[syslog-ng] remove_if_older()

anthony lineham anthony.lineham at alliedtelesis.co.nz
Wed Dec 20 00:34:31 CET 2006


Thanks, that helps. So in theory through careful co-ordination of
time_reap, remove_if_older and the generation of 
the status message I'm interested in, I should be able to achieve what
I want.

Anthony 
 
>>> "K K" <kkadow at gmail.com> 12/20/06 11:55 AM >>> 
>>> It seems that the age check is only
>>> made the first time the file is written too. I've had a quick look
>>> through the code and it looks like the age check is only made in
>>> affile_dw_init, which I assume is called when the file is first
opened.
>>> This would be consistent with my observations.
>>>
>>> Is this the intended behaviour?

I believe it is called when first opened, and also when existing files
are re- opened?


> Ok, that makes a lot of sense.
> Although it does make me wonder what the
> intended use of this option actually is.

I believe the intended use is this:

options {
        time_reap(3600);
        . . .
}
. . .
destination d_routers {
        file("/var/log/routers/$WEEKDAY/$HOUR" remove_if_older(259200)
);
}

In this case, logs are automatically "rotated", by virtue of being
written to directories named for the day of week, and files named for
the hour of the day.  So right now syslog- ng is writing
/var/log/routers/Tue/16.
When next Tuesday comes around, the old "16" file should be removed
and recreated, instead of appending to week- old data.

Kevin
_______________________________________________
syslog- ng maillist  -   syslog- ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog- ng
Frequently asked questions at http://www.campin.net/syslog-
ng/faq.html




More information about the syslog-ng mailing list