[syslog-ng] Time slice destination files
Martin Holste
mcholste at gmail.com
Wed Jun 17 22:51:00 CEST 2009
The indexing system I'm writing will work best if it can read in syslog-ng
logs as regular files (as opposed to fifos, sockets or SQL). In order to
have multiple indexing workers going at the same time, I'm finding it
easiest if the output from syslog-ng can be divided into chunks like this:
destination d_file { file("/tmp/slices/$R_UNIXTIME.${.classifier.rule_id}"
template(t_db_parsed)); };
The workers index the chunks as syslog-ng spits them into the slices buffer
directory. This works pretty well, but I'm limited to tuning only between
one second intervals provided by $R_UNIXTIME, or minute, hour, etc.
intervals by concatenating other time macros together. Is there some way I
could get syslog-ng to spit out something lke 5 second slices? Also, will
syslog-ng know to close the file handle on a log slice when the $R_UNIXTIME
second has elapsed?
Thanks,
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090617/d89cb565/attachment.htm
More information about the syslog-ng
mailing list