On Thu, 2008-07-24 at 16:10 -0400, Chris Pratt wrote:
Thanks for your suggestion. This is for Tomcat. Unfortunately I am stuck reading from the log because the syslog appender in the log4j version on our app does not capture stack traces while the file appenders do. In other cases we want to capture garbage collections which are only written to stdout. I tried sending my file appends to /dev/log but that didn't work so I am stuck trying to read from files. Only my central log server runs syslog-ng. All of my Tomcat hosts just use syslogd and send *.* @mylogserver. Otherwise I'd probably try # source s_tail { file("log.log" follow_freq(1) flags(no-parse)); }; to see if it kept it in order any better.
What I could really use is a logger that has the ability to read and forward to syslog the existing timestamp...
syslog-ng could that if it was running on the client hosts too. but otherwise what about this dirty trick: tail -f <logfile> | sed -e 's/^/<133>/' | nc syslog-server 514 If the timestamps are otherwise in syslog-ng processable format, the above scriptlet would work. The sed sets local6.notice as a priority. However the difficult part is in doing the "tail -f" part robust enough, but I guess you achieved that already. -- Bazsi