[syslog-ng] How to roll journald cursor in persist file
Matwey V. Kornilov
matwey.kornilov at gmail.com
Thu Jun 2 11:26:48 CEST 2016
31.05.2016 13:04, Matwey V. Kornilov пишет:
> Hello,
>
> I am running syslog-ng 3.7.1 and journald v210. The goal I want to reach
> is the following.
> I would like to replicate local system logs to remote endpoint using
> standard UDP protocol.
>
> So, I've just disabled all destinations except the following one:
>
> destination logserver { udp("10.0.0.47" port(514)); };
> log { source(src); destination(logserver); };
>
> The issue is the following. It seems that syslog-ng 3.7.1 uses journald
> natively for system() source. And I like it. The issue is that when I
> start syslog-ng it tries to sync all existing local journald data (about
> 5 GB of compressed journald data, 1.5 years of logs) from the beginning.
>
> I found in modules/systemd-journal/journal-reader.c that syslog-ng
> stores journald cursor in the persists file. I would like to point the
> cursor to the end of journald database in order to avoid unneeded log sync.
>
> The question is how could I do that in opensource syslog-ng version?
I've written simple yet useful application which solved the problem:
https://github.com/matwey/syslog-ng-persist
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
More information about the syslog-ng
mailing list