I have a process that creates a logfile named "/var/log/foo-YYYYMMDD-HHMMSS.log" at startup. To simplify things I create a soft-link to the latest file named "/var/log/foo.log".
Whenever the process is restarted it deletes the soft-link (since it is pointing to a file that is no longer current). I have the following "check file" setup to re-create that soft-link and start monitoring the file. Only problem is it still generates a "file doesn't exist" event after 3 cycles before creating the soft-link and a "file exists" event.
check file foo.log with path /var/log/foo.log
if not exist for 3 cycles then exec "/bin/bash -c 'ln -s `ls -t /var/log/foo-*.*.log|head -n1` /var/log/foo.log'"
if content != "\[INFO\]" then alert
group foo
Any ideas on how to prevent the initial "file doesn't exist" event?
(just to eliminate one of obvious solutions. the soft link cannot be created from the startup script in between unmonitor/monitor commands to foo.log as I don't control the app startup. the foo.log entry stays monitored 24x7 as the soft-link is not deleted at app shutdown which keeps things simple)
Marc