[syslog-ng] (U) [Non-DoD Source] Re: Rotate syslog-ng log files
Amin, Jitesh CTR DISA JSP (US)
jitesh.amin.ctr at mail.mil
Wed May 30 11:52:33 UTC 2018
CLASSIFICATION: UNCLASSIFIED
Hello,
So here's what currently is configured in our .conf file:
destination syslog { file("/var/log/syslog.log" perm(0644)); };
what you are saying, is if I want logs to rotate on daily basis, I can just make the above line to read as following:
destination syslog { file("/var/log/syslog-${YEAR}-${MONTH}-${DAY}.log"); };
Thanks
Jitesh Amin
CLASSIFICATION: UNCLASSIFIED
-----Original Message-----
From: Gergely Nagy <algernon at balabit.com>
Sent: Wednesday, May 30, 2018 7:25 AM
To: Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr at mail.mil>; syslog-ng at lists.balabit.hu
Subject: [Non-DoD Source] Re: [syslog-ng] (U) Rotate syslog-ng log files
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
----
Hi!
>>>>> "Amin" == Amin, Jitesh CTR DISA JSP (US) <jitesh.amin.ctr at mail.mil> writes:
Amin> What we are trying to do is rotate the syslog.log file once it
Amin> reaches 500 MB (as well as looking into rotating file every 24
Amin> hours)? Once the log file rotates, it creates a new file named
Amin> syslog.log.0 and so on..
syslog-ng does not support size-based rotation, you'll have to configure logrotate for that. See the packaging/debian/syslog-ng-core.syslog-ng.logrotate[1] file for an example.
[1]: Caution-https://github.com/balabit/syslog-ng/blob/master/packaging/debian/syslog-ng-core.syslog-ng.logrotate
With logrotate, the most recent logfile syslog-ng writes to will always be syslog.log, and the rotated files will have different names - depending on the logrotate configuration you use.
For time-based, daily rotation, you can use templates in the destination filename, such as:
destination d_syslog {
file("/var/log/syslog-${YEAR}-${MONTH}-${DAY}.log");
};
Hope this helps!
--
|8]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6560 bytes
Desc: not available
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20180530/9d4e0deb/attachment-0001.bin>
More information about the syslog-ng
mailing list