diff --git a/_data/link_aliases.yml b/_data/link_aliases.yml index 8d065a20..6a499a70 100644 --- a/_data/link_aliases.yml +++ b/_data/link_aliases.yml @@ -1,3 +1,7 @@ +# +# Enclose the `aliases` strings inside / and / to use ruby regexp. +# Any not enclosed strings will be matched exactly like written. +# adm-temp-macro-ose: aliases: [ "/[Mm]acros/" ] @@ -94,3 +98,9 @@ adm-about-glossary#bsd-syslog-protocol: adm-about-glossary#ietf-syslog-protocol: aliases: [ "IETF-syslog protocol", "IETF-syslog" ] + +adm-src-wild: + aliases: [ "/wildcard-file(?:\\(\\))? source[s]?/" ] + +adm-src-file: + aliases: [ "/file(?:\\(\\))? source[s]?/" ] diff --git a/_data/navigation.yml b/_data/navigation.yml index 63829f9e..d5da1bbd 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -142,8 +142,10 @@ admin-guide-nav: subnav: - title: "Notes on reading kernel messages" url: /admin-guide/060_Sources/020_File/000_Notes_on_reading_kernel_messages + - title: "How file sources are followed" + url: /admin-guide/060_Sources/020_File/001_File_following - title: "file() source options" - url: /admin-guide/060_Sources/020_File/001_File_source_options + url: /admin-guide/060_Sources/020_File/002_File_source_options - title: "Arr logs" url: /admin-guide/060_Sources/025_Arr_logs/README subnav: diff --git a/_includes/doc/admin-guide/options/follow-freq.md b/_includes/doc/admin-guide/options/follow-freq.md index 927b64a1..2265e889 100644 --- a/_includes/doc/admin-guide/options/follow-freq.md +++ b/_includes/doc/admin-guide/options/follow-freq.md @@ -5,7 +5,10 @@ *Description:* Indicates that the source should be checked periodically. This is useful for files which always indicate readability, even though -no new lines were appended. If this value is higher than zero, syslog-ng -will not attempt to use poll() on the file, but checks whether the file -changed every time the follow-freq() interval (in seconds) has elapsed. +no new lines were appended (e.g. regular file system files). If this value +is higher than zero, syslog-ng will not attempt to use ivykis file change +notification methods on the file (poll(), epoll(), etc.), but checks whether +the file changed every time the follow-freq() interval (in seconds) has elapsed.\ Floating-point numbers (for example, **1.5**) can be used as well. + +{% include doc/admin-guide/warnings/file-source-follow-warning.md %} diff --git a/_includes/doc/admin-guide/warnings/file-source-follow-warning.md b/_includes/doc/admin-guide/warnings/file-source-follow-warning.md new file mode 100644 index 00000000..aea647e8 --- /dev/null +++ b/_includes/doc/admin-guide/warnings/file-source-follow-warning.md @@ -0,0 +1,2 @@ +![]({{ site.baseurl}}/assets/images/caution.png) **CAUTION:** As the follow-freq(), the monitor-method(), and the monitor-freq() options could have performance penalty effects, it is important to understand how the file and directory monitoring operates depending on these values. For details, refer to How content changes are followed in file() and wildcard-file() sources. +{: .notice--warning} diff --git a/_sass/minimal-mistakes/minimal-mistakes/_tables.scss b/_sass/minimal-mistakes/minimal-mistakes/_tables.scss index c270a775..2adace52 100644 --- a/_sass/minimal-mistakes/minimal-mistakes/_tables.scss +++ b/_sass/minimal-mistakes/minimal-mistakes/_tables.scss @@ -30,6 +30,9 @@ th { td { padding: 0.5em; border-bottom: 1px solid mix(#000, $border-color, 25%); + &.right-edged-col { + border-right: 1px solid mix(#000, $border-color, 25%); + } } tr, diff --git a/doc/_admin-guide/060_Sources/020_File/001_File_following.md b/doc/_admin-guide/060_Sources/020_File/001_File_following.md new file mode 100644 index 00000000..4f447c6c --- /dev/null +++ b/doc/_admin-guide/060_Sources/020_File/001_File_following.md @@ -0,0 +1,164 @@ +--- +title: How content changes are followed in file() and wildcard-file() sources +short_title: How file sources are followed +id: adm-src-wild-follow +description: >- + The {{ site.product.short_name }} application can use various methods to detect changes + in the followed [[file()|adm-src-file]] and wildcard-file() sources. Under the hood, two different change + watchers operate: one for detecting changes in the followed directories and one for + monitoring changes in the watched files. +--- + +The detection method for directory changes can be controlled via monitor-method(). If the method is `poll`, {{ site.product.short_name }} will set up an (ivykis) timer that periodically checks and compares the content of the given directory at the frequency specified by monitor-freq(). This periodic polling can be resource-intensive (mainly CPU), so selecting the proper value for monitor-freq() is important. This is not an issue on Linux, where you can use `inotify` for monitor-method(), which automatically notifies {{ site.product.short_name }} about changes with no significant resource usage impact. + +**NOTE:** For macOS and FreeBSD, a `kqueue` based implementation will be available in the near future, offering similar performance to `inotify` on Linux. Stay tuned! +{: .notice--info} + +Detecting file content changes involves more factors that can affect resource usage and overall performance. {{ site.product.short_name }} uses two main methods to monitor file content changes. + +The first method is automatically selected if the follow-freq() option has a value greater than 0. It works like the directory monitoring `poll` monitor-method() and uses an (ivykis) timer with the frequency of follow-freq(). It tries to detect changes in the file content (as well as state, file deletion, and moves) each time the timer fires. Similar to directory change monitoring, this process can be resource-intensive, so you should find the proper setting to balance performance, resource usage, and fault tolerance (such as avoiding log message loss). + +The second method is activated if the follow-freq() option is set to 0. It uses ivykis poll methods, sometimes resembling the poll method for directory change watching described above (with its performance penalties), but often working similarly to the `inotify` version (with seamless performance). + +The following table shows which method is selected in different cases. + +
+ follow-freq() + |
+
+ file follow method + |
+
+ linux + |
+
+ macOS, FreeBSD + |
+
+ Solaris + |
+ |
+ 0 + |
+
+ ivykis poll + |
+
+ port-timer, port + |
+
+ n.a. + |
+
+ n.a. + |
+
+ should work |
+
+ dev-poll + |
+
+ n.a. + |
+
+ n.a. + |
+
+ should work |
+ ||
+ epoll-timer, epoll + |
+
+ does not work + |
+
+ n.a. + |
+
+ should work |
+ ||
+ kqueue + |
+
+ n.a. + |
+
+ works + |
+
+ n.a. + |
+ ||
+ ppoll + |
+
+ works, but always signals readability + |
+
+ n.a. + |
+
+ should work |
+ ||
+ poll + |
+
+ works, but always signals readability + |
+
+ works, but always signals readability + |
+
+ works, but always signals readability + |
+ ||
+ > 0 + |
+
+ syslog-ng poll |
+
+ works + |
+
+ works + |
+
+ works + |
+