[syslog-ng] Following a file to generate one syslog message per appended line
Terry Burton
tez at terryburton.co.uk
Tue Jul 17 15:21:43 CEST 2012
Hi,
I am looking to use syslog-ng to follow a file and create one syslog
UDP message for each line that is appended to the file.
So far I have the following, however this will put multiple lines into
a single syslog message when they arrive together:
source s_tail_snort { file("/srv/snort/snort.fast" flags(no-parse) ); };
destination to_splunk { udp("143.210.16.141" port(1514) template("$MSG\n")); };
log {source(s_tail_snort); destination(to_splunk); flags(flow-control); };
I have tried adding log_fetch_limit(1) to the source and
flush_lines(1) to the destination, but I still get multiple lines per
syslog message:
source s_tail_snort { file("/srv/snort/snort.fast" flags(no-parse)
log_fetch_limit(1) ); };
destination to_splunk { udp("143.210.16.141" port(1514)
template("$MSG\n") flush_lines(1)); };
log {source(s_tail_snort); destination(to_splunk); flags(flow-control); };
Am I missing something simple?
Thanks,
Terry
More information about the syslog-ng
mailing list