Hello, If the sed script was copied without first reviewing the actual format of Syslog messages, then yes this would happen. The sed scripts were examples of how to write the sed script, the actual regex for the date "November 15th" are completely different in the actual log file. Syslog messages use the time format "Dec 3 04:29:20" at the beginning of each line. This means that you would use a date format like the above. Likely the regex you would want to use is something more like "15 +Nov". This implies "15", then 1 or more white spaces, and then "Nov". In the future it is always good practice to test any procedure you get from a mailing list. In this case, looking at the Syslog message format should have obviously shown that the example originally submitted would not work. Basically what happened was that the sed script started at "." (match any character) and until "15 Nov" and deleted everything in between. Since "15 Nov" never appeared in the log file, everything was deleted. Since this is not a discussion for the Syslog-NG mailing list and more of a regular System Administration problem, if you'd like to discuss this further let's take this off this mailing list. Feel free to email me at djsykz@hotmail.com. Regards, Justin. -----Original Message----- From: Vadim Pushkin [mailto:wiskbroom@hotmail.com] Sent: Wednesday, December 06, 2006 1:42 PM To: syslog-ng@lists.balabit.hu Subject: RE: [syslog-ng] logrotate again... Well, this did not work, but it was sucessful at wiping out the entire contents of the file altogether :-( Regards, .vp

From: "Justin Randall" <jrandall@comwave.net>

Slight correction on the command syntax:

...

find /var/log -type f -exec sed -if <sed script filename> {} \;

Should be

find /var/log -type f -exec sed -f <sed script filename> --in-place {} \;

Cheers.

-----Original Message----- From: Justin Randall Sent: Wednesday, December 06, 2006 11:21 AM To: 'Syslog-ng users' and developers' mailing list' Subject: RE: [syslog-ng] logrotate again...

...

find /var/log -type f -exec sed -i '/15 Nov/d' {} \; should work - is untested, though :)

If I'm not mistaken this will only remove lines containing '15 Nov'. If you want something that will eliminate all logs prior to that date you could write a sed script like the following:

= begin sed script = /./,/15 Nov/{ d } = end sed script =

If you had another date range in mind you could also do the following:

= begin sed script = /13 Nov/,/15 Nov/{ d } = end sed script =

Once you have your sed script simply invoke it similar to the above method:

find /var/log -type f -exec sed -if <sed script filename> {} \;

Hope this helps,

Justin.

-----Original Message----- From: Andrej Ricnik-Bay [mailto:andrej.groups@gmail.com] Sent: Tuesday, December 05, 2006 3:44 PM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] logrotate again...

On 12/6/06, Vadim Pushkin <wiskbroom@hotmail.com> wrote:

...

2. The other issue that I am having is that I wish to rotate now, my filesystem is fill, but since I did not rotate, all of my logfiles are one. How can I prune them of any data prior to say 15 Nov for *each* logfile? find /var/log -type f -exec sed -i '/15 Nov/d' {} \; should work - is untested, though :)

...

Thank you again,

.vp Cheers

_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html