I'm trying to set up a central logserver with syslog-ng, and so far that is working great. Next thing to do is to rotate the log-files using newsyslog. This is where i run into problems.

The syslog-ng.conf is in a sense "general", since a good filtering configuration on the server can be used for several machines. New machines can start logging remotely without changing the log server configuration.

The problem is that the newsyslog.conf requires configurations of the following type:

/var/log/pflog 600 3 250 * ZB /var/run/pflogd.pid

My log files reside in directories like these:

drwxrwx--- 2 root wheel 512 Sep 25 14:18 guardian
drwxrwx--- 2 root wheel 512 Sep 25 13:00 logger

where the directories are named after the hosts. The guardian directory looks like:

-rw-rw---- 1 root wheel   479 Sep 25 14:00 cron.log
-rw-rw---- 1 root wheel 3359 Sep 25 14:18 daemon.log
-rw-rw---- 1 root wheel   851 Sep 25 14:12 messages
-rw-rw---- 1 root wheel 1776 Sep 25 13:40 pflog.log
-rw-rw---- 1 root wheel   187 Sep 25 14:18 secure.log

How do you tell newsyslog that all files should be rotated without specifying the directorynames? Do you use a script of some kind or what? According to the documentation a filename must be entered on each row in the newsyslog.conf.

Thanks in advance
Tobias Persson