[syslog-ng] source file wildcard problems

Dan Gunter dkgunter at lbl.gov
Wed Mar 25 18:04:44 CET 2009 

Hi,

I am having trouble getting the new file wildcard option to work. I am  
testing it with the following very simple file-to-file configuration:

@version: 3.0
options {
    time_sleep(500);  # polling interval, in ms (make this once per  
second)
    use_fqdn(yes);    # use fully qualified domain names
    ts_format(iso);   # use ISO8601 timestamps
    # for normal load
    flush_lines (10); # number of lines to buffer before writing to disk
    flush_timeout (1000); # 1 second timeout
    log_fifo_size(100);
    stats_freq(3600);  # number of seconds between syslog-ng internal  
stats events; these are useful
                       # for ensuring syslog-ng is not getting  
overloaded
};
# Debugging
source syslog_ng { internal(); };
destination debug_dest { file("/u/dang/local/var/log/syslog-ng- 
internal.log" perm(0644) ); };
log { source(syslog_ng); destination(debug_dest); };
# Other
source simple_src { file("/u/dang/local/var/log/myfile.log"  
follow_freq(1) flags(no-parse) program_override("my_log ") ); };
source test_src { file ("/u/dang/local/var/log/test*.log"  
follow_freq(1) flags(no-parse) program_override("test_log ") ); };
destination test_dest { file ("/u/dang/local/var/log/collected.log"  
perm(0644) ); };
log { source(simple_src); destination(test_dest);  };
log { source(test_src); destination(test_dest);  };

The behavior I am seeing is that anything appended to the static file  
"myfile.log" shows up in "collected.log" a second later. But new files  
of the pattern "test-1.log", etc. are never forwarded, and if there  
are existing files of this name at startup they are ignored. The  
internal log says:

2009-03-25T10:02:20-07:00 host.org syslog-ng[29624]: Follow-mode file  
source not found, deferring open; filename='/u/dang/local/var/log/ 
test*.log'
2009-03-25T10:02:20-07:00 host.org syslog-ng[29626]: syslog-ng  
starting up; version='3.0.1'

My syslog-ng version is:

-bash-3.1$ syslog-ng -V
syslog-ng 3.0.1
Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng- 
ose--mainline--3.0#master#93a342dae3a2b0cb15811d0c34ea7f58b3fba14e
Compile-Date: Mar 25 2009 09:08:54
Enable-Threads: off
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: off
Enable-Sun-Door: off
Enable-IPv6: on
Enable-Spoof-Source: off
Enable-TCP-Wrapper: on
Enable-SSL: on
Enable-SQL: off
Enable-Linux-Caps: off
Enable-Pcre: off

Any help or tips would be appreciated.

Thanks,

-Dan

More information about the syslog-ng mailing list