[prev in list] [next in list] [prev in thread] [next in thread]
List: syslog-ng
Subject: Re: [syslog-ng] syslog-ng not following symlinks correctly on UBUNTU, works fine in RHEL
From: Ankit Agarwal <ankit () travelmyheart ! org>
Date: 2018-06-30 16:56:15
Message-ID: 164519fa9c4.11213b377156263.1994116506459811141 () travelmyheart ! org
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi, I ran into a similar problem on Ubuntu as well. In my case, I was tracking the \
Tomcat localhost log file in syslog-ng but Tomcat creates a new log file everyday by \
default, and the filename changes (since it includes the date). Therefore, I \
periodically created a softlink to the localhost log file where the link had a \
constant name. The constant name is needed because I obviously cannot keep changing \
the syslog-ng configuration to match the day's localhost log file name. I found that \
the softlink did not work. Instead I had to create a hardlink. This is because the \
softlink's modified date does not change when the underlying file changes. The \
hardlink's modified date does change since it is pointing to the actual data. We need \
the modified date to change for the syslog-ng client to pick up new log entries. In \
my case, I periodically ran the following command via CRON in the Tomcat logs \
directory: sudo ln -f $(ls -t localhost.* | head -1) tomcat_localhost.log This is to \
get the latest localhost log file and create the hardlink for it (overwriting the \
older hardlink that may have been pointing to the previous day's localhost log file). \
I ran this every hour just to be safe. So in your case, I think you would just need \
to recreate the hardlink as soon as your log file is rotated. Hope this helps. Ankit \
---- On Sat, 30 Jun 2018 01:13:44 -0700 Donatello D <bluray.vik@gmail.com> wrote \
---- syslog-ng is configured to read a symlink pointing to logs generated from my \
application which rotates the file using log4j2 rollingfile appender. Everything \
works fine till the rotation happens. after the file get rotated syslog-ng still \
seems to hold on to the older inode (which is not moved) and doesn't change to follow \
the new logs. this however does not happen in RHEL where syslog-ng recognizes the \
file is now rotated and moves to the new file. In both cases the sym link is always \
configured to point to the latest file. version details and logs from both OSs below. \
What am i missing here? UBUNTU - syslog-ng 3.5.6 Installer-Version: 3.5.6 Revision: \
3.5.6-2.1 [@416d315] (Ubuntu/16.04) Compile-Date: Oct 24 2015 03:49:19 \
Available-Modules: afsocket,afuser,tfgeoip,confgen,csvparser,syslogformat,afamqp,redis \
,afsql,affile,afsmtp,linux-kmsg-format,dbparser,system-source,cryptofuncs,basicfuncs,json-plugin,afprog,afsocket-tls,afstomp,afsocket-notls,afmongodb \
Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on \
Enable-Spoof-Source: on Enable-TCP-Wrapper: on Enable-Linux-Caps: on Enable-Pcre: on \
symlink is pointing to the file that gets the logs. prior to rotation the process \
watches correctly for the file (same inodes held by my app and syslog-ng) lrwxrwxrwx \
1 root root 56 Jun 29 08:44 node1-access.log -> /x/logs/vik-test_access.log COMMAND \
PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 11032 \
vikram 53w REG 8,1 1101 1542626 vik-test_access.log syslog-ng 21661 \
root 9r REG 8,1 1101 1542626 vik-test_access.log Post rotation, \
syslog-ng holds on to the older file (now rotated). COMMAND PID USER \
FD TYPE DEVICE SIZE/OFF NODE NAME java 11032 vikram 53w \
REG 8,1 876 1542631 e/elasticsearch-6.2.3/logs/vik-test_access.log \
syslog-ng 21661 root 9r REG 8,1 1101 1542626 \
e/elasticsearch-6.2.3/logs/vik-test_access-2018-06-30.log The same setup works \
perfectly fine in RHEL (version details below) where syslog-ng follows the new file \
correctly. RHEL syslog-ng 3.3.5 Installer-Version: 3.3.5 Revision: \
ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.3--master#d5d607c05251b38e821efe27bc46ac8db78dd722 \
Compile-Date: Oct 18 2012 15:17:09 Default-Modules: \
affile,afprog,afsocket,afuser,basicfuncs,csvparser,dbparser,syslogformat \
Available-Modules: afprog,afsocket-tls,dbparser,confgen,convertfuncs,basicfuncs,afsocket,afmongodb,csvparser,affile,dummy,syslogformat,afuser \
Enable-Debug: off Enable-GProf: off Enable-Memtrace: off Enable-IPv6: on \
Enable-Spoof-Source: off Enable-TCP-Wrapper: on Enable-Linux-Caps: off Enable-Pcre: \
on ______________________________________________________________________________ \
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: \
http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: \
http://www.balabit.com/wiki/syslog-ng-faq
[Attachment #5 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta \
content="text/html;charset=UTF-8" http-equiv="Content-Type"></head><body ><div \
style='font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif;'><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">Hi,<br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, Arial, \
Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">I ran into a similar problem on Ubuntu as well.<br></div><div style="color: \
rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; font-size: \
13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: \
normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; \
text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: \
0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">In my case, I was tracking the Tomcat localhost log file in syslog-ng but \
Tomcat creates a new log file everyday by default, and the filename changes (since it \
includes the date).<br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, \
Arial, Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">Therefore, I periodically created a softlink to the localhost log file \
where the link had a constant name. The constant name is needed because I obviously \
cannot keep changing the syslog-ng configuration to match the day's localhost log \
file name.<br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, Arial, \
Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">I found that the softlink did not work.<br></div><div style="color: rgb(0, \
0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px; \
font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; \
font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">Instead I had to create a hardlink.<br></div><div style="color: rgb(0, 0, \
0); font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px; \
font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; \
font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">This is because the softlink's modified date does not change when the \
underlying file changes. The hardlink's modified date does change since it is \
pointing to the actual data. We need the modified date to change for the syslog-ng \
client to pick up new log entries.<br></div><div style="color: rgb(0, 0, 0); \
font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px; font-style: \
normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">In my case, I periodically ran the following command via CRON in the Tomcat \
logs directory:<br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, \
Arial, Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">sudo ln -f $(ls -t localhost.* | head -1) \
tomcat_localhost.log<br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, \
Arial, Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">This is to get the latest localhost log file and create the hardlink for it \
(overwriting the older hardlink that may have been pointing to the previous day's \
localhost log file).<br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, \
Arial, Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;">I ran this every hour just to be safe.<br></div><div style="color: rgb(0, \
0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 13.3333px; \
font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; \
font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: \
0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;"><br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, Arial, \
Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;">So in your case, I \
think you would just need to recreate the hardlink as soon as your log file is \
rotated.<br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, Arial, \
Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
text-align: start; text-indent: 0px; text-transform: none; white-space: normal; \
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: \
rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: \
initial;"><br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, Arial, \
Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;">Hope this \
helps.<br></div><div style="color: rgb(0, 0, 0); font-family: Verdana, Arial, \
Helvetica, sans-serif; font-size: 13.3333px; font-style: normal; \
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; \
letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; \
text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; \
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); \
text-decoration-style: initial; text-decoration-color: initial;"><br></div><div \
style="color: rgb(0, 0, 0); font-family: Verdana, Arial, Helvetica, sans-serif; \
font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; \
[Attachment #6 (text/plain)]
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic