[syslog-ng] Hourly Log rotate
Fekete, RĂ³bert
robert.fekete at balabit.com
Mon Nov 20 15:31:38 UTC 2017
Hi,
I believe you are looking for the R_HOUR macro (
https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/date-macros.html
)
HTH,
Robert
On Mon, Nov 20, 2017 at 4:29 PM, craig bowser <reswob10 at gmail.com> wrote:
>
> So according to
>
>
>
> https://www.balabit.com/documents/syslog-ng-ose-latest-
> guides/en/syslog-ng-ose-guide-admin/html/example-logrotate.html
>
>
>
> using this format: destination d_sorted { file("/var/log/remote/${HOST}/${YEAR}_${MONTH}_${DAY}.log" create-dirs(yes)); };
>
>
>
>
>
> I can create logs folders and files based on the timestamp. And this is
> working nicely for us... With a caveat.
>
>
>
> We are getting a TON of logs, so we want to rotate hourly and archive
> quickly.
>
>
>
> My config is this: destination d_msg { file("/var/log/message_${YEAR}
> _${MONTH}_${DAY}_${HOUR}.log"); };
>
>
>
> But instead of creating one file per hour according to the time the event
> is received, it is creating files based on the timestamp of the event
> (which, while useful for discovering and tracking down machines with time
> synch problems, is not so useful for managing log files on the syslog
> server).
>
>
>
> Is there a way to make it create files based on the time the event is
> received and NOT the timestamp of the event?
>
>
>
> Thanks.
>
>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171120/ac8ad2d6/attachment.html>
More information about the syslog-ng
mailing list