[syslog-ng] Redirecting logs and UDP issues
Sandor Geller
Sandor.Geller at morganstanley.com
Fri Sep 2 15:47:02 CEST 2011
Hello,
On Thu, Sep 1, 2011 at 5:42 PM, Aldrich, Jamie S <JSAldrich at pier1.com> wrote:
> Maybe I am misunderstanding the messages. Is it possible to redirect a symlink log file to a server? This is the section in syslog-ng.conf that should be handling this, but does not appear to work.
>
> # Setup for PeopleSoft logs to transmit to Loglogic
>
> source s_file {
> file("/tmp/APPSRV_current.LOG" flags(no-parse));
> };
You're using syslog-ng 2.1.4 where follow_freq() has to get added
otherwise syslog-ng will read to the EOF and won't try to read further
even when meanwhile new messages were written to the file (and
probably it won't even notice when the underlying file has changed, I
don't remember from the top of my head).
https://bugzilla.balabit.com/show_bug.cgi?id=43 applies to you, using
follow_freq() causes that syslog-ng 2.1 might enter a busy loop...
Unless you want to patch syslog-ng 2.1.4 it is strongly recommended to
migrate to a newer release (3.2.x) which is free of this bug. In
addition in 3.2.x releases follow_freq() defaults to 1.
> destination d_messages{
> udp("10.13.33.11" port(514) log_fifo_size(900000000));
> };
That log_fifo_size setting is huge, it controls how many *complete
messages* syslog-ng will buffer when it can't send the logs to the
given destination. I'd reduce it to a few thousands.
regards,
Sandor
More information about the syslog-ng
mailing list