-----BEGIN PGP SIGNED MESSAGE----- Hi I loging a web server to a log-machine so I put the next configuration in the web server: ---------------- options { sync(0); time_reopen(10); log_fifo_size(100); }; source local { sun-stream("/dev/log" door("/etc/.syslog_door")); }; source syslog { internal(); }; source rincon { file("/www/logs/rincon-access.log"); }; destination brezo { tcp("150.244.9.2" port(514)); }; log { source(rincon); destination(brezo); }; ----------------------------------------------- The log-server has this config-file: ----------------------------------------------- options { sync(10); time_reopen(10); log_fifo_size(100); }; source local { internal(); }; source red { tcp(); }; destination rincon { file("/var/log/filer/rincon-access.log"); }; filter rincon { host(limonero) and match(HTTP/1); }; log { source(red); destination(rincon); }; ------------------------------------------------------ When I run with this configuration, te log-server stops to write lines in the file when fifo size is full (I think) so I increase the fifo size to 1000 first and to 150000 later. The destination file grown but seems no be sort by date as the source and finally stops the write lines (but the daemon is OK). Two things: 1)Everytime I run the syslog-ng in the web server, process all the file, instead only the appending lines. Who can I chage this? 2)Why the daemon stops writting in the log-server's file? It's a problem with big files? The origin file is about 8Mb and it grow to 11Mb due the header of the syslog-ng. There is some limit? Thanks -- "Making predictions is difficult, particularly about the future" Niels Bohr ------------------------------------------------------------------------ Victor Barahona..........................http://www.sdi.uam.es/~barahona Soporte Seguridad en red.................http://www.sdi.uam.es/utc/ss Unidad Tecnica de Comunicaciones Universidad Autonoma de Madrid Tlf.- 91 397 5525 PGP ID-0x8750AB79 ------------------------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: DwGwcnUdWLU9WfN4xS9DVnhJ0deLgA1M iQA/AwUBOKrOekoW8ByHUKt5EQICpgCfWBkBFnAR+/iGjZSTBX8vFqdBBRkAoIpq A9+ShW9YEy1RbygI+P8Yzfyb =6Ii6 -----END PGP SIGNATURE-----
I loging a web server to a log-machine so I put the next configuration in the web server: ---------------- options { sync(0); time_reopen(10); log_fifo_size(100); };
source local { sun-stream("/dev/log" door("/etc/.syslog_door")); }; source syslog { internal(); }; source rincon { file("/www/logs/rincon-access.log"); };
destination brezo { tcp("150.244.9.2" port(514)); };
log { source(rincon); destination(brezo); }; -----------------------------------------------
The file source driver tries to read the given file. If it contains something when opened, the whole contents is read again. Maybe I should add code to seek to the end of file. This driver is primarily used for reading kernel messages from /proc/kmsg.
1)Everytime I run the syslog-ng in the web server, process all the file, instead only the appending lines. Who can I chage this?
try this patch: --- affile.c 2000/02/13 16:24:01 1.27 +++ affile.c 2000/02/17 12:07:52 @@ -88,6 +90,7 @@ if (do_open_file(self->name, O_RDONLY | O_NOCTTY | O_NONBLOCK, 0, 0, 0, &fd)) { struct resource_node *res; + lseek(fd, 0, SEEK_END); self->src = io_read(make_io_fd(cfg->backend, fd), make_log_reader(0, c), NULL);
2)Why the daemon stops writting in the log-server's file? It's a problem with big files? The origin file is about 8Mb and it grow to 11Mb due the header of the syslog-ng. There is some limit?
I don't know. I'll have to check this. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt
participants (2)
-
Balazs Scheidler
-
Victor Barahona