How to archive a dayly syslog flat file

Unanswered Question
Oct 27th, 2009
User Badges:

Hi all,


I have recently installed a new platefrom LMS 3.2 on solaris 10. I would like to create a syslog flat file dayly from the syslog_info file over one year. I think of using the log rotation tool to have a dayly file. Remark, the file name must be the current date. Is-it the better solution ?? Have you an other idea to do it. Perhaps using the backup syslog from RME. I have tested this solution, but i can't choose my directory and the file obtained is only to a CSV file. Who already had this case and how that was solved.

Thx a lot for your ideas. Rgds. Herve

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Tue, 10/27/2009 - 06:34
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You could use logadm to do this. Currently, logrot only rotates to numbered archives. However, if you wanted to archive the files with the date, logadm can do this. For example, something like the following in /etc/logadm.conf would work:


/var/log/syslog_info -c -C 10 -p 1y -t "/var/log/backups/$basename.%Y%m%d"


The -c option is critical. Without this, SyslogCollector and syslogd would need to be restarted before log processing in RME would continue.

hlichiere Tue, 10/27/2009 - 07:54
User Badges:

Hi,

Thanks for your help.

To understand :

I changed the location of the syslog_info file to another directory (/datapool/archive/xxxx). To create a dayly file from syslog_info i must to add this line :

/datapool/archive/syslog_info -c -C 10 -p 1y -t "/datapool/archive/xxx/$basename.%Y%m%d"

Could you give me more precision about the syntax ?? How to configure a dayly process ?? Is it the syslog_info is purge or just forwarded to a new file ?

Rgds

Joe Clarke Tue, 10/27/2009 - 08:08
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Actually, my example will configure a yearly rotation. If you want daily, change -p 1y to -p 1d. The rest of your example should work.


When logadm runs, it will copy the existing contents of syslog_info to the archive file, then zero out syslog_info.

Actions

This Discussion