[syslog-ng]help please...
Glenn Harrison
glennharrison@amcorp.com.au
Fri, 23 Aug 2002 09:53:18 +1000
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C24A37.16A87270
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I can answer 2 fairly simply. Whilst using syslog-ng, I just set the =
logs
to go into a dated directory or filename, that way they automatically =
get
rotated each night without disrupting syslog at all. For example:
=20
destination messages {
file("/var/log/syslog-dated/$HOST/$YEAR-$MONTH-$DAY/messages"
sync(0) log_fifo_size(10) create_dirs(yes)
owner(root) group(sysadmin) perm(0640) dir_perm(0750)
dir_owner(root) dir_group(sysadmin));
};
You could of course simplify this even more, and just have:
destination messages {
file("/var/adm/messages-$YEAR-$MONTH-$DAY"
sync(0) log_fifo_size(10) create_dirs(yes)
owner(root) group(sysadmin) perm(0640) dir_perm(0750)
dir_owner(root) dir_group(sysadmin));
};
Which would put dated messages files into your /var/adm directory, then =
run
a find command each night to clean up the old logs once they're =
archived off
to tape or whatever your policy is.
I personally use these 2 cron entries to clean up my messages each =
night:
15 4 * * * /usr/bin/find /var/log/syslog-dated \( -name '*-*-*' \) =
-follow
-mount -mtime +32 -type d -exec /usr/bin/rm -rf {} \;
30 4 * * * /usr/bin/find /var/log/syslog-dated \( -name '*.log' \) =
-follow
-mount -mtime +2 -type f -exec /usr/bin/gzip {} \;
This gzips the older logs, and deletes stuff over a month old.
-----Original Message-----
From: Keven Belanger [mailto:kbelanger@logicon.ca]=20
Sent: Friday, 23 August 2002 5:23 AM
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng]help please...
I have 2 question:
=20
1- I'm looking for a script (perl or other) to scan a file to find =
unique
line (line that are duplicate will be remove)
2- Also want to know which log rotation people are using under Solaris =
??
Answer soon!
=20
Thanx!
=20
=20
K=E9ven Belanger
Analyste en solutions de s=E9curit=E9
Logicon Inc. - Division S=E9curit=E9
819.825.8049 x7717
800.567.6399 x7717
=20
Our Privacy statement
AM Corporation manages Personal information as required by Privacy
legislation. To provide the products and services you request and for
related purposes, we collect information from you or from someone you =
have
authorised. If your information is sensitive, such as health =
information,
we will use it only for the purpose that you have requested. =
Sometimes, we
must give your information to appropriate external service providers, =
such
as our underwriter, administrators, your banking service provider =
and/or
Financial Adviser. However, we will give your information only if you
authorise us, or if we are legally required to, or if it is part of our
normal procedures and necessary to provide what you have requested.
This email is confidential
> This email and any files transmitted with it are intended solely for =
the
> use of the addressee(s) and may contain information which is =
confidential
> or privileged. Any unauthorised use, in particular forwarding the
> contents of this email and any files to third parties (other than is
> expressly authorised) is prohibited.
>=20
> If you receive this email and you are not the addressee (or =
responsible
> for the delivery of the email to the addressee) please notify us
> immediately and delete the email and all copies.
>=20
> We do not guarantee that this email is virus or error free, and the
> attached files are provided and may only be used on the basis that =
the
> recipient assumes all responsibility for any loss, damage or =
consequence
> resulting directly or indirectly from the use of the attached files,
> whether caused by the negligence of the sender or not.
>=20
> The contents and opinions in non business emails are not necessarily =
those
> of AM.
