[syslog-ng] file() source, facility, priority and new events only,
Hari Sekhon
hpsekhon at googlemail.com
Mon Jun 9 14:39:22 CEST 2008
Hi,
I'm using the file() source to include logs from an application that
doesn't do syslog (heresy! :-) ). It looks like it's logging the thing
under the kern facility.
I've been through the admin manual v2 and cannot see any way to change
the facility and priority that it marks the source as. My current source
looks like this:
source s_app_name{
file( "/path/to/app.log"
log_prefix("App Name: ")
flags(no-parse) )
; };
Also, the app.log is quite big and syslog-ng has gone and taken the
whole thing and inserted it into syslog with the current timestamp. I'd
like to know if there is a tail -n 0 type switch to tell it to take only
things that have been appended since it has started watching the file.
Can this be done?
I wrote a script that basically tails to logger which does all these
things but I'd rather use the file() source if I can get these niggles
working the way I want. I'm running syslog-ng 2.0.6.
-h
--
Hari Sekhon
More information about the syslog-ng
mailing list