Previously there were some discussion to add size_limit option to the file destination driver.
options { file_size_limit(123456); }; destination log1 { file("/var/log/log1.log" size_limit(456789)); };
I've just compiled syslog-ng 3.3.4, and received a syntax error when trying to use these options. Are there any plans to add this option to syslog-ng in the future? Can the patch that was previously attached, be applied to 3.3.4 source? -Thank You, Gene Mat
On 2011-07-25 20:03, Gergely Nagy wrote:
On Mon, Jul 25, 2011 at 19:58, Sergei Zhirikov<sfzhi at yahoo.com> wrote:
I have a patch that does something of that kind. When the log file grows above certain size syslog-ng switches to a new one and renames the old one. Further processing (such as compression) should be done externally.
I posted that patch in this list quite some time ago, but as far as I can tell, it went unnoticed...
Can you please post it again? I'd love to have a look.
Attached. The patch is against syslog-ng-3.1.4, but the idea is pretty straight forward, so I don't expect it to be difficult to port to a newer version.
The patch introduces two new configuration options: 'file_size_limit' to be used inside global 'options' and 'size_limit' to be used inside 'file' destination. Each option specifies log file size limit in bytes. If the global option is set to a value greater than zero it applies to all 'file' destinations. A particular file destination can remove the limit by setting it to zero. For example:
# set the global file size limit options { file_size_limit(123456); };
# set a different size limit for a particular file destination destination log1 { file("/var/log/log1.log" size_limit(456789)); };
# remove size limit for a particular file destination # (useful only if there is a global size limit set) destination log2 { file("/var/log/log2.log" size_limit(0)); };
The file size is checked after writing each log message and if the file has grown up to or above the size limit the file is renamed and a new empty file is created to continue logging to. The name format the "overgrown" log file is renamed to is "<p>-<s>.<m>-<r>", where <p> - the full path and name of the original log file, <s> - current time in UNIX format (seconds since Jan 1, 1970), <m> - fractional part of the current time (microseconds, 6 digits), <r> - a random number (10 digits).
The intended use is to have incrond or another similar mechanism to detect when there is a new "renamed" log file and to process it in whatever way necessary (gzip it, parse it, send it my email, etc.).
-- Sergei.
Gene Mats <genemats@gmail.com> writes:
I've just compiled syslog-ng 3.3.4, and received a syntax error when trying to use these options.
Are there any plans to add this option to syslog-ng in the future?
Yep, it's on my todo list, albeit not near the top. The problem is that to do this kind of thing sanely, some refactoring must be done in the source code first, and that's not been done yet.
Can the patch that was previously attached, be applied to 3.3.4 source?
It should apply, but if it doesn't, the conflicts will probably be fairly trivial. I'll see if I can find some time to update the patch for 3.3.4. -- |8]
participants (2)
-
Gene Mats
-
Gergely Nagy