Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

log retention w/ syslog-ng

Does anybody know how to set log retention in syslog-ng to 90 days?

Thanks

4 REPLIES
Cisco Employee

Re: log retention w/ syslog-ng

Depends on how you have it configured. Output to flat files? Output to MySQL server?

I have a couple Syslog-NG instances in my NM Lab and I have it set to put all Syslogs in a daily file and also in a device-daily file. So to retain 90 days, I just don't rotate logs any more than 90 days.

Here's a sample syslog-ng.conf file. Your specific implementation will vary depending on file drop or database insert methods...

http://www.campin.net/syslog-ng.conf

Community Member

Re: log retention w/ syslog-ng

Current output is simply to a single, large, flat file. When you say you don't rotate logs more than 90 days, does that mean you manually do it?

Cisco Employee

Re: log retention w/ syslog-ng

No, since my files are daily generated, in order to keep more than 90 days of logs, I just don't delete the dailies. I actually do take the dailies that are more than 60 days and zip them. Since syslogs are text, they squish very nicely.

Since you're using a single, large flat file, you'll need to use some utility to trim that file. You might be better served using the same method I am - putting messages into daily files.

Community Member

Re: log retention w/ syslog-ng

I agree that a daily file is much more friendly. Although it adds a level of complexity to a script we're currently using to scan the file. Once you have a daily file it would be really easy to cron a script to delete files in the appropriate directory that have a creation date of > then 90 days.

Thanks for the info, much appreciated.

1047
Views
0
Helpful
4
Replies
CreatePlease to create content