filter aaa { match ("aaa"); }; destination aaa { program ("/usr/bin/mail -s WARN user"); }; log { source(src); filter (aaa); destination(aaa); };
When I run logger: # logger aaaIIII in messages file I have: Apr 5 13:06:26 src@host syslog-ng[1627]: io.c: do_write: write() failed (errno 32), Broken pipe
What does it mean ? It happen from time to time, not always.
probably the mail program exits for some reason... you may try to write a wrapper script sending logs in a batch, e.g.:
repeat while something is available: read 100 lines, mail it loop
maybe mail can't read messages exceeding some limit in size.
When I run: # logger aaa I can see (ps ax), that mail is waiting for something. # strace -p <pid of mail> read(0, <CTRL>C #
It looks like mail is waiting for something to finish (<CTRL>C means pressing CTRL+C).
Of course it's waiting for something, the body of the message. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt