[syslog-ng] feature request?: monitor open logs for deletion/rename
Patrick Hemmer
syslogng at stormcloud9.net
Thu Jul 12 14:18:48 CEST 2012
Sent: Thu Jul 12 2012 07:07:44 GMT-0400 (EDT)
From: Balazs Scheidler <bazsi77 at gmail.com>
To: Syslog-ng users' and developers' mailing list
<syslog-ng at lists.balabit.hu>, Gergely Nagy <algernon at balabit.hu>
Subject: Re: [syslog-ng] feature request?: monitor open logs for
deletion/rename
>
> ----- Original message -----
> > Balazs Scheidler <bazsi77 at gmail.com <mailto:bazsi77 at gmail.com>> writes:
> >
> > > no need to use inotify for this. merely stating the file regularly
> > > should indicate the new file with a changed inode number.
> >
> > But inotify has the benefit of not needing regular polls, and immediate
> > notification when files change. I wouldn't want it for performance,
> > because it wouldn't give a noticable boost in this case. I like inotify
> > better in this case because of responsiveness, and effectiveness.
> >
> > For example, if my low-power system is happily idling, I'd rather not
> > have syslog-ng regularly stat files and wake up the disk. However, if
> > the kernel signals us that hey, this stuff here changed, that's much
> > more efficient.
> >
> > Sadly, I don't have such a system where it would make any difference,
> > but still! :P
>
> sorry I may have put that a bit easy to misunderstand. I meant that we
> can issue a stat before each write. No need to start separate polling.
> Syslog-ng has woken up in that case anyway.
>
I'd throw in support on this idea. The only downside I can see is if a
log was rotated, the file handle wont be closed until the next write (so
it'll still consume space on the filesystem), but syslog-ng will close
the file after its been sitting idle for a while, so that might be good
enough.
-Patrick
More information about the syslog-ng
mailing list