Re: [syslog-ng] (U) [Non-DoD Source] Re: Rotate syslog-ng log files
CLASSIFICATION: UNCLASSIFIED Verion 1.6.8 Thanks Jitesh Amin CLASSIFICATION: UNCLASSIFIED -----Original Message----- From: Gergely Nagy <algernon@balabit.com> Sent: Wednesday, May 30, 2018 8:47 AM To: Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr@mail.mil>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: Re: [syslog-ng] (U) [Non-DoD Source] Re: Rotate syslog-ng log files
"Amin" == Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr@mail.mil> writes:
Amin> But now I see 2 log files in /var/log Amin> Syslog.log Amin> syslog-{YEAR}-{MONTH}-{DAY}.log Amin> Not sure why it’s creating syslog-{YEAR}-{MONTH}-{DAY}.log Amin> named file versus actually putting day/month/year in file Amin> name. Anything I missed?? What version of syslog-ng are you running? -- |8]
"Amin" == Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr@mail.mil> writes:
Amin> Verion 1.6.8 That... is an old version, about 13 years old, and it does not support the templating later versions do. I would strongly recommend upgrading to something more recent (we are at 3.15.1 at the moment). If you can't, you can still use logrotate to rotate the logs, though if you are using such and old syslog-ng, the version of your logrotate might be similarly ancient. -- |8]
CLASSIFICATION: UNCLASSIFIED Hello, So we have to plan an upgrade first. Let me ask this, with the following config = destination syslog { file("/var/log/syslog-${YEAR}-${MONTH}-${DAY}.log"); }; It created new file and started writing to it (versus creating new syslog.log). Question, if we plan to accept this for now, with above config, would it create a new file ever day with following file names or no it would not work with v1.6.8 syslog-{YEAR}-{MONTH}-{DAY}.log syslog-{YEAR}-{MONTH}-{DAY}.log.0 syslog-{YEAR}-{MONTH}-{DAY}.log.1 Thanks Jitesh Amin CLASSIFICATION: UNCLASSIFIED -----Original Message----- From: Gergely Nagy <algernon@balabit.com> Sent: Wednesday, May 30, 2018 9:07 AM To: Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr@mail.mil>; Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu> Subject: RE: (U) [syslog-ng] [Non-DoD Source] Re: Rotate syslog-ng log files
"Amin" == Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr@mail.mil> writes:
Amin> Verion 1.6.8 That... is an old version, about 13 years old, and it does not support the templating later versions do. I would strongly recommend upgrading to something more recent (we are at 3.15.1 at the moment). If you can't, you can still use logrotate to rotate the logs, though if you are using such and old syslog-ng, the version of your logrotate might be similarly ancient. -- |8]
"Amin" == Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr@mail.mil> writes:
Amin> Let me ask this, with the following config = destination Amin> syslog { file("/var/log/syslog-${YEAR}-${MONTH}-${DAY}.log"); Amin> }; Amin> It created new file and started writing to it (versus creating Amin> new syslog.log). Question, if we plan to accept this for now, Amin> with above config, would it create a new file ever day with Amin> following file names or no it would not work with v1.6.8 With syslog-ng 1.6.8, it would not create a new file every day, and would continue writing to syslog-{YEAR}-{MONTH}-{DAY}.log. With newer versions, it would create files like `syslog-2018-05-30.log`. No `.0`, `.1` or the like would be appended. That's a convention of logrotate. With syslog-ng, you get filenames that match the template, they will have nothing appended or prepended that is not in the filename template. -- |8]
syslog-ng does have template support, it just doesnt support braces, which came later. Just write $YEAR instead of ${YEAR} On May 30, 2018 09:41, "Gergely Nagy" <algernon@balabit.com> wrote:
"Amin" == Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr@mail.mil> writes:
Amin> Let me ask this, with the following config = destination Amin> syslog { file("/var/log/syslog-${YEAR}-${MONTH}-${DAY}.log"); Amin> };
Amin> It created new file and started writing to it (versus creating Amin> new syslog.log). Question, if we plan to accept this for now, Amin> with above config, would it create a new file ever day with Amin> following file names or no it would not work with v1.6.8
With syslog-ng 1.6.8, it would not create a new file every day, and would continue writing to syslog-{YEAR}-{MONTH}-{DAY}.log. With newer versions, it would create files like `syslog-2018-05-30.log`. No `.0`, `.1` or the like would be appended. That's a convention of logrotate. With syslog-ng, you get filenames that match the template, they will have nothing appended or prepended that is not in the filename template.
-- |8] ____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
I mean syslog-ng 1.6.8 On May 30, 2018 22:54, "Balazs Scheidler" <bazsi77@gmail.com> wrote:
syslog-ng does have template support, it just doesnt support braces, which came later.
Just write $YEAR instead of ${YEAR}
On May 30, 2018 09:41, "Gergely Nagy" <algernon@balabit.com> wrote:
> "Amin" == Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr@mail.mil> writes:
Amin> Let me ask this, with the following config = destination Amin> syslog { file("/var/log/syslog-${YEAR}-${MONTH}-${DAY}.log"); Amin> };
Amin> It created new file and started writing to it (versus creating Amin> new syslog.log). Question, if we plan to accept this for now, Amin> with above config, would it create a new file ever day with Amin> following file names or no it would not work with v1.6.8
With syslog-ng 1.6.8, it would not create a new file every day, and would continue writing to syslog-{YEAR}-{MONTH}-{DAY}.log. With newer versions, it would create files like `syslog-2018-05-30.log`. No `.0`, `.1` or the like would be appended. That's a convention of logrotate. With syslog-ng, you get filenames that match the template, they will have nothing appended or prepended that is not in the filename template.
-- |8] ____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product= syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (4)
-
Amin, Jitesh CTR DISA JSP (US)
-
Balazs Scheidler
-
Gergely Nagy
-
Scheidler, Balázs