[syslog-ng] (U) [Non-DoD Source] Re: Rotate syslog-ng log files

Scheidler, Balázs balazs.scheidler at balabit.com
Thu Jun 7 12:02:49 UTC 2018 

Hi,

Honestly I don't know, it seems like a bug. Even the 1.6 branch had
bugfixes up until 1.6.11, but it's been more than a decade ago. :) Any
chance of this being upgrade to a newer version? I am sure Balabit can also
offer services, but I am not trying to be pushy.

-- 
Bazsi

On Thu, Jun 7, 2018 at 1:06 PM, Amin, Jitesh CTR DISA JSP (US) <
jitesh.amin.ctr at mail.mil> wrote:

> CLASSIFICATION: UNCLASSIFIED
>
> Hello,
>
> So the file rotates now successfully – but what I have noticed is that
> after the file rotates it collects data for first few minute or so and then
> it stops collecting data (basically the file size never grows and timestamp
> never changes to the most latest when I check the file).
>
>
>
> I do see that syslog process/service is running. If I restart the
> service/process, it starts collecting data until the file rotation happens.
>
>
>
> Can you please let me know what would be causing this behavior?
>
>
>
> Thanks
>
> Jitesh Amin
>
> CLASSIFICATION: UNCLASSIFIED
>
>
>
> *From:* Amin, Jitesh CTR DISA JSP (US)
> *Sent:* Tuesday, June 5, 2018 9:59 AM
> *To:* Syslog-ng users' and developers' mailing list <
> syslog-ng at lists.balabit.hu>
> *Subject:* RE: (U) [syslog-ng] [Non-DoD Source] Re: Rotate syslog-ng log
> files
>
>
>
> CLASSIFICATION: UNCLASSIFIED
>
> OK skipping the {} made it work and I now see a syslog file with timestamp
> (year-month-day). Does this mean it should rotate to new log file name
> (tomorrows timestamp) at midnight tonight? OR I need to add syntax so it
> rolls everyday with new timestamp. Just wanted to confirm.
>
>
>
> Thanks
>
> Jitesh Amin
>
> CLASSIFICATION: UNCLASSIFIED
>
>
>
> *From:* syslog-ng <syslog-ng-bounces at lists.balabit.hu> *On Behalf Of *Scheidler,
> Balázs
> *Sent:* Thursday, May 31, 2018 5:48 AM
> *To:* Syslog-ng users' and developers' mailing list <
> syslog-ng at lists.balabit.hu>
> *Subject:* Re: [syslog-ng] (U) [Non-DoD Source] Re: Rotate syslog-ng log
> files
>
>
>
> All active links contained in this email were disabled. Please verify the
> identity of the sender, and confirm the authenticity of all links contained
> within the message prior to copying and pasting the address to a Web
> browser.
> ------------------------------
>
>
>
> I mean syslog-ng 1.6.8
>
>
>
> On May 30, 2018 22:54, "Balazs Scheidler" <bazsi77 at gmail.com < Caution-
> mailto:bazsi77 at gmail.com > > wrote:
>
> syslog-ng does have template support, it just doesnt support braces, which
> came later.
>
>
>
> Just write $YEAR instead of ${YEAR}
>
>
>
> On May 30, 2018 09:41, "Gergely Nagy" <algernon at balabit.com <
> Caution-mailto:algernon at balabit.com > > wrote:
>
> >>>>> "Amin" == Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr at mail.mil
>  < Caution-mailto:jitesh.amin.ctr at mail.mil > > writes:
>
>     Amin> Let me ask this, with the following config = destination
>     Amin> syslog { file("/var/log/syslog-${YEAR}-${MONTH}-${DAY}.log");
>     Amin> };
>
>     Amin> It created new file and started writing to it (versus creating
>     Amin> new syslog.log). Question, if we plan to accept this for now,
>     Amin> with above config, would it create a new file ever day with
>     Amin> following file names or no it would not work with v1.6.8
>
> With syslog-ng 1.6.8, it would not create a new file every day, and
> would continue writing to syslog-{YEAR}-{MONTH}-{DAY}.log. With newer
> versions, it would create files like `syslog-2018-05-30.log`. No `.0`,
> `.1` or the like would be appended. That's a convention of logrotate.
> With syslog-ng, you get filenames that match the template, they will
> have nothing appended or prepended that is not in the filename template.
>
> --
> |8]
> ____________________________________________________________
> __________________
> Member info: Caution-https://lists.balabit.hu/mailman/listinfo/syslog-ng
> < Caution-https://lists.balabit.hu/mailman/listinfo/syslog-ng >
> Documentation: Caution-http://www.balabit.com/support/documentation/?
> product=syslog-ng < Caution-http://www.balabit.com/support/
> documentation/?product=syslog-ng >
> FAQ: Caution-http://www.balabit.com/wiki/syslog-ng-faq < Caution-
> http://www.balabit.com/wiki/syslog-ng-faq >
>
>
> ____________________________________________________________
> __________________
> Member info: Caution-https://lists.balabit.hu/mailman/listinfo/syslog-ng
> < Caution-https://lists.balabit.hu/mailman/listinfo/syslog-ng >
> Documentation: Caution-http://www.balabit.com/support/documentation/?
> product=syslog-ng < Caution-http://www.balabit.com/support/
> documentation/?product=syslog-ng >
> FAQ: Caution-http://www.balabit.com/wiki/syslog-ng-faq < Caution-
> http://www.balabit.com/wiki/syslog-ng-faq >
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180607/64241d27/attachment.html>

More information about the syslog-ng mailing list