[syslog-ng] feature request?: monitor open logs for deletion/rename
Lennert Buytenhek
buytenh at wantstofly.org
Thu Jul 12 11:54:09 CEST 2012
On Thu, Jul 12, 2012 at 11:22:12AM +0200, Balazs Scheidler wrote:
> no need to use inotify for this. merely stating
> the file regularly should indicate the new file
> with a changed inode number.
I have a 80%ish finished ivykis module (called
iv_path_watch) that seems useful for this -- you
hand it a path name, and it will call your
callback if the path's contents may have changed.
If inotify is available, it will use that,
otherwise it will just periodically stat the
path, which is basically the same idea as in
iv_event_raw, which uses eventfds or pipes
depending on which is available.
The inotify case is particularly tricky to get
100% right: you have to look for not just writes
to the file, but also for renames over the file,
but also, you have to detect renames of any
parent directories. And if your target is a
symlink, you have to invoke yourself recursively.
And then there are cases when inotify won't work
at all, for example if the target is on a network
filesystem. And then there's cases like chroot...
More information about the syslog-ng
mailing list