[syslog-ng]Not writing to new logfile after rotate and restart

Brian Thomas wolfie@boldfish.com
Tue, 19 Feb 2002 10:31:57 -0800 

Is your /data an NFS mounted partition, or is it a local partition exactly
like /var?

The only way you'll get old logfiles filling after a HUP is:

syslog-ng wasn't actually HUPped (Which is unlikely, since the new 
/var/adm/messages is being updated), or

The inode for 491 isn't being properly changed.

If your filesystem isn't a local filesystem it's possible the file move
is being handled oddly by NFS, or whatever filesystem it is. I've never
seen it before, but it could happen, I guess.

Have you tried touching the new 491 logfile before hupping syslog-ng?

Brian


On Mon, Feb 18, 2002 at 01:00:27PM +0100, Livens Wim wrote:
> 
> I have a rather straightforward syslog-ng.conf.  I write all messages from
> the local host to /var/adm/messages and things that come from the net to a
> separate (customer specific file) filtered on the source host.  All works
> well except that I can't rotate the customer specific logfiles.  I can
> rotate /var/adm/messages.  
> 
> doing:
> # mv /var/adm/messages /var/adm/messages.0 
> # kill -HUP `cat /etc/syslog-ng/syslog-ng.pid`
> 
> and new log are written to /var/adm/messages
> 
> BUT:
> # mv /data/customer-logs/491 /data/customer-logs/491.0
> # kill -HUP `cat /etc/syslog-ng/syslog-ng.pid`
> 
> and new messages are still written to data/customer-logs/491.0
> 
> I also tried stopping and starting syslog-ng and moving the file somewhere
> completly different.  
> It still magically remembers the old file.
> 
> Any idea ??
> 
> Relevant part of my config:
> 
> source local { sun-streams("/dev/log" door("/etc/.syslog_door"));
> internal(); };
> destination syslogfile { file("/var/adm/messages"); };
> log { source(local); destination(syslogfile); };
> 
> source net { udp(); };
> filter filter491 { host("12.34.56.78");};
> destination logfile491 { file("/data/customer-logs/log491" perm(0644)); };
> log { source(net); filter(filter491); destination(logfile491); };
> 
> (I'm using syslog-ng-1.4.14 on SunOS 5.8 sparc)
> 
> 
> Thanks,
> 
> -- 
> Wim Livens.
> IP Security Engineer.
> C o l t  B e l g i u m
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng