Hi
all,
I am wondering
whether anyone here knows how to config syslog-ng to perform log file rollover.
I was told that I can roll over a log file in syslog-ng by configuring
syslog-ng in a format which includes time related macroes, such as $MONTH, $DAY,
$HOUR, $MIN. For example
destination snort {
file("/var/snort/snort-$MONTH$DAY$HOUR$MIN"); };
In this case,
the log file should roll over to a new file every 1 minute. However, I
found it doesn't work and syslog-ng keeps appending its received syslog message
into a log file, for example snort-08091208.
Does anyone know how
to do it or figure out what I have done wrong? Or does syslog-ng support the log
file rollover?
Thanks!
Xiaodong