[syslog-ng] Syslog-ng log file overwrite
K K
kkadow at gmail.com
Fri Mar 9 20:48:05 CET 2007
On 3/9/07, Padmanabhan, Rajeesh (GE Healthcare)
<Rajeesh.Padmanabhan at ge.com> wrote:
> Hi Valdis,
>
> Thanks for the help. Could you please explain below questons?
>
> 1. Will the below format overwrites existing log file?
Unless you specify otherwise (using remove_if_older), if a file
exists, it is opened for appending instead of being overwritten.
> file("/logs/$HOST/$YEAR/$MONTH/messages-$YEAR-$MONTH$DAY");
In the above case, $YEAR is always unique, the directory and files
will always have a unique name.
> 2. Is there a way to roate log file based on the size?
No size-based rotation is built into syslog-ng. You could write a
script, but I find it easier to just have syslog-ng create many
smaller files, and then either compress or purge these files using a
cron job.
> Idea is I don't want my log partition gets filled & alerts
> due to lacks of space :)
Running out of disk space is a risk.
What I do is specify the destination like this:
file("/var/log/remote/$HOST/$WEEKDAY/$HOUR"
remove_if_older(259200) sync(60) );
Additionally, I have a cron job to compress older logs by as much as 98%:
@midnight find /var/log/remote -type f -name '[0-2][0-9]' -ctime
+3 -print0 |xargs -r -0 bzip2 -f
Kevin
More information about the syslog-ng
mailing list