Disconnected access/tailing real files/web interface
Hello. I would like to centralise logs from many different hosts into one place. It's possible that the network connectivity between the log server and the hosts is not reliable. Therefore: 1. Can I get syslog-ng to send new log entries once it can see the central log server again? I would also like to centralise logs from non-syslog programs such as some big database apps. 2. Can syslog-ng work similarly to tail -f logging to the central server? And finally (but least importantly).. 3. Does anyone know a good web interface for viewing or searching the files from a web interface? The logs must remain as files, not be put in a mysql database. Thanks, jbj
On Thu, 2007-02-22 at 14:00 +0100, J Bridge wrote:
Hello. I would like to centralise logs from many different hosts into one place.
It's possible that the network connectivity between the log server and the hosts is not reliable. Therefore: 1. Can I get syslog-ng to send new log entries once it can see the central log server again?
syslog-ng is buffering messages in its memory based buffer and send messages once the connectivity is restored. You can control the size of the memory buffer using log_fifo_size().
I would also like to centralise logs from non-syslog programs such as some big database apps. 2. Can syslog-ng work similarly to tail -f logging to the central server?
Yes. syslog-ng 2.0 can do this, however it currently does not record the current file position accross restarts.
And finally (but least importantly).. 3. Does anyone know a good web interface for viewing or searching the files from a web interface? The logs must remain as files, not be put in a mysql database.
You'll have problems viewing large files on a web interface without a database. -- Bazsi
On Thu, 2007-02-22 at 21:29 +0100, Balazs Scheidler wrote:
On Thu, 2007-02-22 at 14:00 +0100, J Bridge wrote:
2. Can syslog-ng work similarly to tail -f logging to the central server?
Yes. syslog-ng 2.0 can do this, however it currently does not record the current file position accross restarts.
As of today, I've commited the final bits, so that tailing files is actually usable. Configure it something like this: source s_tail { file("/var/log/apache/access.log" follow_freq(1) flags(no-parse)); }; This means that syslog-ng * reads the access.log file (starting with the first line), * checks every 1 second to see if there are new records * notices when access.log gets renamed and a new file is put to its place (e.g. logrotate) * remember the last file position accross restarts You need tomorrow's snapshot for this to work. -- Bazsi
participants (2)
-
Balazs Scheidler
-
J Bridge