On 3/9/07, Padmanabhan, Rajeesh (GE Healthcare) <Rajeesh.Padmanabhan@ge.com> wrote:

Hi Valdis,

Thanks for the help. Could you please explain below questons?

1. Will the below format overwrites existing log file?

Unless you specify otherwise (using remove_if_older), if a file exists, it is opened for appending instead of being overwritten.

file("/logs/$HOST/$YEAR/$MONTH/messages-$YEAR-$MONTH$DAY");

In the above case, $YEAR is always unique, the directory and files will always have a unique name.

2. Is there a way to roate log file based on the size?

No size-based rotation is built into syslog-ng. You could write a script, but I find it easier to just have syslog-ng create many smaller files, and then either compress or purge these files using a cron job.

Idea is I don't want my log partition gets filled & alerts due to lacks of space :)

Running out of disk space is a risk. What I do is specify the destination like this: file("/var/log/remote/$HOST/$WEEKDAY/$HOUR" remove_if_older(259200) sync(60) ); Additionally, I have a cron job to compress older logs by as much as 98%: @midnight find /var/log/remote -type f -name '[0-2][0-9]' -ctime +3 -print0 |xargs -r -0 bzip2 -f Kevin