Actually rename the log and hup the apache server and it will make and start
using the new log

-----Original Message-----
From: Gontran [mailto:gontran@gontran.net]
Sent: Wednesday, September 19, 2001 9:03 AM
To: plug-discuss@lists.PLUG.phoenix.az.us
Subject: Re: reality check please...


* John (EBo) David (ebo@eagle.west.asu.edu) wrote:
> "John (EBo) David" wrote:
> > 
> > I was updating an HTTPD code red log filter to also automatically report
> > nimba and other attacks happening in my domain.  I just noticed a rather
> > disturbing pattern in the dates/names...
> 
> I think I figured it out.  If my guess is right, the HTTPD opens the
> error log once and caches the file/stream pointer.  When I rename the
> file the inode is not changed, just the file name in the directory.  So,
> the errors keep getting dumped in the error_log_DATE file and my filter
> has been checking against the new empty error_log file...
> 
> Does this sound like a reasonable scenerio to those HTTPD guru's out
> there?  If so, I know how to fix the problem, just have to rewrite the
> script...

OK, this one I know.  I believe you have to stop httpd, _then_ move the
file,
then fire it back up!

Gontran
________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post
to the list quickly and you use Netscape to write mail.

PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss