[syslog-ng]Syslog-ng log file rollover question

[Xiaodong Lin]

Thanks, Bazsi!

R_versions of the macros work.

Xiaodong =20

-----Original Message-----
From: syslog-ng-admin@lists.balabit.hu
[mailto:syslog-ng-admin@lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: Thursday, December 02, 2004 4:44 AM
To: syslog-ng@lists.balabit.hu
Subject: Re: [syslog-ng]Syslog-ng log file rollover question

On Wed, 2004-12-01 at 21:55, Xiaodong Lin wrote:
> Hi all,
> =20
> I am wondering whether anyone here knows how to config syslog-ng to=20
> perform log file rollover. I was told that I can roll over a log file=20
> in syslog-ng by configuring syslog-ng in a format which includes time=20
> related macroes, such as $MONTH, $DAY, $HOUR, $MIN. For example
> =20
> destination snort { file("/var/snort/snort-$MONTH$DAY$HOUR$MIN"); };
> =20
> In this case, the log file should roll over to a new file every 1=20
> minute. However, I found it doesn't work and syslog-ng keeps appending

> its received syslog message into a log file, for example=20
> snort-08091208.
> =20
> Does anyone know how to do it or figure out what I have done wrong? Or

> does syslog-ng support the log file rollover?

it should work, however the macros referenced above use the timestamp
found in the log message itself, thus if there is a timestamp with
invalid stamp you might see messages appearing in wrong files. You might
want to check out the S_ and R_ versions of the macros above. (one
refers to the timestamp of the message, the other the time the message
was received by syslog-ng)

--
Bazsi


_______________________________________________
syslog-ng maillist  -  syslog-ng@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html