I've started using snoopy on some of the systems I monitor and I think it's a great program, thanks very much for supporting it.
I do have one problem though. When I rotate my /var/log/secure file (that's the one snoopy logs to), snoopy continues to log to that same particular file, even if it's renamed. For example, lets say I only have one secure file, and I rotate it. That original log file will be renamed to secure.1 Snoopy, instead of now logging to the new clean secure file, continues writing to secure.1. Is there a way to fix this behavior? I feel as though I'm missing something fairly blatant here.
It appears that logrotate is following the file even through a file rename. I am assuming you are using standard logrotate settings so /var/log/secure becomes /log/var/secure.1, /log/var/secure.2, and so on. There is a work around in logrotate which is to copy then truncate the log file, however you can loose log message with this operation so it is not recommended. More over I am not sure if this is a bug with snoopy but rather your syslog daemon as that is the actual program that should be accepting snoopy messages and then placing them in the appropriate log file based upon settings in syslog.conf
You can find log rotate copy truncate details here:
Snoopy does not use any (log)files directly. It is your syslog daemon that takes care of writing-to-file part.
Ok, thanks for the clarification. I'll take a look at my syslog daemon.