[syslog-ng]Archiving log file
Nate Campi
nate@campin.net
Sat, 17 Nov 2001 23:19:03 -0800
On Sun, Nov 18, 2001 at 01:42:35PM -0800, Chee Chew wrote:
> I wish to split the log file into daily basis by means of different file per
> day according to the received timestamp. Is there any option in syslog-ng
> can be configured for this. At normal, the log file will grow bigger and
> bigger and become more difficult to read especially when we want to search
> for certain event on certain date.
>
> By achiving the log into daily file with meaningful filename, it should be
> much more convenient. Perhaps if syslog-ng do not have this option, is there
> any workaround or better method to due with this?
In my syslog-ng.conf file I put this:
destination hosts {
file("/var/log/HOSTS/$HOST/$FACILITY/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY"
owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
log { source(src); destination(hosts); };
Read the docs to see what macros are available, you could arrange the
archiving any way you like.
I documented my setup at http://www.campin.net/newlogcheck.html - you
may find it useful.
--
Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79
Key fingerprint = BF12 722F 8799 E614 33CC FAB7 5A90 C464 C17A EF79
When you say 'I wrote a program that crashed Windows', people just
stare at you blankly and say 'Hey, I got those with the system, for
free'