[syslog-ng] Log rotation in Syslog-ng
jrhendri at roadrunner.com
jrhendri at roadrunner.com
Tue Aug 11 02:19:37 CEST 2015
Agree about doing rotation separately.
I create the logs by date (using macros within syslog-ng destinations) then run a couple cron jobs to manage retention. You should tweak this to your own preferences:
Here are some pertinent options:
options {
check_hostname(yes); # check if the hostname contains valid characters
use_dns(no); # do not resolve names for speed
dns_cache(no); # no DNS cache since we do not resolve names
keep_hostname(yes); # keep hostnames to enable related macros
chain_hostnames(no); # do not track / forward syslog forwarder chain
# options related to file and directories
dir_owner("root");
dir_group("logadmin");
owner("root");
group("logadmin");
perm(0640);
dir_perm(0750);
create_dirs(yes);
};
and an example destination:
destination d_separatedbyhosts {
file("/data/syslog-ng/$YEAR/$MONTH/$DAY/$HOST_FROM/$HOST_FROM.$FACILITY.$PRIORITY.$YEAR.$MONTH.$DAY");
};
This way each filename uniquely identifies the source and date (in case you need to send copies somewhere, they aren't all named "messages"...)
This is an example command that compresses after 1 day (run nightly)
/bin/find /data/syslog-ng -type f -mtime +1 ! -name \*.gz -exec /bin/gzip --best {} \;
And this deletes after 90 days (also run nightly)
/bin/find /data/syslog-ng -type f -name \*.gz -mtime +90 -exec /bin/rm {} \;
Good luck,
Jim
---- Justin Kala <justinkala at gmail.com> wrote:
> Can we control the log retention/rotation in syslog-ng.conf .Syslog-ng
> server version is 3.4 OSE Solaris 10.
>
> If so, how do we do it ?? Highly appreciate if you can share the examples
> /links
> --
> Kaladhar
More information about the syslog-ng
mailing list