<div dir="ltr"><div>Hi,</div><div><br></div><div>Honestly I don't know, it seems like a bug. Even the 1.6 branch had bugfixes up until 1.6.11, but it's been more than a decade ago. :) Any chance of this being upgrade to a newer version? I am sure Balabit can also offer services, but I am not trying to be pushy.<br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">-- <br>Bazsi<br></div></div></div>
<br><div class="gmail_quote">On Thu, Jun 7, 2018 at 1:06 PM, Amin, Jitesh CTR DISA JSP (US) <span dir="ltr"><<a href="mailto:jitesh.amin.ctr@mail.mil" target="_blank">jitesh.amin.ctr@mail.mil</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="#0563C1" vlink="#954F72" lang="EN-US"><div class="m_6375105586102361601WordSection1"><p>CLASSIFICATION: UNCLASSIFIED<u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Hello,<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">So the file rotates now successfully – but what I have noticed is that after the file rotates it collects data for first few minute or so and then it stops collecting data (basically the file size never grows and timestamp never changes to the most latest when I check the file).<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I do see that syslog process/service is running. If I restart the service/process, it starts collecting data until the file rotation happens.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Can you please let me know what would be causing this behavior?<u></u><u></u></span></p><span class=""><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Thanks<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Jitesh Amin<u></u><u></u></span></p></div><p>CLASSIFICATION: UNCLASSIFIED<u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p></span><div><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><a name="m_6375105586102361601______replyseparator"></a><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Amin, Jitesh CTR DISA JSP (US) <br><b>Sent:</b> Tuesday, June 5, 2018 9:59 AM<span class=""><br><b>To:</b> Syslog-ng users' and developers' mailing list <<a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a>><br></span><b>Subject:</b> RE: (U) [syslog-ng] [Non-DoD Source] Re: Rotate syslog-ng log files<u></u><u></u></span></p></div></div><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><p>CLASSIFICATION: UNCLASSIFIED<u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">OK skipping the {} made it work and I now see a syslog file with timestamp (year-month-day). Does this mean it should rotate to new log file name (tomorrows timestamp) at midnight tonight? OR I need to add syntax so it rolls everyday with new timestamp. Just wanted to confirm.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Thanks<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Jitesh Amin<u></u><u></u></span></p><p>CLASSIFICATION: UNCLASSIFIED<u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> syslog-ng <<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.<wbr>balabit.hu</a>> <b>On Behalf Of </b>Scheidler, Balázs<br><b>Sent:</b> Thursday, May 31, 2018 5:48 AM<br><b>To:</b> Syslog-ng users' and developers' mailing list <<a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a>><br><b>Subject:</b> Re: [syslog-ng] (U) [Non-DoD Source] Re: Rotate syslog-ng log files<u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal" style="margin-bottom:12.0pt">All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser. <u></u><u></u></p><div class="MsoNormal" style="text-align:center" align="center"><hr align="center" width="100%" size="2"></div><p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p><div><p class="MsoNormal">I mean syslog-ng 1.6.8<u></u><u></u></p></div></div></div><div><p class="MsoNormal"><u></u> <u></u></p><div><div><div class="h5"><p class="MsoNormal">On May 30, 2018 22:54, "Balazs Scheidler" <<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a> < Caution-<wbr>mailto:<a href="mailto:bazsi77@gmail.com" target="_blank">bazsi77@gmail.com</a> > > wrote:<u></u><u></u></p></div></div><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt"><div><div class="h5"><div><p class="MsoNormal">syslog-ng does have template support, it just doesnt support braces, which came later.<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Just write $YEAR instead of ${YEAR}<u></u><u></u></p></div></div></div></div><div><p class="MsoNormal"><u></u> <u></u></p><div><div><div class="h5"><p class="MsoNormal">On May 30, 2018 09:41, "Gergely Nagy" <<a href="mailto:algernon@balabit.com" target="_blank">algernon@balabit.com</a> < <wbr>Caution-mailto:<a href="mailto:algernon@balabit.com" target="_blank">algernon@<wbr>balabit.com</a> > > wrote:<u></u><u></u></p></div></div><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt"><p class="MsoNormal" style="margin-bottom:12.0pt"></p><div><div class="h5">>>>>> "Amin" == Amin, Jitesh CTR DISA JSP (US) <<a href="mailto:jitesh.amin.ctr@mail.mil" target="_blank">jitesh.amin.ctr@mail.mil</a> < <wbr>Caution-mailto:<a href="mailto:jitesh.amin.ctr@mail.mil" target="_blank">jitesh.amin.<wbr>ctr@mail.mil</a> > > writes:<br><br>    Amin> Let me ask this, with the following config = destination<br>    Amin> syslog { file("/var/log/syslog-${YEAR}-<wbr>${MONTH}-${DAY}.log");<br>    Amin> };<br><br>    Amin> It created new file and started writing to it (versus creating<br>    Amin> new syslog.log). Question, if we plan to accept this for now,<br>    Amin> with above config, would it create a new file ever day with<br>    Amin> following file names or no it would not work with v1.6.8<br><br>With syslog-ng 1.6.8, it would not create a new file every day, and<br>would continue writing to syslog-{YEAR}-{MONTH}-{DAY}.<wbr>log. With newer<br>versions, it would create files like `syslog-2018-05-30.log`. No `.0`,<br>`.1` or the like would be appended. That's a convention of logrotate.<br>With syslog-ng, you get filenames that match the template, they will<br>have nothing appended or prepended that is not in the filename template.<br><br></div></div><span class="HOEnZb"><font color="#888888">-- <br>|8]<br>______________________________<wbr>______________________________<wbr>__________________</font></span><span class=""><br>Member info: Caution-<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.<wbr>hu/mailman/listinfo/syslog-ng</a> <wbr>< Caution-<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.<wbr>balabit.hu/mailman/listinfo/<wbr>syslog-ng</a> > <br>Documentation: Caution-<a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.<wbr>com/support/documentation/?<wbr>product=syslog-ng</a> < Caution-<a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">ht<wbr>tp://www.balabit.com/support/<wbr>documentation/?product=syslog-<wbr>ng</a> > <br>FAQ: Caution-<a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.<wbr>com/wiki/syslog-ng-faq</a> < <wbr>Caution-<a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.<wbr>com/wiki/syslog-ng-faq</a> > <u></u><u></u></span><p></p></blockquote></div></div><span class=""><p class="MsoNormal" style="margin-bottom:12.0pt"><br>______________________________<wbr>______________________________<wbr>__________________<br>Member info: Caution-<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.<wbr>hu/mailman/listinfo/syslog-ng</a> <wbr>< Caution-<a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.<wbr>balabit.hu/mailman/listinfo/<wbr>syslog-ng</a> > <br>Documentation: Caution-<a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.<wbr>com/support/documentation/?<wbr>product=syslog-ng</a> < Caution-<a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">ht<wbr>tp://www.balabit.com/support/<wbr>documentation/?product=syslog-<wbr>ng</a> > <br>FAQ: Caution-<a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.<wbr>com/wiki/syslog-ng-faq</a> < <wbr>Caution-<a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.<wbr>com/wiki/syslog-ng-faq</a> > <u></u><u></u></p></span></blockquote></div></div></div></div><br>______________________________<wbr>______________________________<wbr>__________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>
<br>
<br></blockquote></div><br></div>