I loging a web server to a log-machine so I put the next configuration in the web server: ---------------- options { sync(0); time_reopen(10); log_fifo_size(100); };
source local { sun-stream("/dev/log" door("/etc/.syslog_door")); }; source syslog { internal(); }; source rincon { file("/www/logs/rincon-access.log"); };
destination brezo { tcp("150.244.9.2" port(514)); };
log { source(rincon); destination(brezo); }; -----------------------------------------------
The file source driver tries to read the given file. If it contains something when opened, the whole contents is read again. Maybe I should add code to seek to the end of file. This driver is primarily used for reading kernel messages from /proc/kmsg.
1)Everytime I run the syslog-ng in the web server, process all the file, instead only the appending lines. Who can I chage this?
try this patch: --- affile.c 2000/02/13 16:24:01 1.27 +++ affile.c 2000/02/17 12:07:52 @@ -88,6 +90,7 @@ if (do_open_file(self->name, O_RDONLY | O_NOCTTY | O_NONBLOCK, 0, 0, 0, &fd)) { struct resource_node *res; + lseek(fd, 0, SEEK_END); self->src = io_read(make_io_fd(cfg->backend, fd), make_log_reader(0, c), NULL);
2)Why the daemon stops writting in the log-server's file? It's a problem with big files? The origin file is about 8Mb and it grow to 11Mb due the header of the syslog-ng. There is some limit?
I don't know. I'll have to check this. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt