[syslog-ng]Syslog-ng log file rollover question
Xiaodong Lin
syslog-ng@lists.balabit.hu
Wed, 1 Dec 2004 13:55:54 -0700
This is a multi-part message in MIME format.
------_=_NextPart_001_01C4D7E8.6B575D30
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hi all,
=20
I am wondering whether anyone here knows how to config syslog-ng to
perform log file rollover. I was told that I can roll over a log file in
syslog-ng by configuring syslog-ng in a format which includes time
related macroes, such as $MONTH, $DAY, $HOUR, $MIN. For example
=20
destination snort { file("/var/snort/snort-$MONTH$DAY$HOUR$MIN"); };
=20
In this case, the log file should roll over to a new file every 1
minute. However, I found it doesn't work and syslog-ng keeps appending
its received syslog message into a log file, for example snort-08091208.
=20
Does anyone know how to do it or figure out what I have done wrong? Or
does syslog-ng support the log file rollover?
=20
Thanks!
=20
Xiaodong
------_=_NextPart_001_01C4D7E8.6B575D30
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1476" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D592494520-01122004>Hi=20
all,</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D592494520-01122004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D592494520-01122004>I am =
wondering=20
whether anyone here knows how to config syslog-ng to perform log file =
rollover.=20
I was told that I can roll over a log file in syslog-ng by =
configuring=20
syslog-ng in a format which includes time related macroes, such as =
$MONTH, $DAY,=20
$HOUR, $MIN. For example</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D592494520-01122004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D592494520-01122004>destination snort {=20
file("/var/snort/snort-$MONTH$DAY$HOUR$MIN"); };</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D592494520-01122004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D592494520-01122004>In =
this case,=20
the log file should roll over to a new file every 1 minute. =
However, I=20
found it doesn't work and syslog-ng keeps appending its received syslog =
message=20
into a log file, for example snort-08091208.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D592494520-01122004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D592494520-01122004>Does =
anyone know how=20
to do it or figure out what I have done wrong? Or does syslog-ng support =
the log=20
file rollover?</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D592494520-01122004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D592494520-01122004>Thanks!</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D592494520-01122004></SPAN></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D592494520-01122004>Xiaodong</DIV>
<DIV><BR><BR></DIV></SPAN></FONT></BODY></HTML>
------_=_NextPart_001_01C4D7E8.6B575D30--