"John (EBo) David" wrote:
> 
> I was updating an HTTPD code red log filter to also automatically report
> nimba and other attacks happening in my domain.  I just noticed a rather
> disturbing pattern in the dates/names...

I think I figured it out.  If my guess is right, the HTTPD opens the
error log once and caches the file/stream pointer.  When I rename the
file the inode is not changed, just the file name in the directory.  So,
the errors keep getting dumped in the error_log_DATE file and my filter
has been checking against the new empty error_log file...

Does this sound like a reasonable scenerio to those HTTPD guru's out
there?  If so, I know how to fix the problem, just have to rewrite the
script...

  EBo --