[prev in list] [next in list] [prev in thread] [next in thread] 

List:       syslog-ng
Subject:    Re: [syslog-ng] Log rotation in Syslog-ng
From:       <jrhendri () roadrunner ! com>
Date:       2015-08-11 0:19:37
Message-ID: 20150811001937.1703G.308791.root () cdptpa-web03
[Download RAW message or body]

Agree about doing rotation separately.

I create the logs by date (using macros within syslog-ng destinations) then run a \
couple cron jobs to manage retention. You should tweak this to your own preferences:

Here are some pertinent options:
options {
  check_hostname(yes); # check if the hostname contains valid characters
  use_dns(no);   # do not resolve names for speed
  dns_cache(no); # no DNS cache since we do not resolve names
  keep_hostname(yes); # keep hostnames to enable related macros
  chain_hostnames(no); # do not track / forward syslog forwarder chain

  # options related to file and directories
  dir_owner("root");
  dir_group("logadmin");
  owner("root");
  group("logadmin");
  perm(0640);
  dir_perm(0750);
  create_dirs(yes);
};

and an example destination:

destination d_separatedbyhosts {
  file("/data/syslog-ng/$YEAR/$MONTH/$DAY/$HOST_FROM/$HOST_FROM.$FACILITY.$PRIORITY.$YEAR.$MONTH.$DAY");
 };

This way each filename uniquely identifies the source and date (in case you need to \
send copies somewhere, they aren't all named "messages"...)


This is an example command that compresses after 1 day (run nightly)
/bin/find /data/syslog-ng -type f -mtime +1 ! -name \*.gz -exec /bin/gzip --best {} \
\;

And this deletes after 90 days (also run nightly)
/bin/find /data/syslog-ng -type f -name \*.gz -mtime +90 -exec /bin/rm {} \;

Good luck,
Jim



---- Justin Kala <justinkala@gmail.com> wrote: 
> Can we control the log retention/rotation in syslog-ng.conf .Syslog-ng
> server version is 3.4 OSE Solaris 10.
> 
> If so, how do we do it ?? Highly appreciate if you can share the examples
> /links
> -- 
> Kaladhar

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic