-
Title
How to empty disk-buffer files -
Description
This guide describes how to empty a disk-buffer file. -
Cause
There are certain procedures when emptying disk-buffer files is recommended before beginning.
- Upgrading syslog-ng Premium Edition from version 6 to 7.
- Changing the configuration of a remote destination with disk-buffer.
- Applying a solution that includes the removal of the syslog-ng's persistent file.
-
Resolution
Warning!
- This guide will use a simple configuration with one source and one destination with disk-buffer.
If you are not aware of disk-buffers or you're not sure which of your destinations use disk-buffer do not proceed with the solution.
Open a service request at our support portal. Describe your issue and attach a collected debug bundle from your system. (Linux, Windows) - To be able to empty a disk-buffer the log reception must be stopped, otherwise new messages would be stored in it.
Redirecting the logs to another syslog server is recommended or else message loss can happen.
Resolution
Example configuration
source s_net {
network();
};
destination d_logserver {
network("10.21.10.20" port(514) disk-buffer( disk-buf-size(2000000) ) );
};
log {
source(s_net);
destination(d_logserver);
};Steps
1. Name the disk-buffer file to empty and the destination statement using it.
If you're unsure about them,
- Check the list and the status of the disk-buffer files, see knowledge article 'How to get information of disk-buffers files'.
Example
Non-empty disk-buffer file
Disk-buffer state loaded; filename='/opt/syslog-ng/var/syslog-ng-00000.qf', qout_length='0', qbacklog_length='0', qoverflow_length='0', qdisk_length='3006'
IP:PORT information of the destination with disk-buffer
afsocket_dd_qfile(stream,10.21.10.20:514) = { "queue_file": "/opt/syslog-ng/var/syslog-ng-00000.qf" }
- Find the destination statement in the syslog-ng configuration using the IP:PORT information.
destination d_logserver { network("10.21.10.20" port(514) disk-buffer( disk-buf-size(2000000) ) ); };
2. Locate the log statements which use that destination statement.
3. Disable the sources in the log statements.
Add '#' at the beginning of all source() entries in the log paths.log {
# source(s_net);
destination(d_logserver);
}4. Reload syslog-ng
/opt/syslog-ng/sbin/syslog-ng-ctl reload
5. Check the disk-buffer file status, see 'How to get information of disk-buffers files'.
6. To enable the sources again remove '#' from the log paths and reload syslog-ng.
- This guide will use a simple configuration with one source and one destination with disk-buffer.