What happened to realtime logging?

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Check Wiki for realtime logging
2. Check /etc/elsa_node.conf for realtime option
3. Give up

What is the expected output? What do you see instead?
I would expect the realtime log ingesting to still be available. Why was it 
dropped? Or does it still work?

What version of the product are you using? On what operating system?
Sphinx  Sphinx 2.0.5-id64-release (r3308)
Date     2013-06-15 16:55:18 -0400 (Sat, 15 Jun 2013)
Author   mcholste
Rev  928
OS       CentOS 6.4

Please provide any additional information below.
I would greatly benefit from the realtime logging option for *all* logs.

Original issue reported on code.google.com by i...@pingas.org on 18 Jun 2013 at 2:18

[GoogleCodeExporter]

While I haven't removed it, I haven't been actively developing realtime logging 
for some time now, so it is currently unsupported.  It may still work, and I 
plan to come back to it, but I need to make a lot of other improvements first.  
What is the main thing you use the realtime logging for?

Original comment by mchol...@gmail.com on 18 Jun 2013 at 2:54

[GoogleCodeExporter]

We have a very low amount of logs (less than 1,000/minute), but we have a high 
interval for alert checking.

With realtime, I could set an alert for failed windows logins and get an email 
within a few seconds of a failed login. Now I have to wait 60 seconds for the 
batch to load before I can get an email.

It just speeds up the rate at which we get notified when queries return 
information.

Original comment by i...@pingas.org on 18 Jun 2013 at 2:56

[GoogleCodeExporter]

Got it.  I know lots of people are in your situation, and I know that realtime 
logging is important.  I promise that I'll revisit it, but I have to get three 
major features rolled out first.

To tide you over, you may be interested in looking at the new debugging script 
I added in /usr/local/elsa/contrib/livetail.pl which will create a socket that 
syslog-ng will send parsed logs to, and then write them to stdout.  This is a 
way to view logs coming in realtime, though you won't get proper alerting or 
anything from it.  Keep in mind it can take up to 60 seconds for logs to show 
up when the script starts, as that's the default interval that syslog-ng checks 
for the existence of the socket.

Original comment by mchol...@gmail.com on 18 Jun 2013 at 2:59

[GoogleCodeExporter]

I thought livetail was also deprecated?

Regardless, I will definitely take a look.

Thank you!

Original comment by i...@pingas.org on 18 Jun 2013 at 3:00

[GoogleCodeExporter]

The old livetail is deprecated.  This is a much more stable version that is for 
console only.  It's main purpose is to help with debugging log parsers to see 
how the system is parsing them, but you can just pipe the command to grep to 
look for anything you want, and it will be in realtime.

Original comment by mchol...@gmail.com on 18 Jun 2013 at 3:01