[syslog-ng] How to roll journald cursor in persist file

Scheidler, Balázs balazs.scheidler at balabit.com
Thu Jun 2 22:32:58 CEST 2016


It really is cool, thanks for this tool. Nevertheless, the journal source
should have something to suppress old entries. Can you file an issue about
that?

Thanks
On Jun 2, 2016 11:27 AM, "Matwey V. Kornilov" <matwey.kornilov at gmail.com>
wrote:

> 31.05.2016 13:04, Matwey V. Kornilov пишет:
> > Hello,
> >
> > I am running syslog-ng 3.7.1 and journald v210. The goal I want to reach
> > is the following.
> > I would like to replicate local system logs to remote endpoint using
> > standard UDP protocol.
> >
> > So, I've just disabled all destinations except the following one:
> >
> > destination logserver { udp("10.0.0.47" port(514)); };
> > log { source(src); destination(logserver); };
> >
> > The issue is the following. It seems that syslog-ng 3.7.1 uses journald
> > natively for system() source. And I like it. The issue is that when I
> > start syslog-ng it tries to sync all existing local journald data (about
> > 5 GB of compressed journald data, 1.5 years of logs) from the beginning.
> >
> > I found in modules/systemd-journal/journal-reader.c that syslog-ng
> > stores journald cursor in the persists file. I would like to point the
> > cursor to the end of journald database in order to avoid unneeded log
> sync.
> >
> > The question is how could I do that in opensource syslog-ng version?
>
> I've written simple yet useful application which solved the problem:
>
> https://github.com/matwey/syslog-ng-persist
>
> >
> >
> ______________________________________________________________________________
> > Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> > Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> > FAQ: http://www.balabit.com/wiki/syslog-ng-faq
> >
> >
>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160602/f0136170/attachment.htm 


More information about the syslog-ng mailing list