On Fri, 22 Apr 2016, Muhammad Asif wrote:
Hi geeks,
We are facing a problem with modsec_audit.log. Let me discuss a scenario.
On start of a day modsecurity create a file with name modsec_audit.log.
Throughout the day it contain 1000 logs which is sent by rsyslog to remote
server.
The next day modsecurity rename the previous file as modsec_audit.log.1 and
create a new file modsec_audit.log. Now problem starts. Since fIlename is
same so rsyslog pointer is stand at 1001 line. But first 1000 logs of next
day do not process.
How we can handle this issue.
This is a normal situation and rsyslog should handle it just fine.
Rsyslog detects that the inode of the filehas changed and starts from the
beginning of the new file.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
