thks
but i want the change bee sent in (real time) if we can use this term
because follow_freq(1) means that syslog need to check tchangee in the fie every 1 second
is there any way to make it 0 second ====> detect changes in the apache error log as they happen
thks

2009/3/10 Balazs Scheidler <bazsi@balabit.hu>

On Mon, 2009-03-09 at 02:36 +0100, gatfi sami wrote:
> hi i am using syslog-ng 2.0.9.1 on open suse 11.0
>
> i configured this littele script in /etc/syslog-ng/syslog-ng.conf
>
> source my_src { file("/var/log/apache2/error_log"); };
>
> #filter my_filter { };
>
> destination my_dest{ file("/var/log/Sami/$HOST/messages"
> owner("root") group("root") perm(0640) dir_perm(0750)
> create_dirs(yes));
> };
>
> log { source(my_src); #filter(my_filter);
> destination(my_dest); };
> the problem is when i restart apache2 while using the tail
> -f /var/log/Sami/$HOST/messages
>
> nothing happens i have to restart syslog-ng to see those errors
>
> by the way i stoped the apparmor to avoid a permission denied on the
> destination driver

Since you are using 2.0, you need to explicitly specify for syslog-ng
that you want to poll the file for changes. You can do this via the
follow-freq() option, e.g.

file("/var/log/apache2/error_log" follow_freq(1));

In 3.0, the default value for follow_freq() for regular files is 1
seconds, so you wouldn't have to specify it explicitly.

--
Bazsi

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html