I need to setup a log drain for an application running on Parse. My source looks like this:
source s_parse {
#internal();
program("/home/ubuntu/parse/tailparse.sh"
flags(no-parse));
};
and tailparse.sh looks like this:
#!/bin/sh
cd /home/ubuntu/parse
parse log appname -f
Running the script directly works fine and I explicitly use hardcoded paths and cd to the proper directory before invoking the parse command line utility. Unfortunately, the only ouput I get from syslog-ng is
Mar 18 18:58:52 ip-XXX-XXX-XXX-XXX syslog-ng: syslog-ng starting up; version='3.3.4'
Mar 18 18:58:53 ip-XXX-XXX-XXX-XXX syslog-ng: EOF on control channel, closing connection;
The Parse utility is built on python, so I am wondering if this is related: syslog-ng not flushing the pipe to external program
Is using the program()
source a lost cause? Should I be writing to a file first and using that source driver instead?