[syslog-ng] log drop-and-delete directory

Sat Oct 13 12:00:49 UTC 2018

Hi Nik,

Syslog-ng should not be designed to delete files when it reaches EOF, it
rather monitors the file for new lines if so.
This would be a bit destructive behaviour even if it would be a feature
with a control flag:
source s_file_clearup {
  wildcard-file (
    base-dir("/tmp/")
    filename-pattern("*")
    remove-on-EOF(yes)
  );
};
But if we are looking at from your point of view, it could be enhanced to
have one-time files, or drop-off files.
It could be an enhancement.

With the current behaviour of syslog-ng quick ideas to solve this use case
(if workaround needed):
- syslog-ng closes a file after the reading is idle for time_reap seconds.
This could be monitored externally and remove the given file.
Example message "Destination timed out, reaping; template='input-logs',
filename='input-logs"
I think there is no EOF warning for files, as syslog-ng simply waits for
new lines (as said above).

Regards,
Gabor

On Fri, Oct 12, 2018 at 5:55 PM Nik Ambrosch <nik at ambrosch.com> wrote:

> Looking to create a drop-off directory that syslog-ng handles instead of
> needing to execute in a separate script.. flow would go something like this:
>
> 1) mv file.log /syslog-tmp/
> 2) syslog-ng reads /syslog-tmp/file.log
> 3) syslog-ng deletes /syslog-tmp/file.log when done consuming
>
> Sounds simple but I can't seem to figure out a good way to do this.  The
> other option is to read file with a script, send out with logger (or
> whatever), and hope that syslog-ng is running & healthy.
>
> Thanks.
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20181013/434cc218/attachment.html>