhall@mhcomputing.net>
To: Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu>
Subject: Re: [syslog-ng] Buffering AF_UNIX Destination, Batch Post Processing Messages
Syslog-ng will queue all the destination messages until the oldest 
message is 60 seconds old, and then flushes them all out at once.
    

This part is tricky. How do I tell if I have received all the messages? 
How do I know when I have hit the end of the batch? Is it possible to 
have the daemon insert a marker message, or is there some other way I 
can check for this?
I do not believe there is an elegant way. Best idea I can come up with is to put a timeout on the receiving end so that when it goes quiet for more than X seconds or whatnot, it sees that as end of batch.
You might be able to request that the mark option be allowed for non-local destinations. Basically that would allow you to set a mark of 1 second, and when you receive 2 mark messages back-to-back, that would be end-of-batch (would basically mean there was no data in between).
Thanks,
Matthew.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html