[syslog-ng] monitoring SQL-Server-ERRORLOG

Balazs Scheidler bazsi at balabit.hu
Wed Jul 14 11:24:51 CEST 2010 

On Mon, 2010-06-07 at 16:28 +0200, Schöppel Marcus wrote:
> Hi all at syslog-ng-mailing-list!
> 
>  
> 
> I’m trying to monitor the MSSQLServer ERROR-logfile but
> 
> I get a logentry for every single letter that is added to the logfile:
> 
>  
> 
> ->
> 
> May 18 13:57:40 test mssql: L
> May 18 13:57:40 test mssql: o
> May 18 13:57:40 test mssql: g
> May 18 13:57:40 test mssql: i
> May 18 13:57:40 test mssql: n
> May 18 13:57:40 test mssql:  
> May 18 13:57:40 test mssql: f
> May 18 13:57:40 test mssql: a
> May 18 13:57:40 test mssql: i
> May 18 13:57:40 test mssql: l
> May 18 13:57:40 test mssql: e
> May 18 13:57:40 test mssql: d
> <-
> 
>  
> 
> This seems to stem from the encoding of the file (UTF-16LE) because
> 
> with other logfiles this problem doesn’t arise.
> 
> I suppose it would help if the “encoding”-Parameter of the file-source
> would work
> 
> but syslog-ng/cygwin (Version 3.0.1) won’t start when I add it no
> matter which encoding I use.
> 
>  
> 
> I tried this workaround-cronjob:
> 
> -      copy file somewhere
> 
> -      convert to UTF-8 using iconv
> 
> -      give the same timestamp to the converted logfile
> 
> so that syslog-ng doesn’t transfer the whole file again
> 
> -      monitoring the converted file with syslog-ng
> 
> This doesn’t work completely correct as despite assigning the same
> timestamp
> 
> the whole file is sometimes transferred again (and not just the new
> 
> entries).
> 
>  
> 
> Is this problem (following this UTF-16LE-Windowsfile (easily))
> 
> not resolvable by using the cygwin-version of syslog-ng??

hmm.. I haven't used the cygwin version myself. Does it even accept the
encoding() option, or reject it as a syntax error?

If syslog-ng can be convinced to accept that option, it should
definitely work.

> 
> Or am I maybe using a wrong encoding spelling?

Again, can you post your configuration sample?

> 
> Does it work using the commercial windows-version of the agent?

Not right now, the agent can only read plain text files, which it
converts from the local encoding (something like Windows-1250) to UTF8
when it sends it to the server.

However this feature is on our longer term roadmap (e.g. not yet
scheduled for an actual release).

-- 
Bazsi

More information about the syslog-ng mailing list