-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Are you rotating via logrotate ? .. I had some problems that logrotate
failed to "touch" the new file after moving the old.
Reason was that logrotat normaly needs exec avability in /tmp which is
disallowed on all our servers in order to prevent some "script kiddy"
attacks.
Solution was also simple. Logrotate uses the TMPDIR variable if set.
Maybe this helps
Torty
comsatcat wrote:
| Hello,
|
| I have 30 or so machines all displaying the same thing. When I kill
| -HUP (/etc/init.d/syslog-ng reload), syslog-ng will not re-open the log
| file. Thus when a log file is rotated, logging stops. All 30 machines
| are logging locally to disk and to a centralized server via tcp. Has
| anyone seen this or have an idea on how to fix this? Note that syslog
| is chrooted as root to /var/log with the -C flag. I'm assuming the
| problem is with my config.
|
| Here are the clients syslog-ng.conf:
|
| options {
| time_reopen(10);
| time_reap(360);
| use_dns(no);
| use_fqdn(yes);
| keep_hostname(yes);
| sync(0);
| long_hostnames(on);
| log_fifo_size(300);
| };
| source src { unix-stream("/dev/log"); internal(); pipe("/proc/kmsg"); };
|
| destination remote {tcp("127.0.0.1" port(514));};
| destination console { usertty("root"); };
| destination console_log { file("/console"); };
| destination local { file("/$FACILITY"); };
|
| filter f_emergency { level(emerg); };
|
| log { source(src); destination(remote); };
| log { source(src); destination(local); };
| log { source(src); filter(f_emergency); destination(console); };
| log { source(src); filter(f_emergency); destination(console_log); };
|
|
| Thanks,
| Ben
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
iD8DBQFCHu5jtffKVecqxQQRAoGDAKCo+UQXBTVX4EG/EL1unU8XWtQN5wCgiXUF
nql1DCEK6c3qiaIf5JRKbdo=
=eK+W
-----END PGP SIGNATURE-----
