mk_logwatch: Ensure that no events are lost during log rotations.

33 votes

Please add support for reading from rotating log files.

Log files are usually renamed or get a new name when certain criteria are met. Depending on the operating system and company, different naming conventions are used.

If this rotation takes place between two runs of logwatch, then the rest of the log file that was rotated away must also be examined to avoid the loss of critical events.

A simple and fast detection could be for example the MD5 sum of the first 500 bytes of the logfile. If the MD5 sum changes, the file was rotated and the old rotated file can be identified by the old MD5 sum.

Under consideration Checks&Agents Log monitoring / Event Console Suggested by: Lars Sörensen Upvoted: 12 Mar Comments: 1

Comments: 1