[syslog-ng]logs getting stomped on

Michael Rogan mrogan@rim.net
Sun, 26 Jan 2003 23:47:24 -0500 

Brian,

This happened to me when I had the files on a filesystem that had a 2GB =
file size limit and I hit the 2GB limit.=20

Michael

--------------------------
Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net)


-----Original Message-----
From: Brian Landers <packetslave@sapient.com>
To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu>
Sent: Sun Jan 26 22:56:47 2003
Subject: [syslog-ng]logs getting stomped on

I have 3 remote servers, logging to a central syslog-ng server
over a reverse SSH tunnel, i.e the central server SSH's to the
remote hosts, then opens a tunnel back.  All servers are running
1.5.25 on Solaris 8.  My problem is this, every night around 10
or 10:30pm, the log file gets overwritten, meaning it suddenly
goes from starting at 00:00:01 to starting at 22:28:05 or whatever,
and all the log entries prior to that are lost.

There are no log rotation or other processes that would be=20
causing this that I can find, syslog-ng appears to just=20
mysteriously decide to start over at the begnning.

Help!  Relevant configs are below.

--- central server ---
options {
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (no);
          keep_hostname (yes);
          use_time_recvd(yes);
};

source net   { udp(); tcp( keep-alive(yes) ); };

destination inboundlog  {
  file("/system/inbound_mail/logs/$YEAR-$MONTH-$DAY.log");
};

log { source(net); destination(inboundlog); };

--- remote server ---
options {
          time_reopen (10);
          log_fifo_size (1000);
          long_hostnames (off);
          use_dns (no);
          use_fqdn (no);
          create_dirs (no);
          keep_hostname (yes);
};

destination loghost  { tcp( "127.0.0.1" port(51400) ); };

log {
  source(local);
  destination(loghost);
};



--=20
Brian Landers                     |  packetslave@sapient.com
Network System Exorcist           |  vox://404/439.4117
Sapient Information Technology    |  aim://Bluecoat93
CCNA, SCSA, EIEIO                 |  yim://brian_landers

"I know," said Harry. "We can all hang out. Go to the beach.=20
Watch Malfoy not get tan."=20

_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html