[cobalt-users] RaQ: Trouble Resetting and Purging Log Data

[Justin Hankins <hankins@xxxxxxxxxxxxxx>]

Hello there,

I'm having problems with erroneous data in my server logs (on my RaQ 
running Cobalt OS v 6.0). I've tried resetting them, but cannot get the 
data to completely purge. I've searched through the RaQ Knowledgebase 
and this list's archive, and can't seem to find a solution. :\

In April, we had some problems that forced us to back up our data, 
reinstall the OS, and then restore the original data. One thing we 
forgot to do was set the server time appropriately: instead of April 
2004, the server was set to August 2004! It took us a few days to 
realize the time was off, during which time server logs were being 
generated with the erroneous data. Only one of our clients (Site 10) 
analyzes his server logs, so I thought: "No problem, we'll download the 
current log, retrofit all of the erroneous data, and store that on his 
local machine. Next, we'll reset the server log for his site and start 
fresh going forward." The problem is: after resetting the logs as 
instructed by the Sun support docs (Article ID8185), I'm left with two 
problems...

1.) The logs in /home/sites/site10/logs don't accumulate. They've been 
at 0 bytes for the past week, despite continuous site access
2.) The downloadable log from Site 10's "Site Usage" screen *does* show 
the accumulated & correct stats, but also includes the erroneous August 
2004 stats.

This leads me to suspect the logs are cached somewhere, but after 
searching quite a bit (grepping like a madman), I haven't been able to 
figure out where. I found another article (Article ID7729) that 
discusses the daily logrotate cron job and the use of Analog. I also 
noticed webalizer.pl in our daily cron routine. I'm not a hugely l33t 
server guy, and the only reason I'm doing all this is because our admin 
has given up on the job (I'm the one who has to field the customer's 
wrath, not him), so please have mercy on me if I am misunderstanding 
fundamental aspects of how some of these processes work together.

In a nutshell, what I need to be able to do is:

1.) Clear out all previous log information for "Site 10"
2.) Get the logs in /home/sites/site10/logs to accumulate like (i 
think) they should
3.) Get to the point where "Download Log File" in the Site Management 
screen doesn't include the corrupted data

When I click "Download Log File" it runs webLog.cgi with the passed 
vars: group=site10 service=web. When I looked at the code, webLog.cgi 
appears to generate the download file by looking at the file:  
/home/sites/$group/logs/$service.log. This completely stumps me because 
that file is completely empty! It can't be getting anything useful out 
of that log file, so where is this other data coming from that it's 
using to create the downloadable log file? In addition, how is it that 
the downloaded log file is absolutely correct and current, except for 
the few lines of August 2004 that I'm trying to purge?

Does any of this make sense? Can anybody shed some light on this for me?

I appreciate the help,
Justin Hankins