....
Just out of curiosity:
What is the intention of the line 'tcp( localip(127.0.0.1) port(514) );' ?
Which local logging messages are not processed if just using:
source local { unix-stream("/dev/log" max-connections(200)); file("/proc/kmsg" log_prefix("kernel: ")); internal(); };
We use multiple instances of syslog-ng on our systems to get logs from applications that can not syslog. We moved away from having the "system syslog" tail files and read pipes and placed this functionality into a separate syslog-ng that is started with and shutdown with the applications init scripts.
These other instances of syslog-ng have NO WAY to "syslog" files as the author has declined the suggestion of having a "syslog" destination in syslog-ng (I know, I can write a patch :-). Anyhow, the only way to get data back into the "system syslog" which is where the internal messages need to go, is to have some supported destination. We have been using a syslog port, but I think we will be moving to a pipe for security reasons.
I hope this is at least a little clear :-)
OK, I see .... We are using syslog-ng 2.0.5 and the file() driver to feed MySQL errors to syslog-ng. I think it's quite handy since syslog-ng preserves the last logfile position on syslog-ng restarts. Looks like this: source s_tail { file("/var/log/mysql.err" follow_freq(1) flags(no-parse)); }; Works very well for us. Regards, Andreas
-- Evan Rempel _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html