reality check please...
John (EBo) David
plug-discuss@lists.PLUG.phoenix.az.us
Wed, 19 Sep 2001 08:41:09 -0700
"John (EBo) David" wrote:
>
> I was updating an HTTPD code red log filter to also automatically report
> nimba and other attacks happening in my domain. I just noticed a rather
> disturbing pattern in the dates/names...
I think I figured it out. If my guess is right, the HTTPD opens the
error log once and caches the file/stream pointer. When I rename the
file the inode is not changed, just the file name in the directory. So,
the errors keep getting dumped in the error_log_DATE file and my filter
has been checking against the new empty error_log file...
Does this sound like a reasonable scenerio to those HTTPD guru's out
there? If so, I know how to fix the problem, just have to rewrite the
script...
EBo --