[syslog-ng] (U) [Non-DoD Source] Re: Rotate syslog-ng log files
Amin, Jitesh CTR DISA JSP (US)
jitesh.amin.ctr at mail.mil
Thu Jun 7 11:06:55 UTC 2018
CLASSIFICATION: UNCLASSIFIED
Hello,
So the file rotates now successfully – but what I have noticed is that after the file rotates it collects data for first few minute or so and then it stops collecting data (basically the file size never grows and timestamp never changes to the most latest when I check the file).
I do see that syslog process/service is running. If I restart the service/process, it starts collecting data until the file rotation happens.
Can you please let me know what would be causing this behavior?
Thanks
Jitesh Amin
CLASSIFICATION: UNCLASSIFIED
From: Amin, Jitesh CTR DISA JSP (US)
Sent: Tuesday, June 5, 2018 9:59 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: RE: (U) [syslog-ng] [Non-DoD Source] Re: Rotate syslog-ng log files
CLASSIFICATION: UNCLASSIFIED
OK skipping the {} made it work and I now see a syslog file with timestamp (year-month-day). Does this mean it should rotate to new log file name (tomorrows timestamp) at midnight tonight? OR I need to add syntax so it rolls everyday with new timestamp. Just wanted to confirm.
Thanks
Jitesh Amin
CLASSIFICATION: UNCLASSIFIED
From: syslog-ng <syslog-ng-bounces at lists.balabit.hu> On Behalf Of Scheidler, Balázs
Sent: Thursday, May 31, 2018 5:48 AM
To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] (U) [Non-DoD Source] Re: Rotate syslog-ng log files
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
_____
I mean syslog-ng 1.6.8
On May 30, 2018 22:54, "Balazs Scheidler" <bazsi77 at gmail.com < Caution-mailto:bazsi77 at gmail.com > > wrote:
syslog-ng does have template support, it just doesnt support braces, which came later.
Just write $YEAR instead of ${YEAR}
On May 30, 2018 09:41, "Gergely Nagy" <algernon at balabit.com < Caution-mailto:algernon at balabit.com > > wrote:
>>>>> "Amin" == Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr at mail.mil < Caution-mailto:jitesh.amin.ctr at mail.mil > > writes:
Amin> Let me ask this, with the following config = destination
Amin> syslog { file("/var/log/syslog-${YEAR}-${MONTH}-${DAY}.log");
Amin> };
Amin> It created new file and started writing to it (versus creating
Amin> new syslog.log). Question, if we plan to accept this for now,
Amin> with above config, would it create a new file ever day with
Amin> following file names or no it would not work with v1.6.8
With syslog-ng 1.6.8, it would not create a new file every day, and
would continue writing to syslog-{YEAR}-{MONTH}-{DAY}.log. With newer
versions, it would create files like `syslog-2018-05-30.log`. No `.0`,
`.1` or the like would be appended. That's a convention of logrotate.
With syslog-ng, you get filenames that match the template, they will
have nothing appended or prepended that is not in the filename template.
--
|8]
______________________________________________________________________________
Member info: Caution-https://lists.balabit.hu/mailman/listinfo/syslog-ng < Caution-https://lists.balabit.hu/mailman/listinfo/syslog-ng >
Documentation: Caution-http://www.balabit.com/support/documentation/?product=syslog-ng < Caution-http://www.balabit.com/support/documentation/?product=syslog-ng >
FAQ: Caution-http://www.balabit.com/wiki/syslog-ng-faq < Caution-http://www.balabit.com/wiki/syslog-ng-faq >
______________________________________________________________________________
Member info: Caution-https://lists.balabit.hu/mailman/listinfo/syslog-ng < Caution-https://lists.balabit.hu/mailman/listinfo/syslog-ng >
Documentation: Caution-http://www.balabit.com/support/documentation/?product=syslog-ng < Caution-http://www.balabit.com/support/documentation/?product=syslog-ng >
FAQ: Caution-http://www.balabit.com/wiki/syslog-ng-faq < Caution-http://www.balabit.com/wiki/syslog-ng-faq >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180607/c7593f6a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6560 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180607/c7593f6a/attachment.bin>
More information about the syslog-ng
mailing list