Hi Martin, I like to configure rsyslog to write out to a file in /dev/shm (tmpfs) and then have sec tail that. It provides the added benefit of a single file to tail to get all logs coming in to rsyslog, which might be tricky otherwise if you are breaking your log files out by date, hostname etc.
So in rsyslog: $outchannel log_rotation,/dev/shm/rsyslog-realtime,50000000,/usr/local/sbin/rsyslog-realtime-rotate *.* :omfile:$log_rotation /usr/local/sbin/rsyslog-realtime-rotate is a short bash script #!/bin/bash mv -f \ /dev/shm/rsyslog-realtime \ /dev/shm/rsyslog-realtime.1 \ ; And then sec is started like this: /usr/bin/perl -w /usr/bin/sec -detach -conf=/etc/sec/*.sec -input=/dev/shm/rsyslog-realtime -intevents -pid=/var/run/sec.pid Hope that helps. Regards, Chris ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
