On Wed, 2009-03-25 at 10:04 -0700, Dan Gunter wrote:
Hi,
I am having trouble getting the new file wildcard option to work. I am testing it with the following very simple file-to-file configuration:
@version: 3.0 options { time_sleep(500); # polling interval, in ms (make this once per second) use_fqdn(yes); # use fully qualified domain names ts_format(iso); # use ISO8601 timestamps # for normal load flush_lines (10); # number of lines to buffer before writing to disk flush_timeout (1000); # 1 second timeout log_fifo_size(100); stats_freq(3600); # number of seconds between syslog-ng internal stats events; these are useful # for ensuring syslog-ng is not getting overloaded }; # Debugging source syslog_ng { internal(); }; destination debug_dest { file("/u/dang/local/var/log/syslog-ng- internal.log" perm(0644) ); }; log { source(syslog_ng); destination(debug_dest); }; # Other source simple_src { file("/u/dang/local/var/log/myfile.log" follow_freq(1) flags(no-parse) program_override("my_log ") ); }; source test_src { file ("/u/dang/local/var/log/test*.log" follow_freq(1) flags(no-parse) program_override("test_log ") ); }; destination test_dest { file ("/u/dang/local/var/log/collected.log" perm(0644) ); }; log { source(simple_src); destination(test_dest); }; log { source(test_src); destination(test_dest); };
The behavior I am seeing is that anything appended to the static file "myfile.log" shows up in "collected.log" a second later. But new files of the pattern "test-1.log", etc. are never forwarded, and if there are existing files of this name at startup they are ignored. The internal log says:
2009-03-25T10:02:20-07:00 host.org syslog-ng[29624]: Follow-mode file source not found, deferring open; filename='/u/dang/local/var/log/ test*.log' 2009-03-25T10:02:20-07:00 host.org syslog-ng[29626]: syslog-ng starting up; version='3.0.1'
My syslog-ng version is:
-bash-3.1$ syslog-ng -V syslog-ng 3.0.1 Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng- ose--mainline--3.0#master#93a342dae3a2b0cb15811d0c34ea7f58b3fba14e Compile-Date: Mar 25 2009 09:08:54 Enable-Threads: off Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-Sun-STREAMS: off Enable-Sun-Door: off Enable-IPv6: on Enable-Spoof-Source: off Enable-TCP-Wrapper: on Enable-SSL: on Enable-SQL: off Enable-Linux-Caps: off Enable-Pcre: off
Currently the wildcard based file monitoring is only part of the Premium Edition, sorry. The Open Source edition can only read individual files, and you need to specify the full pathname, you cannot use globbing. -- Bazsi