* John (EBo) David (
ebo@eagle.west.asu.edu) wrote:
> "John (EBo) David" wrote:
> >
> > I was updating an HTTPD code red log filter to also automatically report
> > nimba and other attacks happening in my domain. I just noticed a rather
> > disturbing pattern in the dates/names...
>
> I think I figured it out. If my guess is right, the HTTPD opens the
> error log once and caches the file/stream pointer. When I rename the
> file the inode is not changed, just the file name in the directory. So,
> the errors keep getting dumped in the error_log_DATE file and my filter
> has been checking against the new empty error_log file...
>
> Does this sound like a reasonable scenerio to those HTTPD guru's out
> there? If so, I know how to fix the problem, just have to rewrite the
> script...
OK, this one I know. I believe you have to stop httpd, _then_ move the file,
then fire it back up!
Gontran