[syslog-ng]syslog-ng NOT Reading source file, which grows.
HELP!
Balazs Scheidler
syslog-ng@lists.balabit.hu
Thu, 15 Jul 2004 18:24:07 +0200
On Tue, 2004-07-13 at 22:15, alex wrote:
> Hello,
>
> I have compiled syslog-ng (latest ver syslog-ng 1.6.4) on AIX 5.1 and
> have configured the client to send sudo logs to the centrilized
> server. The Network part is working fine, and I know my binary
> compiled OK.
> In addition to sudo activity logging I was going to send logs,
> produced by the other daemon--sudoscriptd--which logs all root shell
> activities to some predefined file on the same server (for testing)
> and later I will send it too. In my case: var/log/sudoscript. I was
> going to centrilized this one as well, but for now I can't figured out
> why syslog-ng is NOT READING from the source file.
> Also, I was trying: source sudo_scr {pipe("/var/log/sudoscript"); };
> - with no success.
syslog-ng as of 1.6.x uses the file source to read from special files
like /proc/kmsg to fetch kernel logs. the difference between /proc/kmsg
and a regular file that the latter does not support polling, which
syslog-ng currently requires.
the unfinished 1.9.x codebase supports "tail -f" like operation, but for
1.6.x you need to stick to "tail -f /var/log/sudoscript | logger"
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1