[syslog-ng] redirect output using symbolic links

Fegan, Joe Joe.Fegan at hp.com
Thu May 8 10:56:49 CEST 2008 

When you call open on a symbolic link the handle you get back is to the *target*
of the link, not to the link itself. So data will continue to go to the old file
until the app (syslog-ng) closes its existing handle and opens the link by name
again. The new open call will follow the link and return a handle to the new target
and then you'll be in business.

So after modifying the link you will need to ensure that syslog-ng closes its
existing handles and opens new ones and I believe that -HUP is the way to do that.

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Geller, Sandor (IT)
Sent: 08 May 2008 08:15
To: 'Syslog-ng users' and developers' mailing list'
Subject: Re: [syslog-ng] redirect output using symbolic links

Hi,

> Howdy all!
>
> If syslog-ng is configured to send messages to a particular
> file, which
> is a symbolic link, and I relink to a new file, do I need to
> send a HUP
> signal to syslog-ng before I relink?

Well, it depends... syslog-ng keeps busy destinations open, so it
might happen that it will continue to log to the same file as the
symlink will dereferenced only when syslog-ng opens the file. This
means that the fd of the symlink's target would used during the
logging.

When the destination isn't busy, syslog-ng closes the file and
reopens it later when needed, so this time it will dereference the
symlink again. Refer to the time_reap option if interested although
I don't think this is what you're after.

Back to your original question right now there is no way to use a
part of the message itself as the destination filename. You could
use a regexp in a filter and later refer to the matched parts, but
only in the template used in the log{} section.

I'm not sure about the upcoming release, maybe Bazsi could provide
exact information.

regards,

Sandor
--------------------------------------------------------

NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list