1

Sometimes syslog-ng will change from logging to the file messages to filename with timestamp appended like this messages.yyyymmddhhmm. Of course this then breaks anything I have that is reviewing incoming logs in messages.

This on Ubuntu 10.04.3 LTS and syslog-ng 3.1.2-1~lucid1. Had same issue on syslog-ng 2.0.9-4.2.

mdpc
  • 11,856
  • 28
  • 53
  • 67
Adam
  • 581
  • 3
  • 8
  • I've never used syslog-ng before so I can't give specific ideas, but hopefully I can throw a few out there for you. Try `lsof` and see what process is actually writing to the new file. You could probably then explore that process/daemon further and find out why it's changing the name. Look through conf files and try and find anything that would make it use that naming convention. You could even try and grep the /etc folder for "+%Y%m%d%H%M" and see if that finds anything. – Safado Nov 09 '11 at 20:45
  • Update: Tracked down my problem to a third party program that was trying to manage the log file instead of just letting the system handle it. – Adam Nov 10 '11 at 04:19

1 Answers1

1

That sounds like more of a logrotate issue. Take a look at /etc/logrotate.d and see if there's any configuration that would cause that.

If syslog-ng is still appending to the rotated file, then the logrotate configuration for that particular log needs something to tell syslog-ng to start writing to the new file, something like:

   postrotate
      /usr/sbin/invoke-rc.d syslog-ng reload >/dev/null
   endscript

in the configuration of the relevant log file rotation.

cjc
  • 24,916
  • 3
  • 51
  • 70
  • 1
    that was my first thought as well but it happens before logrotate runs. Last night it occur at around 5am logrotate runs around 6:30am. – Adam Nov 09 '11 at 15:16