[syslog-ng]Central log server rotate problem

Tobias syslog-ng@lists.balabit.hu
Thu, 25 Sep 2003 14:31:52 +0200 

This is a multi-part message in MIME format.

------=_NextPart_000_0009_01C38371.C3309530
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I'm trying to set up a central logserver with syslog-ng, and so far that =
is working great. Next thing to do is to rotate the log-files using =
newsyslog. This is where i run into problems.
The syslog-ng.conf is in a sense "general", since a good filtering =
configuration on the server can be used for several machines. New =
machines can start logging remotely without changing the log server =
configuration.=20

The problem is that the newsyslog.conf requires configurations of the =
following type:
/var/log/pflog                          600  3    250  *     ZB =
/var/run/pflogd.pid

My log files reside in directories like these:

drwxrwx---  2 root  wheel  512 Sep 25 14:18 guardian
drwxrwx---  2 root  wheel  512 Sep 25 13:00 logger

where the directories are named after the hosts. The guardian directory =
looks like:

-rw-rw----  1 root  wheel   479 Sep 25 14:00 cron.log
-rw-rw----  1 root  wheel  3359 Sep 25 14:18 daemon.log
-rw-rw----  1 root  wheel   851 Sep 25 14:12 messages
-rw-rw----  1 root  wheel  1776 Sep 25 13:40 pflog.log
-rw-rw----  1 root  wheel   187 Sep 25 14:18 secure.log

How do you tell newsyslog that all files should be rotated without =
specifying the directorynames? Do you use a script of some kind or what? =
 According to the documentation a filename must be entered on each row =
in the newsyslog.conf.

Thanks in advance
Tobias Persson
------=_NextPart_000_0009_01C38371.C3309530
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I'm trying to set up a central =
logserver with=20
syslog-ng, and so far that is working great. Next thing to do is to =
rotate the=20
log-files using newsyslog. This is&nbsp;where i run into =
problems.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>The syslog-ng.conf is in a =
sense&nbsp;"general",=20
since a good filtering&nbsp;configuration on the server can be used for =
several=20
machines. New machines can start logging remotely without changing the =
log=20
server configuration. </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>The problem is that the newsyslog.conf =
requires=20
configurations of the following type:</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2>/var/log/pflog&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;=20
600&nbsp; 3&nbsp;&nbsp;&nbsp; 250&nbsp; *&nbsp;&nbsp;&nbsp;&nbsp; ZB=20
/var/run/pflogd.pid</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>My log files reside in directories like =

these:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>drwxrwx---&nbsp; 2 root&nbsp; =
wheel&nbsp; 512 Sep=20
25 14:18 guardian<BR>drwxrwx---&nbsp; 2 root&nbsp; wheel&nbsp; 512 Sep =
25 13:00=20
logger<BR></DIV></FONT>
<DIV><FONT face=3DArial size=3D2>where the directories are named after =
the=20
hosts.&nbsp;The guardian&nbsp;directory looks like:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;</DIV></FONT>
<DIV><FONT face=3DArial size=3D2>-rw-rw----&nbsp; 1 root&nbsp; =
wheel&nbsp;&nbsp; 479=20
Sep 25 14:00 cron.log<BR>-rw-rw----&nbsp; 1 root&nbsp; wheel&nbsp; 3359 =
Sep 25=20
14:18 daemon.log<BR>-rw-rw----&nbsp; 1 root&nbsp; wheel&nbsp;&nbsp; 851 =
Sep 25=20
14:12 messages<BR>-rw-rw----&nbsp; 1 root&nbsp; wheel&nbsp; 1776 Sep 25 =
13:40=20
pflog.log<BR>-rw-rw----&nbsp; 1 root&nbsp; wheel&nbsp;&nbsp; 187 Sep 25 =
14:18=20
secure.log<BR></FONT><FONT face=3DArial size=3D2></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>How do you tell newsyslog that all =
files should be=20
rotated&nbsp;without specifying the directorynames?&nbsp;Do you use a =
script of=20
some kind or what?&nbsp; According to the documentation a&nbsp;filename =
must be=20
entered on each row in the newsyslog.conf.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
size=3D3>Thanks in=20
advance<BR>Tobias Persson</FONT></DIV></FONT></BODY></HTML>

------=_NextPart_000_0009_01C38371.C3309530--