07-22-2008 03:10 PM
Does anybody know how to set log retention in syslog-ng to 90 days?
Thanks
07-22-2008 06:24 PM
Depends on how you have it configured. Output to flat files? Output to MySQL server?
I have a couple Syslog-NG instances in my NM Lab and I have it set to put all Syslogs in a daily file and also in a device-daily file. So to retain 90 days, I just don't rotate logs any more than 90 days.
Here's a sample syslog-ng.conf file. Your specific implementation will vary depending on file drop or database insert methods...
07-23-2008 08:04 AM
Current output is simply to a single, large, flat file. When you say you don't rotate logs more than 90 days, does that mean you manually do it?
07-23-2008 08:28 AM
No, since my files are daily generated, in order to keep more than 90 days of logs, I just don't delete the dailies. I actually do take the dailies that are more than 60 days and zip them. Since syslogs are text, they squish very nicely.
Since you're using a single, large flat file, you'll need to use some utility to trim that file. You might be better served using the same method I am - putting messages into daily files.
07-23-2008 08:45 AM
I agree that a daily file is much more friendly. Although it adds a level of complexity to a script we're currently using to scan the file. Once you have a daily file it would be really easy to cron a script to delete files in the appropriate directory that have a creation date of > then 90 days.
Thanks for the info, much appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide