[syslog-ng] Example 3.4. Script to feed a growing logfile into syslog-ng
Balazs Scheidler
bazsi at balabit.hu
Fri Jul 25 09:34:59 CEST 2008
On Thu, 2008-07-24 at 16:10 -0400, Chris Pratt wrote:
> Thanks for your suggestion. This is for Tomcat. Unfortunately I am
> stuck reading from the log because the syslog appender in the log4j
> version on our app does not capture stack traces while the file
> appenders do. In other cases we want to capture garbage collections
> which are only written to stdout. I tried sending my file appends to
> /dev/log but that didn't work so I am stuck trying to read from files.
> Only my central log server runs syslog-ng. All of my Tomcat hosts just
> use syslogd and send *.* @mylogserver. Otherwise I'd probably try #
> source s_tail { file("log.log" follow_freq(1) flags(no-parse)); }; to
> see if it kept it in order any better.
>
> What I could really use is a logger that has the ability to read and
> forward to syslog the existing timestamp...
syslog-ng could that if it was running on the client hosts too.
but otherwise what about this dirty trick:
tail -f <logfile> | sed -e 's/^/<133>/' | nc syslog-server 514
If the timestamps are otherwise in syslog-ng processable format, the
above scriptlet would work.
The sed sets local6.notice as a priority.
However the difficult part is in doing the "tail -f" part robust enough,
but I guess you achieved that already.
--
Bazsi
More information about the syslog-ng
mailing list