[syslog-ng] syslog-ng Message Deliver Acknowledgment and Action

[Tamayo, Andres]

Hello,

I am new at using syslog-ng and I was hoping someone in the developers mailing list would be able to help me.

I am trying to use a syslog-ng client daemon and a syslog-ng server daemon to implement an audit message system but I cannot find information that would help me configure the daemons for my particular scenario.

Here is my scenario:

I have a separate audit daemon that generates log messages that are written to an audit log file in syslog format.  I need the syslog-ng client to read the logs in the audit log file and send them to the syslog-ng server.  When the server has received the messages, I need some acknowledgment from the syslog-ng client, so my other audit daemon can remove the submitted log messages from the audit log file (preventing it from reaching maximum capacity).

My scenario does not have to be setup exactly this way if there are better ways to achieve the same result.  Basically, I need to keep all logs that have not yet being sent to the syslog-ng server in an audit file.  When the messages are delivered to the syslog-ng server, I need to delete them from the audit file.

Can someone tell me if I can achieve this results using syslog-ng daemons?  Is there a better way to implement my scenario.

Thank you for your help in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20131106/0bb0f40f/attachment.htm