cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2490
Views
0
Helpful
4
Replies

log retention w/ syslog-ng

jdevoll
Level 1
Level 1

Does anybody know how to set log retention in syslog-ng to 90 days?

Thanks

4 Replies 4

Jason Davis
Cisco Employee
Cisco Employee

Depends on how you have it configured. Output to flat files? Output to MySQL server?

I have a couple Syslog-NG instances in my NM Lab and I have it set to put all Syslogs in a daily file and also in a device-daily file. So to retain 90 days, I just don't rotate logs any more than 90 days.

Here's a sample syslog-ng.conf file. Your specific implementation will vary depending on file drop or database insert methods...

http://www.campin.net/syslog-ng.conf

Current output is simply to a single, large, flat file. When you say you don't rotate logs more than 90 days, does that mean you manually do it?

No, since my files are daily generated, in order to keep more than 90 days of logs, I just don't delete the dailies. I actually do take the dailies that are more than 60 days and zip them. Since syslogs are text, they squish very nicely.

Since you're using a single, large flat file, you'll need to use some utility to trim that file. You might be better served using the same method I am - putting messages into daily files.

I agree that a daily file is much more friendly. Although it adds a level of complexity to a script we're currently using to scan the file. Once you have a daily file it would be really easy to cron a script to delete files in the appropriate directory that have a creation date of > then 90 days.

Thanks for the info, much appreciated.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: