[syslog-ng] file() source, facility, priority and new events only,
Balazs Scheidler
bazsi at balabit.hu
Mon Jun 9 16:42:16 CEST 2008
On Mon, 2008-06-09 at 13:39 +0100, Hari Sekhon wrote:
> Hi,
>
> I'm using the file() source to include logs from an application that
> doesn't do syslog (heresy! :-) ). It looks like it's logging the thing
> under the kern facility.
>
> I've been through the admin manual v2 and cannot see any way to change
> the facility and priority that it marks the source as. My current source
> looks like this:
>
> source s_app_name{
> file( "/path/to/app.log"
> log_prefix("App Name: ")
> flags(no-parse) )
> ; };
>
> Also, the app.log is quite big and syslog-ng has gone and taken the
> whole thing and inserted it into syslog with the current timestamp. I'd
> like to know if there is a tail -n 0 type switch to tell it to take only
> things that have been appended since it has started watching the file.
> Can this be done?
If it finds a new file, it usually sends the complete file and then
follow it the same way you describe it, you only need to specify the
follow-freq(<number of seconds to poll>) option to the file.
It does not skip the contents already there, it records the current
position instead, and continues reading from there on.
>
> I wrote a script that basically tails to logger which does all these
> things but I'd rather use the file() source if I can get these niggles
> working the way I want. I'm running syslog-ng 2.0.6.
I can't remember when but I remember I had some patches against file
sources, so please check out the latest NEWS file for file source
related changes.
--
Bazsi
More information about the syslog-ng
mailing list