I have been using that for several years...
Can be adapted to other things, not just syslog.
Never looses any information, as the current logfile is never truncuated
while there is still a daemon writing to it. And keeps the old file for
archival with a name that indicates it's creation.
cheers
afx
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Log directory
LogDir=/var/log
# The syslog file to be monitored:
SYSLOG=$LogDir/debug
function OldLog {
f=$1
# file name with current date
df=$f.$(date +"%Y%m%d.%H%M")
# get rid of logfile. We still have the version with the date.
rm -f $f
# create new logfile
touch $f
# alias new file with filename.date
ln $f $df
}
# Let's keep the old file so that we can analyze it
ln -f $SYSLOG $SYSLOG.scan
OldLog $SYSLOG
# tell syslog about the new file
kill -HUP $(cat /var/run/syslogd.pid)
analyze $SYSLOG.scan
# find the old file with the old date appended
# and move it to the Archive
OLD=$(find $LogDir -inum $(ls -i $SYSLOG.scan|awk '{print $1}')|
egrep "$SYSLOG\.[0-9]*\.[0-9]*" )
mv $OLD $Archive
# remove unused name
rm $SYSLOG.scan
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
--
atsec information security GmbH Phone: +49-89-44249830
Steinstrasse 68 Fax: +49-89-44249831
D-81667 Muenchen, Germany WWW: www.atsec.com
May the Source be with you!
---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 06:26:09 PDT