Agree about doing rotation separately. I create the logs by date (using macros within syslog-ng destinations) then run a couple cron jobs to manage retention. You should tweak this to your own preferences: Here are some pertinent options: options { check_hostname(yes); # check if the hostname contains valid characters use_dns(no); # do not resolve names for speed dns_cache(no); # no DNS cache since we do not resolve names keep_hostname(yes); # keep hostnames to enable related macros chain_hostnames(no); # do not track / forward syslog forwarder chain # options related to file and directories dir_owner("root"); dir_group("logadmin"); owner("root"); group("logadmin"); perm(0640); dir_perm(0750); create_dirs(yes); }; and an example destination: destination d_separatedbyhosts { file("/data/syslog-ng/$YEAR/$MONTH/$DAY/$HOST_FROM/$HOST_FROM.$FACILITY.$PRIORITY.$YEAR.$MONTH.$DAY"); }; This way each filename uniquely identifies the source and date (in case you need to send copies somewhere, they aren't all named "messages"...) This is an example command that compresses after 1 day (run nightly) /bin/find /data/syslog-ng -type f -mtime +1 ! -name \*.gz -exec /bin/gzip --best {} \; And this deletes after 90 days (also run nightly) /bin/find /data/syslog-ng -type f -name \*.gz -mtime +90 -exec /bin/rm {} \; Good luck, Jim ---- Justin Kala <justinkala@gmail.com> wrote:
Can we control the log retention/rotation in syslog-ng.conf .Syslog-ng server version is 3.4 OSE Solaris 10.
If so, how do we do it ?? Highly appreciate if you can share the examples /links -- Kaladhar