Last year, syslog-ng 4.8.0 improved the wildcard-file() source on FreeBSD and MacOS. Version 4.9.0 will do the same for Linux by using inotify for file and directory monitoring, resulting in faster performance while using significantly less resources. This blog is a call for testing the new wildcard-file() source options before release.
Before you begin
To test what is coming in syslog-ng 4.9.0, you have to install a development snapshot. You can find more information about how to do that in my previous call for testing at https://www.syslog-ng.com/community/b/blog/posts/a-call-for-testing-the-upcoming-syslog-ng-releases.
What to test
In recent development snapshots, it became easier to configure using inotify. Instead of playing with follow-frequency(), you can now explicitly configure what method to use to monitor directories and follow files. The more files you follow, the more positive effect it has on resource usage, but of course we are curious about what your experiences are in any possible situation, from following a single file to many files.
Configuring syslog-ng
Append the following configuration snippet to your syslog-ng.conf or create a new configuration snippet under /etc/syslog-ng.conf/conf.d/, if your configuration supports it:
source s_wild {
wildcard-file(
base-dir("/var/log/apache2/")
filename-pattern("*.log")
follow-method("inotify")
monitor-method("inotify")
);
};
destination d_single {
file("/var/log/allweb.txt");
};
log {
source(s_wild);
destination(d_single);
};
This configuration collects log messages arriving in .log files under the /var/log/apache2 directory. This is just an example though, so change the directory and pattern to match your environment. On a busy (web) server, this configuration should significantly reduce the resource usage of syslog-ng.
What is next?
First of all: share your feedback! And don’t forget that while problem reports from snapshots help us a lot in making the next release (close to) perfect, we are also very happy to hear positive feedback as well :-) Using inotify is just one of the many new features of the upcoming syslog-ng 4.9.0 release. You can find a lot more changes if you browse the recently-closed pull requests on GitHub. We also expect a few more fun features merged in the coming days, so stay tuned! :-)
-
If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik, on Mastodon as @Pczanik@fosstodon.org.