so I have been doing some digging on rsyslog, trying to figure out how it keeps track of where it left off when reading from a log file. On our new hosts we have already seen gigs of local logs being generated. If the rsyslog daemon crashes or must be forced to shutdown, reading the documentation found here http://www.rsyslog.com/doc/v8-stable/concepts/queues.html , I understand that I can configure rsyslog queues to not lose any data however if rsyslog was in the process of going through say a 20gig log file and then it terminates, I see no indication in the docs of how rsyslog tracks where it left off once the service gets restarted. Any pointers would be appreciated.
Asked
Active
Viewed 86 times
