Hi,<div><br></div><div>Below is my setup (see the config details). Issue i am facing is :</div><div><br></div><div>Lets say on central servers apache logs are collected till 2:00 PM for current date. Incase if i delete the log file on central server, a new file gets created and starts collecting the log after the delete time ie 2:00 PM. What i want to achieve is that in such an event where the log files gets deleted.. the new log-file will collect the log from the beginning of the day ie 12:00 AM. Is this possible ?</div>
<div><br></div><div><br></div><div><br></div><div>*************** client config ***********************</div><div><br></div><div><div>@include "scl.conf"</div><div><br></div><div>options {</div><div> keep_hostname(yes);</div>
<div> log_fifo_size(100000)</div><div>};</div><div><br></div><div><br></div><div><div>rewrite r_setfilename {</div><div> set(</div><div> "$FILE_NAME",</div><div> value(".<a href="mailto:SDATA.file@18372.4.name">SDATA.file@18372.4.name</a>")</div>
<div> );</div><div>};</div><div><br></div><div>rewrite r_apache_basepath_www-dev01 {</div><div> subst(</div><div> "/apps/log/apache/www-dev01/",</div><div> "",</div><div> value(".<a href="mailto:SDATA.file@18372.4.name">SDATA.file@18372.4.name</a>")</div>
<div> type("string")</div><div> flags("prefix")</div><div> );</div><div>};</div></div><div><br></div><div><div>source s_apache_www-dev01 {</div><div> file("/apps/log/apache/www-dev01/*.log"</div>
<div> program_override("apache/www/dev01")</div><div> flags(no-parse)</div><div> recursive(yes)</div><div> );</div><div>};</div></div><div><br></div><div>destination d_server {</div><div>
syslog("x.x.x.x" transport("tcp") port(514));</div><div>};</div><div><br></div><div><div>log {</div><div> source(s_apache_www-dev01);</div><div> rewrite(r_setfilename);</div><div> rewrite(r_apache_basepath_www-dev01);</div>
<div> destination(d_server);</div><div>};</div><div><br></div><div>*************** Server Config ************</div><div><br></div></div><div><div>@include "scl.conf"</div><div><br></div><div>options {</div><div>
create_dirs (yes);</div><div> dir_perm(0755);</div><div> dir_group(60030);</div><div> dir_owner(wwwtools);</div><div> perm(0755);</div><div> owner(wwwtools);</div><div> group(60030);</div><div> keep_hostname(yes);</div>
<div> threaded(yes);</div><div> log_msg_size(5000000);</div><div><br></div><div>};</div><div><br></div><div><br></div><div>source s_network {</div><div> syslog(ip(0.0.0.0)</div><div> port(514) transport("tcp") max-connections(200));</div>
<div>};</div><div><br></div><div><div>filter f_apache_www-dev01 {</div><div> program('apache/www/dev01');</div><div>};</div></div><div><br></div><div>destination d_central {</div><div> file("/apps/log/syslog-ng/${PROGRAM}/${YEAR}${MONTH}${DAY}/${HOST}/${.<a href="mailto:SDATA.file@18372.4.name">SDATA.file@18372.4.name</a>}"</div>
<div> template("${MSGONLY}\n")</div><div> );</div><div>};</div></div><div><br></div><div><div>log {</div><div> source(s_network);</div><div> filter(f_apache_www-dev01);</div><div> destination(d_central);</div>
<div>};</div></div><div><br></div><div><br></div><div><br></div></div><div><br></div><div><div><br></div>-- <br>Regards,<br><br>Sagar Naravane<br>
</div>