approach on parsing the query-log file
David Forrest
drf at maplepark.com
Tue Apr 28 15:52:57 UTC 2009
On Tue, 28 Apr 2009, Gregory Hicks wrote:
>
>> From: Jonathan Petersson <jpetersson at garnser.se>
>> Date: Tue, 28 Apr 2009 08:13:25 -0700
>> Subject: Re: approach on parsing the query-log file
>> To: Niall.oReilly at ucd.ie
>> Cc: Bind Mailing <bind-users at lists.isc.org>
>>
>> Yeah I've thought about using tail but I'm not sure how locking would
>> be managed when logrotate kicks in, does anyone know?
>
> I use "tail -f <log-file>"
>
> When the log rotates, the tail is still running against the rotated
> file. I have to manually change to the current file. ("^C-!!" works)
>
> A better way to do it might be to have the 'logfile' be a pipe and have
> the parsing intelligence on the other side of the pipe. Have the log
> rotation "smarts" be on the other side of the pipe also. (At one $JOB,
> I used this technique to separate out different log messages from
> simultaneously running SMTP processes.)
>
> Regards,
> GRegory Hicks
>>
>> On Tue, Apr 28, 2009 at 3:41 AM, Niall O'Reilly <Niall.oReilly at ucd.ie>
> wrote:
>>> On Mon, 2009-04-27 at 22:26 -0700, Jonathan Petersson wrote:
>>>> The obvious question that occurs is; What would be what's the best
>>>> approach to do this?
>>>
>>> I've not used it, but a colleague is very keen on File::Tail
>>> (http://search.cpan.org/~mgrabnar/File-Tail-0.99.3/Tail.pm).
>>> Apparently, it looks after log-file roll-over and 'just
> works'.
>>>
>>> /Niall
>>>
>>>
>>>
I use tail --follow=name <logfile> as the tail then switches to the new
inode. An alternative is to to put the copytruncate directive in
/etc/logrotate.conf as the possible loss of one or two queries is
usually not significant to statistical analysis. Using inotail (which is
supposedly less processor intensive) requires the second approach as it
does not include the --follow=name option.
Dave
--
David Forrest e-mail drf @ maplepark.com
Maple Park Development Corporation http://xen.maplepark.com
St. Louis, Missouri
More information about the bind-users
mailing list