[syslog-ng]logs getting stomped on
Brian Landers
packetslave@sapient.com
Sun, 26 Jan 2003 22:56:47 -0500
I have 3 remote servers, logging to a central syslog-ng server
over a reverse SSH tunnel, i.e the central server SSH's to the
remote hosts, then opens a tunnel back. All servers are running
1.5.25 on Solaris 8. My problem is this, every night around 10
or 10:30pm, the log file gets overwritten, meaning it suddenly
goes from starting at 00:00:01 to starting at 22:28:05 or whatever,
and all the log entries prior to that are lost.
There are no log rotation or other processes that would be=20
causing this that I can find, syslog-ng appears to just=20
mysteriously decide to start over at the begnning.
Help! Relevant configs are below.
--- central server ---
options {
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
use_time_recvd(yes);
};
source net { udp(); tcp( keep-alive(yes) ); };
destination inboundlog {
file("/system/inbound_mail/logs/$YEAR-$MONTH-$DAY.log");
};
log { source(net); destination(inboundlog); };
--- remote server ---
options {
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (yes);
};
destination loghost { tcp( "127.0.0.1" port(51400) ); };
log {
source(local);
destination(loghost);
};
--=20
Brian Landers | packetslave@sapient.com
Network System Exorcist | vox://404/439.4117
Sapient Information Technology | aim://Bluecoat93
CCNA, SCSA, EIEIO | yim://brian_landers
"I know," said Harry. "We can all hang out. Go to the beach.=20
Watch Malfoy not get tan."=20