[syslog-ng] logrotate again...
Justin Randall
jrandall at comwave.net
Thu Dec 7 00:19:35 CET 2006
Hello,
If the sed script was copied without first reviewing the actual format
of Syslog messages, then yes this would happen. The sed scripts were
examples of how to write the sed script, the actual regex for the date
"November 15th" are completely different in the actual log file.
Syslog messages use the time format "Dec 3 04:29:20" at the beginning
of each line. This means that you would use a date format like the
above.
Likely the regex you would want to use is something more like "15 +Nov".
This implies "15", then 1 or more white spaces, and then "Nov".
In the future it is always good practice to test any procedure you get
from a mailing list. In this case, looking at the Syslog message format
should have obviously shown that the example originally submitted would
not work. Basically what happened was that the sed script started at
"." (match any character) and until "15 Nov" and deleted everything in
between. Since "15 Nov" never appeared in the log file, everything was
deleted.
Since this is not a discussion for the Syslog-NG mailing list and more
of a regular System Administration problem, if you'd like to discuss
this further let's take this off this mailing list. Feel free to email
me at djsykz at hotmail.com.
Regards,
Justin.
-----Original Message-----
From: Vadim Pushkin [mailto:wiskbroom at hotmail.com]
Sent: Wednesday, December 06, 2006 1:42 PM
To: syslog-ng at lists.balabit.hu
Subject: RE: [syslog-ng] logrotate again...
Well, this did not work, but it was sucessful at wiping out the entire
contents of the file altogether :-(
Regards,
.vp
>From: "Justin Randall" <jrandall at comwave.net>
>Slight correction on the command syntax:
>
> > find /var/log -type f -exec sed -if <sed script filename> {} \;
>
>Should be
>
>find /var/log -type f -exec sed -f <sed script filename> --in-place {}
>\;
>
>Cheers.
>
>-----Original Message-----
>From: Justin Randall
>Sent: Wednesday, December 06, 2006 11:21 AM
>To: 'Syslog-ng users' and developers' mailing list'
>Subject: RE: [syslog-ng] logrotate again...
>
> >find /var/log -type f -exec sed -i '/15 Nov/d' {} \; should work -
is
>untested, though :)
>
>If I'm not mistaken this will only remove lines containing '15 Nov'.
If
>you want something that will eliminate all logs prior to that date you
>could write a sed script like the following:
>
>= begin sed script =
>/./,/15 Nov/{
>d
>}
>= end sed script =
>
>If you had another date range in mind you could also do the following:
>
>= begin sed script =
>/13 Nov/,/15 Nov/{
>d
>}
>= end sed script =
>
>Once you have your sed script simply invoke it similar to the above
>method:
>
>find /var/log -type f -exec sed -if <sed script filename> {} \;
>
>Hope this helps,
>
>Justin.
>
>-----Original Message-----
>From: Andrej Ricnik-Bay [mailto:andrej.groups at gmail.com]
>Sent: Tuesday, December 05, 2006 3:44 PM
>To: Syslog-ng users' and developers' mailing list
>Subject: Re: [syslog-ng] logrotate again...
>
>On 12/6/06, Vadim Pushkin <wiskbroom at hotmail.com> wrote:
>
> > 2. The other issue that I am having is that I wish to rotate now, my
> > filesystem is fill, but since I did not rotate, all of my logfiles
are
>one.
> > How can I prune them of any data prior to say 15 Nov for *each*
>logfile?
>find /var/log -type f -exec sed -i '/15 Nov/d' {} \;
>should work - is untested, though :)
>
>
> > Thank you again,
> >
> > .vp
>Cheers
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list