Hi there
I'm wanting to feed our (multiple) squid server logs into graylog and want
to simply rsync the logs into a staging directory on the server, and have
the collector pipe them in via the GELF connector. (ie I don't want them
put into syslog, nor do I want to install java on the proxies just so I can
run the collector)
For testing I'm running it in a shell with the output going to stdout.
inputs {
squid {
type = "file"
path-glob-root = "/var/spool/squid-logs"
path-glob-pattern = "*access.log"
}
}
I have a "server1-access.log" file in there, and if I "echo squidline >>
server1-access.log" it triggers graylog-collector nicely and I see the
GELF. However, rsync doesn't work like that: it creates a new file with a
temporary filename, copies the original file to that, appends the new data
and then renames it over the original file. End result is the file is
updated, but has a new inode. It appears graylog-collector doesn't notice
that change, nor the fact the file is now a different size? Also, I'm using
globbing, but if I rsync a totally new filename into that directory (eg 2nd
squid server), then nothing happens - it doesn't pick it up either. In
fact, if I create a new file with one line of data, nothing happens; but if
I then append a new line to that file, that is picked up???
Am I doing it wrong?
Jason
--
You received this message because you are subscribed to the Google Groups
"graylog2" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