>=20
------_=_NextPart_001_01C24A37.16A87270
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns=3D"http://www.w3.org/TR/REC-html40" xmlns:o =3D=20
"urn:schemas-microsoft-com:office:office" xmlns:w =3D=20
"urn:schemas-microsoft-com:office:word"><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE>Message</TITLE>
<META content=3DWord.Document name=3DProgId>
<META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR>
<META content=3D"Microsoft Word 10" name=3DOriginator><LINK=20
href=3D"cid:filelist.xml@01C249EF.DCBEAC10" rel=3DFile-List><!--[if gte =
mso 9]><xml>
<o:OfficeDocumentSettings>
<o:DoNotRelyOnCSS/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:SpellingState>Clean</w:SpellingState>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:HyphenationZone>21</w:HyphenationZone>
<w:EnvelopeVis/>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]-->
<STYLE>@font-face {
font-family: Verdana;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; =
mso-header-margin: .5in; mso-footer-margin: .5in; mso-paper-source: 0; =
}
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; text-underline: single
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; text-underline: single
}
P.MsoAutoSig {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-pagination: widow-orphan; mso-fareast-font-family: "Times New =
Roman"
}
LI.MsoAutoSig {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-pagination: widow-orphan; mso-fareast-font-family: "Times New =
Roman"
}
DIV.MsoAutoSig {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"; =
mso-pagination: widow-orphan; mso-fareast-font-family: "Times New =
Roman"
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: =
personal-compose; mso-style-noshow: yes; mso-ansi-font-size: 10.0pt; =
mso-bidi-font-size: 10.0pt; mso-ascii-font-family: Arial; =
mso-hansi-font-family: Arial; mso-bidi-font-family: Arial
}
SPAN.SpellE {
mso-style-name: ""; mso-spl-e: yes
}
SPAN.GramE {
mso-style-name: ""; mso-gram-e: yes
}
DIV.Section1 {
page: Section1
}
</STYLE>
<!--[if gte mso 10]>
<style>
/* Style Definitions */=20
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";}
</style>
<![endif]--></HEAD>
<BODY lang=3DFR-CA style=3D"tab-interval: 35.4pt" vLink=3Dpurple =
link=3Dblue>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff size=3D2>I can=20
answer 2 fairly simply. Whilst using syslog-ng, I just set the =
logs to go=20
into a dated directory or filename, that way they automatically get =
rotated each=20
night without disrupting syslog at all. For =
example:</FONT></SPAN></DIV>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2>destination messages {<BR> =20
file("/var/log/syslog-dated/$HOST/$YEAR-$MONTH-$DAY/messages"<BR> &=
nbsp; =20
sync(0) log_fifo_size(10)=20
create_dirs(yes)<BR> =
owner(root)=20
group(sysadmin) perm(0640)=20
dir_perm(0750)<BR> =20
dir_owner(root) dir_group(sysadmin));<BR>};<BR></FONT></SPAN></DIV>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff size=3D2>You=20
could of course simplify this even more, and just =
have:</FONT></SPAN></DIV>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff size=3D2><SPAN=20
class=3D420494823-22082002><FONT face=3DArial color=3D#0000ff=20
size=3D2>destination messages=20
{<BR></FONT></SPAN> file("/var/adm/messages-$YEAR-$MONT=
H-$DAY"</FONT></SPAN></DIV>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff=20
size=3D2> sync(0)=20
log_fifo_size(10)=20
create_dirs(yes)<BR> =
owner(root)=20
group(sysadmin) perm(0640)=20
dir_perm(0750)<BR> =20
dir_owner(root) dir_group(sysadmin));<BR>};<BR></FONT></SPAN></DIV>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff size=3D2>Which=20
would put dated messages files into your /var/adm directory, then run a =
find=20
command each night to clean up the old logs once they're archived off =
to tape or=20
whatever your policy is.</FONT></SPAN></DIV>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff size=3D2>I=20
personally use these 2 cron entries to clean up my messages each=20
night:</FONT></SPAN></DIV>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff size=3D2>15 4 *=20
* * /usr/bin/find /var/log/syslog-dated \( -name '*-*-*' \) -follow =
-mount=20
-mtime +32 -type d -exec /usr/bin/rm -rf {} \;<BR>30 4 * * * =
/usr/bin/find=20
/var/log/syslog-dated \( -name '*.log' \) -follow -mount -mtime +2 =
-type f -exec=20
/usr/bin/gzip {} \;<BR></FONT></SPAN><SPAN =
class=3D420494823-22082002><FONT=20
face=3DArial color=3D#0000ff size=3D2></FONT></SPAN></DIV>
<DIV><SPAN class=3D420494823-22082002><FONT face=3DArial =
color=3D#0000ff size=3D2>This=20
gzips the older logs, and deletes stuff over a month =
old.</DIV></FONT></SPAN>
<BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
<DIV></DIV>
<DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
align=3Dleft><FONT=20
face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B> =
Keven Belanger=20
[mailto:kbelanger@logicon.ca] <BR><B>Sent:</B> Friday, 23 August 2002 =
5:23=20
AM<BR><B>To:</B> syslog-ng@lists.balabit.hu<BR><B>Subject:</B> =
[syslog-ng]help=20
please...<BR><BR></FONT></DIV>
<DIV class=3DSection1>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US">I have 2=20
<SPAN class=3DGramE>question</SPAN>:<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US">1- I'm=20
looking for a script (<SPAN class=3DSpellE>perl</SPAN> or other) to =
scan a file=20
to find unique line (line that are duplicate will be=20
remove)<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US">2- Also=20
want to know which log rotation people are using under <SPAN=20
class=3DGramE>Solaris ??</SPAN><o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US">Answer=20
soon!<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><SPAN class=3DSpellE><FONT face=3DArial =
size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US">Thanx</SPAN></FONT></SPAN><FONT=20
face=3DArial size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US">!<o:p></o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: =
EN-US"><o:p> </o:p></SPAN></FONT></P>
<P class=3DMsoAutoSig><FONT face=3DVerdana size=3D2><SPAN lang=3DFR=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Verdana; mso-ansi-language: =
FR; mso-no-proof: yes">K=E9ven=20
Belanger</SPAN></FONT><SPAN lang=3DFR=20
style=3D"mso-ansi-language: FR; mso-no-proof: =
yes"><o:p></o:p></SPAN></P>
<P class=3DMsoAutoSig><FONT face=3DVerdana size=3D2><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Verdana; mso-no-proof: =
yes">Analyste en=20
solutions de s=E9curit=E9<BR>Logicon Inc. - Division=20
S=E9curit=E9<BR></SPAN></FONT><FONT face=3DVerdana size=3D2><SPAN =
lang=3DFR=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Verdana; mso-ansi-language: =
FR; mso-no-proof: yes">819.825.8049=20
x7717</SPAN></FONT><SPAN lang=3DFR=20
style=3D"mso-ansi-language: FR; mso-no-proof: =
yes"><o:p></o:p></SPAN></P>
<P class=3DMsoAutoSig><FONT face=3DVerdana size=3D2><SPAN =
lang=3DEN-US=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Verdana; mso-ansi-language: =
EN-US; mso-no-proof: yes">800.567.6399=20
x7717</SPAN></FONT><SPAN lang=3DEN-US=20
style=3D"mso-ansi-language: EN-US; mso-no-proof: =
yes"><o:p></o:p></SPAN></P>
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN=20
style=3D"FONT-SIZE: =
12pt"><o:p> </o:p></SPAN></FONT></P></DIV></BLOCKQUOTE></BODY></HTM=
L>
<BR>
<BR>
<BR>
<BR>
<BR>
<P><B><FONT SIZE=3D2>Our Privacy statement</FONT></B></P>
<BR>
<P><FONT SIZE=3D2>AM Corporation manages Personal information as =
required by Privacy legislation. To provide the products and services =
you request and for related purposes, we collect information from you =
or from someone you have authorised. If your information is sensitive, =
such as health information, we will use it only for the purpose that =
you have requested. Sometimes, we must give your information to =
appropriate external service providers, such as our underwriter, =
administrators, your banking service provider and/or Financial Adviser. =
However, we will give your information only if you authorise us, or if =
we are legally required to, or if it is part of our normal procedures =
and necessary to provide what you have requested.</FONT></P>
<BR>
<P><B><FONT SIZE=3D2>This email is confidential</FONT></B></P>
<BR>
<P><FONT SIZE=3D2>This email and any files transmitted with it are =
intended solely for the use of the addressee(s) and may contain =
information which is confidential or privileged. Any unauthorised use, =
in particular forwarding the contents of this email and any files to =
third parties (other than is expressly authorised) is =
prohibited.</FONT></P>
<BR>
<P><FONT SIZE=3D2>If you receive this email and you are not the =
addressee (or responsible for the delivery of the email to the =
addressee) please notify us immediately and delete the email and all =
copies.</FONT></P>
<BR>
<P><FONT SIZE=3D2>We do not guarantee that this email is virus or error =
free, and the attached files are provided and may only be used on the =
basis that the recipient assumes all responsibility for any loss, =
damage or consequence resulting directly or indirectly from the use of =
the attached files, whether caused by the negligence of the sender or =
not.</FONT></P>
<BR>
<P><FONT SIZE=3D2>The contents and opinions in non business emails are =
not necessarily those of AM.</FONT></P>
<BR>
------_=_NextPart_001_01C24A37.16A87270--