[syslog-ng] Syslog stop fordward
Balazs Scheidler
bazsi@balabit.hu
Thu, 17 Feb 2000 13:08:49 +0100
> I loging a web server to a log-machine so I put the next configuration in
> the web server:
> ----------------
> options { sync(0); time_reopen(10); log_fifo_size(100); };
>
> source local { sun-stream("/dev/log" door("/etc/.syslog_door")); };
> source syslog { internal(); };
> source rincon { file("/www/logs/rincon-access.log"); };
>
> destination brezo { tcp("150.244.9.2" port(514)); };
>
> log { source(rincon); destination(brezo); };
> -----------------------------------------------
The file source driver tries to read the given file. If it contains
something when opened, the whole contents is read again. Maybe I should add
code to seek to the end of file. This driver is primarily used for reading
kernel messages from /proc/kmsg.
> 1)Everytime I run the syslog-ng in the web server, process all the file,
> instead only the appending lines. Who can I chage this?
try this patch:
--- affile.c 2000/02/13 16:24:01 1.27
+++ affile.c 2000/02/17 12:07:52
@@ -88,6 +90,7 @@
if (do_open_file(self->name, O_RDONLY | O_NOCTTY | O_NONBLOCK, 0, 0, 0, &fd)) {
struct resource_node *res;
+ lseek(fd, 0, SEEK_END);
self->src = io_read(make_io_fd(cfg->backend, fd),
make_log_reader(0, c),
NULL);
>
> 2)Why the daemon stops writting in the log-server's file? It's a problem
> with big files? The origin file is about 8Mb and it grow to 11Mb due the
> header of the syslog-ng. There is some limit?
I don't know. I'll have to check this.
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
url: http://www.balabit.hu/pgpkey.txt