Take a look at logtail2, it keeps a bookmark in an offsetfile, so as to be able to resume where it left off on last run.<div><br></div><div>It&#39;s available in debian repo, in the logcheck package.</div><div><br></div><div>
<a href="http://manpages.ubuntu.com/manpages/hardy/man8/logtail2.8.html">http://manpages.ubuntu.com/manpages/hardy/man8/logtail2.8.html</a>
</div><div><br></div><div><br></div><div><br><div class="gmail_quote">On Sat, Jul 28, 2012 at 10:18 AM, Brock Noland <span dir="ltr">&lt;<a href="mailto:brock@cloudera.com" target="_blank">brock@cloudera.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<div><br></div><div>Yes you if you use tail, you will eventually both lose data and get duplicates.  It&#39;s better to send the events to Flume from the application generating them. Flume has a java &quot;client&quot; which can do this as well as a log4j appender.</div>


<div><br></div><div>Brock<div><div class="h5"><br><br><div class="gmail_quote">On Fri, Jul 27, 2012 at 11:20 PM, Jagadish Bihani <span dir="ltr">&lt;<a href="mailto:jagadish.bihani@pubmatic.com" target="_blank">jagadish.bihani@pubmatic.com</a>&gt;</span> wrote:<br>


<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi<br>
<br>
In Flume-ng is there any way using exec (tail -F) as the source to get<br>
only the new lines  which are being added to the log file ?<br>
(i.e. there is a growing log file and we want to transfer all the logs using flume<br>
without duplication of logs)<br>
<br>
I understand if something fails and as tail doesn&#39;t maintain state we will have duplicates.<br>
But we are not considering failovers as of now.<br>
<br>
So I think &quot;tail -F&quot; is useful only in scenarios where sink or any intermediate<br>
agent can remove duplicates. Is it correct?<br>
<br>
But as tail looks like quite a popular source in flume I thought I might be missing<br>
something.....<br>
<br>
<br>
Presently using &quot;tail -F &lt;file&gt;&quot; as the source to read from the log file leads to<br>
scenarios like this:<br>
<br>
1. If file has not  changed for a while, but tail still tails file every<br>
second and then prints the same lines again (depending upon -n option)<br>
2. Even if file grows then using tail we can&#39;t quite control which lines we want?<br>
<br>
Regards,<br>
Jagadish<br>
<br>
<br>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br>Apache MRUnit - Unit testing MapReduce - <a href="http://incubator.apache.org/mrunit/" target="_blank">http://incubator.apache.org/mrunit/</a><br>

</font></span></div>
</blockquote></div><br></div>