[syslog-ng] Hourly Log rotate

craig bowser reswob10 at gmail.com
Mon Nov 20 15:29:01 UTC 2017


So according to



https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-
ose-guide-admin/html/example-logrotate.html



using this format:  destination d_sorted {
file("/var/log/remote/${HOST}/${YEAR}_${MONTH}_${DAY}.log"
create-dirs(yes)); };





I can create logs folders and files based on the timestamp.  And this is
working nicely for us... With a caveat.



We are getting a TON of logs, so we want to rotate hourly and archive
quickly.



My config is this:  destination d_msg { file("/var/log/message_${YEAR}
_${MONTH}_${DAY}_${HOUR}.log"); };



But instead of creating one file per hour according to the time the event
is received, it is creating files based on the timestamp of the event
(which, while useful for discovering and tracking down machines with time
synch problems, is not so useful for managing log files on the syslog
server).



Is there a way to make it create files based on the time the event is
received and NOT the timestamp of the event?



Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171120/70db92d4/attachment.html>


More information about the syslog-ng mailing list