syslog-ng 2.1.4 - file sources are read only when reload or restart is performed?
Hi All ;) I am using a virtual machine with: Red Hat Enterprise Linux Server release 5.7 (Tikanga) Linux logserver01 2.6.18-274.el5 #1 SMP Fri Jul 8 17:36:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux syslog-ng 2.1.4 I have following configuration: ... 9 options { 10 create_dirs (yes); 11 dir_group (root); 12 dir_owner (root); 13 dir_perm (0700); 14 group (root); 15 owner (root); 16 perm (0600); 17 flush_lines(1); 18 flush_timeout (1000); 19 keep_hostname (yes); 20 log_fifo_size (1); 21 use_dns (no); 22 use_fqdn (no); 23 }; ... 39 source s_stdout { 40 # file ("/logs/stdout.log" flags(no-parse) follow_freq(1)); 41 file ("/logs/stdout.log" flags(no-parse)); 42 }; ... 61 destination d_stdout { file("/var/log/$YEAR$MONTH$DAY/stdout"); }; ... 80 log { source(s_stdout); destination(d_stdout); }; The problem is that changes in /logs/stdout.log are only visible in /var/log/20140717/stdout when I perform /etc/init.d/syslog-ng reload or restart. I tried several settings of flush_*, log_fifo_size and follow_freq but with no luck :D Is it a problem withe the version that I use (quite old :D ) or is there a mistake in my configuration maybe? BR, Rafal.
Hmm - the version shouldn't be the issue as far as I know. You might try tracing the syslog-ng process when the file source is appended to. Pretty basic I know - but it might give an indication of what is/is-not happening. Also - have you tried with "follow_freq" specified? Jim On 07/18/2014 04:14 AM, Rafa? Radecki wrote:
Hi All ;)
I am using a virtual machine with: Red Hat Enterprise Linux Server release 5.7 (Tikanga) Linux logserver01 2.6.18-274.el5 #1 SMP Fri Jul 8 17:36:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux syslog-ng 2.1.4
I have following configuration:
... 9 options { 10 create_dirs (yes); 11 dir_group (root); 12 dir_owner (root); 13 dir_perm (0700); 14 group (root); 15 owner (root); 16 perm (0600); 17 flush_lines(1); 18 flush_timeout (1000); 19 keep_hostname (yes); 20 log_fifo_size (1); 21 use_dns (no); 22 use_fqdn (no); 23 }; ... 39 source s_stdout { 40 # file ("/logs/stdout.log" flags(no-parse) follow_freq(1)); 41 file ("/logs/stdout.log" flags(no-parse)); 42 }; ... 61 destination d_stdout { file("/var/log/$YEAR$MONTH$DAY/stdout"); }; ... 80 log { source(s_stdout); destination(d_stdout); };
The problem is that changes in /logs/stdout.log are only visible in /var/log/20140717/stdout when I perform /etc/init.d/syslog-ng reload or restart. I tried several settings of flush_*, log_fifo_size and follow_freq but with no luck :D
Is it a problem withe the version that I use (quite old :D ) or is there a mistake in my configuration maybe?
BR, Rafal.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Hi, I can't remember when syslog-ng started to support following files properly, but that actually may have happened way past 2.1.x (3.0.x probably). I would strongly recommend to upgrade, supporting that ancient version (probably over a decade old) is not really feasible. Bazsi On Fri, Jul 18, 2014 at 10:14 AM, Rafał Radecki <radecki.rafal@gmail.com> wrote:
Hi All ;)
I am using a virtual machine with: Red Hat Enterprise Linux Server release 5.7 (Tikanga) Linux logserver01 2.6.18-274.el5 #1 SMP Fri Jul 8 17:36:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux syslog-ng 2.1.4
I have following configuration:
... 9 options { 10 create_dirs (yes); 11 dir_group (root); 12 dir_owner (root); 13 dir_perm (0700); 14 group (root); 15 owner (root); 16 perm (0600); 17 flush_lines(1); 18 flush_timeout (1000); 19 keep_hostname (yes); 20 log_fifo_size (1); 21 use_dns (no); 22 use_fqdn (no); 23 }; ... 39 source s_stdout { 40 # file ("/logs/stdout.log" flags(no-parse) follow_freq(1)); 41 file ("/logs/stdout.log" flags(no-parse)); 42 }; ... 61 destination d_stdout { file("/var/log/$YEAR$MONTH$DAY/stdout"); }; ... 80 log { source(s_stdout); destination(d_stdout); };
The problem is that changes in /logs/stdout.log are only visible in /var/log/20140717/stdout when I perform /etc/init.d/syslog-ng reload or restart. I tried several settings of flush_*, log_fifo_size and follow_freq but with no luck :D
Is it a problem withe the version that I use (quite old :D ) or is there a mistake in my configuration maybe?
BR, Rafal.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Bazsi
Thanks for the tip, I will try with newer version ;) BR, Rafal. 2014-07-18 12:56 GMT+02:00 Balazs Scheidler <bazsi77@gmail.com>:
Hi,
I can't remember when syslog-ng started to support following files properly, but that actually may have happened way past 2.1.x (3.0.x probably).
I would strongly recommend to upgrade, supporting that ancient version (probably over a decade old) is not really feasible.
Bazsi
On Fri, Jul 18, 2014 at 10:14 AM, Rafał Radecki <radecki.rafal@gmail.com> wrote:
Hi All ;)
I am using a virtual machine with: Red Hat Enterprise Linux Server release 5.7 (Tikanga) Linux logserver01 2.6.18-274.el5 #1 SMP Fri Jul 8 17:36:59 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux syslog-ng 2.1.4
I have following configuration:
... 9 options { 10 create_dirs (yes); 11 dir_group (root); 12 dir_owner (root); 13 dir_perm (0700); 14 group (root); 15 owner (root); 16 perm (0600); 17 flush_lines(1); 18 flush_timeout (1000); 19 keep_hostname (yes); 20 log_fifo_size (1); 21 use_dns (no); 22 use_fqdn (no); 23 }; ... 39 source s_stdout { 40 # file ("/logs/stdout.log" flags(no-parse) follow_freq(1)); 41 file ("/logs/stdout.log" flags(no-parse)); 42 }; ... 61 destination d_stdout { file("/var/log/$YEAR$MONTH$DAY/stdout"); }; ... 80 log { source(s_stdout); destination(d_stdout); };
The problem is that changes in /logs/stdout.log are only visible in /var/log/20140717/stdout when I perform /etc/init.d/syslog-ng reload or restart. I tried several settings of flush_*, log_fifo_size and follow_freq but with no luck :D
Is it a problem withe the version that I use (quite old :D ) or is there a mistake in my configuration maybe?
BR, Rafal.
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- Bazsi
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Balazs Scheidler
-
Jim Hendrick
-
Rafał Radecki