Hello, On Thu, Sep 1, 2011 at 5:42 PM, Aldrich, Jamie S <JSAldrich@pier1.com> wrote:
Maybe I am misunderstanding the messages. Is it possible to redirect a symlink log file to a server? This is the section in syslog-ng.conf that should be handling this, but does not appear to work.
# Setup for PeopleSoft logs to transmit to Loglogic
source s_file { file("/tmp/APPSRV_current.LOG" flags(no-parse)); };
You're using syslog-ng 2.1.4 where follow_freq() has to get added otherwise syslog-ng will read to the EOF and won't try to read further even when meanwhile new messages were written to the file (and probably it won't even notice when the underlying file has changed, I don't remember from the top of my head). https://bugzilla.balabit.com/show_bug.cgi?id=43 applies to you, using follow_freq() causes that syslog-ng 2.1 might enter a busy loop... Unless you want to patch syslog-ng 2.1.4 it is strongly recommended to migrate to a newer release (3.2.x) which is free of this bug. In addition in 3.2.x releases follow_freq() defaults to 1.
destination d_messages{ udp("10.13.33.11" port(514) log_fifo_size(900000000)); };
That log_fifo_size setting is huge, it controls how many *complete messages* syslog-ng will buffer when it can't send the logs to the given destination. I'd reduce it to a few thousands. regards, Sandor