I haven't seen this one before. Running syslog-ng 1.5.13 on Solaris 8 64bit. It only handles logs locally for that one machine (config below). The problem: when the logfiles rolled over to May, I ended up with two logfiles for May 1: a "maillog-05-01-2001" and "maillog-05-01-2002". I know the file isn't simply leftover from last year, because this box didn't exist last year. :) Oddly enough, it seems that the 2001 file was used for May 1 up until 3:59am, and at 4:00am the 2002 file picks up where it left off. The machine has no crontabs that run at 4am (or 3am for that matter). No one logged in and did anything. Any ideas at all? Thanks in advance... syslog-ng.conf: --------------- options { long_hostnames(off); keep_hostname(yes); use_dns(no); }; source src { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); }; destination mail { file("/var/log/maillog-$MONTH-$DAY-$YEAR" create_dirs(yes)); }; destination others { file("/var/log/messages-$YEAR-$MONTH" create_dirs(yes)); }; filter mail { program("postfix") or program("amavis") or program("amavisd"); }; filter others { not program("postfix"); }; log { source(src); filter(mail); destination(mail); }; log { source(src); filter(others); destination(others);};
On Thu, May 02, 2002 at 09:15:00PM -0400, William Yodlowsky wrote:
I haven't seen this one before.
Running syslog-ng 1.5.13 on Solaris 8 64bit. It only handles logs locally for that one machine (config below).
The problem: when the logfiles rolled over to May, I ended up with two logfiles for May 1: a "maillog-05-01-2001" and "maillog-05-01-2002".
I know the file isn't simply leftover from last year, because this box didn't exist last year. :)
Oddly enough, it seems that the 2001 file was used for May 1 up until 3:59am, and at 4:00am the 2002 file picks up where it left off. The machine has no crontabs that run at 4am (or 3am for that matter). No one logged in and did anything. Any ideas at all?
My central loghost is linux, and doesn't have logs going back May 01, 2001, yet I have some directories created for that date. In each directory is an empty logfile. syslog-ng created the files, as if to write to them on may 1st, but never did. There's definitely something going on here. At least mine never actually logged under the wrong date, just got ready to ;) I archive by host also: destination hosts { file("/var/log/HOSTS/$HOST/$FACILITY/$YEAR/$MONTH/$DAY/$FACILITY$YEA R$MONTH$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; -- "Includes Adobe PageMaker. Now you can create layouts that look like you paid a professional!" No, now you can create layouts that look like you used a tool that a professional might have used, had you had the sense to pay one.
On 2 May 2002 at 21:15, William Yodlowsky <wyodlows@andromeda.rutgers.edu> wrote:
Running syslog-ng 1.5.13 on Solaris 8 64bit. It only handles logs locally for that one machine (config below).
The problem: when the logfiles rolled over to May, I ended up with two logfiles for May 1: a "maillog-05-01-2001" and "maillog-05-01-2002".
I know the file isn't simply leftover from last year, because this box didn't exist last year. :)
Oddly enough, it seems that the 2001 file was used for May 1 up until 3:59am, and at 4:00am the 2002 file picks up where it left off. The machine has no crontabs that run at 4am (or 3am for that matter). No one logged in and did anything. Any ideas at all?
Okay, I had forgotten to add the timezone stuff in the chroot jail, so that was what skewed it from the system clock (because I'm 4 hours off from GMT). Sorry about that. [snip config] -- Key fingerprint = AB4B 584D B0FF D770 2B70 10B5 5708 E111 9A52 9B97
participants (2)
-
Nate Campi
-
William Yodlowsky