[syslog-ng] why i have to restart syslog to have the new apache log??
Balazs Scheidler
bazsi at balabit.hu
Wed Mar 11 08:27:19 CET 2009
On Wed, 2009-03-11 at 00:26 +0100, gatfi sami wrote:
> thks
> but i want the change bee sent in (real time) if we can use this term
> because follow_freq(1) means that syslog need to check tchangee in the
> fie every 1 second
> is there any way to make it 0 second ====> detect changes in the
> apache error log as they happen
> thks
Following the file is implemented by polling it every once in a while.
With syslog-ng 3.0 you can specify subsecond time resolution (e.g. 0.1
seconds)
Also, when syslog-ng detects that there are unsent messages in a file,
it sends several messages, not just one.
And syslog-ng does the file check every time something wakes it up (e.g.
udp/local process logging), so the 1second is the worst case scenario.
If you want even less latency, then configure apache to send its logs to
syslog. (google for apache & syslog, you'll find plenty of articles
describing that).
--
Bazsi
More information about the syslog-ng
mailing list