[syslog-ng]Syslog-ng conf file options not working!!!!
TIM MOORE
syslog-ng@lists.balabit.hu
Thu, 10 Apr 2003 09:40:49 -0400
This is a MIME message. If you are reading this text, you may want to
consider changing to a mail reader or gateway that understands how to
properly handle MIME multipart messages.
--=_CF906978.37560278
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Here is what I am trying to do. We have all of our network monitoring =
devices logging to a central linux syslog-ng server. The files write to =
the log server as the day of the week (eg. 01, 02, 03). I am trying to =
make sure that when the month rolls over and starts writing to file 01 =
that they old file is blown away. I don't need logs older than one month. =
I can't seem to get syslog-ng to handle this on its own. I have tried =
two options from syslog-ng that are given in the extended sample syslog-ng =
conf files from the website. Neither have worked the way they said they =
should.
First, I tried limiting the number of lines that can be written to a file. =
I set the log_fifo_size to (12288). The sample config says that this =
setting is for the number of lines that can be written to the log files. =
However, I have some log files that are over 1,000,000 lines. So, unless =
I misunderstood this option it isn't working.
Second, I tried to set the option remove_if_older to (172800) or 2 days. =
The expanded sample config says that this option checks a file to see =
whether or not it is older than the number of seconds specified. If it is =
older then it removes the existing file and writes to a new file with the =
same name. This option would work perfectly, if it worked! When I put it =
in the config file, it barfs when trying to load syslog-ng and says it is =
an error. Any ideas on how to do this (without writing a script to blank =
out each days file at midnight).=20
Attached is a copy of our conf file.
Thanks,
Tim
# Syslog-ng configuration for for ODJFS-NOC Syslog=20
#
# Copyright (c) 1999 anonymous
# Copyright (c) 1999 Balazs Scheidler
# $Id: syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $
#
# Syslog-ng configuration file, compatible with default Debian syslogd
# installation.=20
#
options {=20
#remove_if_older(172800);
use_fqdn(yes);
use_dns(yes);
dns_cache(yes);
keep_hostname(yes);
long_hostnames(off);
use_time_recvd(yes);
#log_fifo_size=3Dnumber of lines logged
log_fifo_size(12288);
sync(0);
};
######################################
#Source Section
#source for local data
source src {=20
pipe("/proc/kmsg" log_prefix("kernel: "));
unix-stream("/dev/log");
internal();
};
#source for network devices
source net {=20
udp();
};
#####################################
#Destination Section
#Standard destination
destination std {
file("/var/log/$HOST/$FACILITY/$DAY"
owner(root)=20
group(root)=20
perm(0600)=20
dir_perm(0700)=20
create_dirs(yes));
};
#Forward Destination
destination noc-web {
udp("10.3.8.100" port(514));
};
#####################################
#log for src
log {
source(src);
destination(std);
};
#log for net
log {
source(net);
destination(std);
};
########END OF FILE########
--=_CF906978.37560278
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Description: HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1"=
>
<META content=3D"MSHTML 6.00.2800.1141" name=3DGENERATOR></HEAD>
<BODY style=3D"MARGIN-TOP: 2px; FONT: 10pt Tahoma; MARGIN-LEFT: 2px">
<DIV>Here is what I am trying to do. We have all of our network =
monitoring=20
devices logging to a central linux syslog-ng server. The files write =
to=20
the log server as the day of the week (eg. 01, 02, 03). I am trying =
to=20
make sure that when the month rolls over and starts writing to file 01 =
that they=20
old file is blown away. I don't need logs older than one month. =
I=20
can't seem to get syslog-ng to handle this on its own. I have tried =
two=20
options from syslog-ng that are given in the extended sample syslog-ng =
conf=20
files from the website. Neither have worked the way they =
said=20
they should.</DIV>
<DIV> </DIV>
<DIV>First, I tried limiting the number of lines that can be written to =
a=20
file. I set the <EM>log_fifo_size</EM> to (12288). The =
sample=20
config says that this setting is for the number of lines that can be =
written to=20
the log files. However, I have some log files that are over =
1,000,000=20
lines. So, unless I misunderstood this option it isn't working.</DIV>=
<DIV> </DIV>
<DIV>Second, I tried to set the option <EM>remove_if_older</EM> to =
(172800) or 2=20
days. The expanded sample config says that this option checks a file =
to=20
see whether or not it is older than the number of seconds specified. =
If it=20
is older then it removes the existing file and writes to a new file with =
the=20
same name. This option would work perfectly, if it worked! =
When I=20
put it in the config file, it barfs when trying to load syslog-ng and says =
it is=20
an error. Any ideas on how to do this (without writing a script to =
blank=20
out each days file at midnight). </DIV>
<DIV> </DIV>
<DIV>Attached is a copy of our conf file.</DIV>
<DIV> </DIV>
<DIV>Thanks,</DIV>
<DIV>Tim</DIV>
<DIV> </DIV>
<DIV># Syslog-ng configuration for for ODJFS-NOC Syslog <BR>#<BR># =
Copyright (c)=20
1999 anonymous<BR># Copyright (c) 1999 Balazs Scheidler<BR># $Id:=20
syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $<BR>#<BR># =
Syslog-ng=20
configuration file, compatible with default Debian syslogd<BR># installatio=
n.=20
<BR>#</DIV>
<DIV> </DIV>
<DIV>options { <BR> =20
#remove_if_older(172800);<BR> =20
use_fqdn(yes);<BR> =20
use_dns(yes);<BR> =20
dns_cache(yes);<BR> =20
keep_hostname(yes);<BR> =20
long_hostnames(off);<BR> =20
use_time_recvd(yes);<BR> =20
#log_fifo_size=3Dnumber of lines=20
logged<BR> =20
log_fifo_size(12288);<BR> =20
sync(0);<BR> };<BR>######################################<BR>#Source=
=20
Section<BR>#source for local data<BR>source src {=20
<BR> pipe("/proc/kmsg"=20
log_prefix("kernel: "));<BR> =20
unix-stream("/dev/log");<BR> =20
internal();<BR>};</DIV>
<DIV> </DIV>
<DIV>#source for network devices<BR>source net {=20
<BR> udp();<BR>};</DIV>
<DIV> </DIV>
<DIV>#####################################<BR>#Destination Section<BR>#Stan=
dard=20
destination<BR>destination std {<BR> &nb=
sp;=20
file("/var/log/$HOST/$FACILITY/$DAY"<BR>  =
; =20
owner(root)=20
<BR>  =
; =20
group(root)=20
<BR>  =
; =20
perm(0600)=20
<BR>  =
; =20
dir_perm(0700)=20
<BR>  =
; =20
create_dirs(yes));<BR>};</DIV>
<DIV> </DIV>
<DIV>#Forward Destination<BR>destination noc-web=20
{<BR> udp("10.3.8.100"=20
port(514));<BR>};<BR>#####################################<BR>#log for=20
src<BR>log {<BR> =20
source(src);<BR> =20
destination(std);<BR>};</DIV>
<DIV> </DIV>
<DIV>#log for net<BR>log {<BR> =20=
source(net);<BR> =20
destination(std);<BR>};</DIV>
<DIV> </DIV>
<DIV>########END OF FILE########<BR></DIV></BODY></HTML>
--=_CF906978.37560278--