[syslog-ng] Hourly Log rotate

craig bowser reswob10 at gmail.com
Mon Nov 20 16:49:05 UTC 2017 

Thanks. Will try that one

On Nov 20, 2017 10:32 AM, "Fekete, RĂ³bert" <robert.fekete at balabit.com>
wrote:

> Hi,
>
> I believe you are looking for the R_HOUR macro (https://www.balabit.com/
> documents/syslog-ng-ose-latest-guides/en/syslog-ng-
> ose-guide-admin/html/date-macros.html)
>
> HTH,
>
> Robert
>
> On Mon, Nov 20, 2017 at 4:29 PM, craig bowser <reswob10 at gmail.com> wrote:
>
>>
>> So according to
>>
>>
>>
>> https://www.balabit.com/documents/syslog-ng-ose-latest-guide
>> s/en/syslog-ng-ose-guide-admin/html/example-logrotate.html
>>
>>
>>
>> using this format:  destination d_sorted { file("/var/log/remote/${HOST}/${YEAR}_${MONTH}_${DAY}.log" create-dirs(yes)); };
>>
>>
>>
>>
>>
>> I can create logs folders and files based on the timestamp.  And this is
>> working nicely for us... With a caveat.
>>
>>
>>
>> We are getting a TON of logs, so we want to rotate hourly and archive
>> quickly.
>>
>>
>>
>> My config is this:  destination d_msg { file("/var/log/message_${YEAR}
>> _${MONTH}_${DAY}_${HOUR}.log"); };
>>
>>
>>
>> But instead of creating one file per hour according to the time the event
>> is received, it is creating files based on the timestamp of the event
>> (which, while useful for discovering and tracking down machines with time
>> synch problems, is not so useful for managing log files on the syslog
>> server).
>>
>>
>>
>> Is there a way to make it create files based on the time the event is
>> received and NOT the timestamp of the event?
>>
>>
>>
>> Thanks.
>>
>>
>>
>> ____________________________________________________________
>> __________________
>> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
>> Documentation: http://www.balabit.com/support/documentation/?product=
>> syslog-ng
>> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>>
>>
>>
>
> ____________________________________________________________
> __________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?
> product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20171120/1f6ca9d8/attachment.html>

More information about the syslog-ng mailing list