Hi,
I hope someone can help me out.
Recently, I use kiwi syslog to write all received syslog lines from our network to a rotation file (20 files of 100 MB). The top file (syslog.log) is read every minute by an application that will sent an event/incident to our ticket system if there is a syslog line that complies to the policy that I've written. Now this application sometimes mentions that it cannot read the syslog file. When I investigate, I can see that there are multiple entries in kiwi's errorlog.txt file stating: "LogToFile Action - File Rotation Error: Permission denied". I've seen this error before and at that moment this error was created because the application that reads the kiwi syslog file didn't close its file handle after reading the file. I've adjusted this so the application does close it file handle after reading the file every minute (from last known position).
However, today is saw the error message again in my (syslog-reading) application. When I read the errorlog.txt file I again saw the message "LogToFile Action - File Rotation Error: Permission denied". But when I opened the directory where kiwi syslog writes is rotating syslog files, I was amazed: a lot of files were missing! I only saw the current syslog file (syslog.log), two consecutive files (syslog.001 and syslog.002) and.... syslog.019! All files in between were gone! The rotation of files in Kiwi should only result in the last syslog file to be removed.
I've reduced the size and amount of the syslog rotation files, so I could observe what happens (4 files of 50 MB). And there was no problem when I looked while the files were rotating. I guess the problem only occurs when Kiwi wants to rotate the files while my application is reading them at the moment (open file handle again).
Maybe there is a way to increase the time that the kiwi server tries to rotate the files, so that it is still trying after the file handle of my apllication closes?