Lost logs with logrotate

elk2 · July 3, 2018, 1:28pm

I have a logstash process that writes a log file ( syslog.log) and a logstash process that reads the log file.
When logrotate starts, it changes the filename into syslog-[date].log and some logs that aren't read yet from second logstash process are lost . The conf file of second logstash process is like this

input{
  file{
    type => "syslog"
    codec => "json"
    path => "/var/log/syslog.log"
    start_position => "beginning"
    sincedb_path => "/var/log/logstash/sincedb/.sincedb_syslog"
   }
....

I tried to increase batch and workers of second logstash process but I lost anyway logs.
Any suggest?

system · July 31, 2018, 1:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash problem with Logrotate: Missing out on a lot of logs Logstash	1	1046	April 12, 2019
Logstash logrotate Logstash	4	17757	July 6, 2017
Logstash7.6 - data loss when input file logrotation happens Logstash	4	540	August 4, 2020
Logstash logging options (rotating, removing old logs, etc) Logstash	6	9062	July 6, 2017
Logrotate , Logstash Syncing Logstash	1	243	April 14, 2019

Lost logs with logrotate

Related topics