[syslog-ng] Tailing a file
maillists0 at gmail.com
maillists0 at gmail.com
Thu Jan 13 19:32:38 CET 2011
I need to tail a bunch of application logs that aren't in syslog
format and send them to a remote server. I've configured this:
source s_tail { file(/var/log/chaotic_debug_log follow_freq(1)
flags(no-parse)); };
destination remote { tcp("my_syslogserver.com" port(514)); };
log { source(s_tail); destination(remote); };
syslog-ng starts successfully and doesn't complain, but nothing
happens... no logs appear remotely. I did a tcpdump on the syslog
server and nothing is showing up from this box, so I did an strace on
syslog-ng and didn't see the log files being opened. Running lsof on
those files didn't show anything but the writing program. syslog-ng
just isn't reading the files. Is something wrong with my config? How
might I troubleshoot this? The syslog-ng version is 2.1.4 on CentOS
5.4.
Also, to have syslog tail multiple files, do I just add multiple
entries, like this?
source s_tail { file(/var/log/chaotic_debug_log1 follow_freq(1)
flags(no-parse)); };
source s_tail { file(/var/log/chaotic_debug_log2 follow_freq(1)
flags(no-parse)); };
source s_tail { file(/var/log/chaotic_debug_log3 follow_freq(1)
flags(no-parse)); };
Any help is appreciated. Thanks!
More information about the syslog-ng
mailing list