On Wednesday 30 July 2003 08:45 pm, Stroller wrote:
> On 30/7/03 3:45 am, "Alan" <[EMAIL PROTECTED]> wrote:
> >> - Why isn't syslog-ng supplied with a suitable cron script to tidy
> >> my logfiles..?
> >
> > This would be handled by logrotate, but you still have to come up
> > with the config files for it yourself :\ I managed to grab a bunch
> > off my debian box...
>
> Would you have a copy you can post, please..?
>
> TIA,
>
> Stroller.
Here's a basic logrotate script:
compress
/var/log/*
{
rotate 5
size=800k
postrotate
killall -HUP syslog-ng
endscript
}
You will need to handle any /var/log subdirs, such as apache or mysql,
individually as they will need their own postrotate functions.
Also, you might want to look into syslog-ng's macro expansion function.
For instance, you can do this:
destination whatever {
file("/var/log/whatever/$HOST/$YEAR/$MONTH/$FULLDATE.log" owner
(root) group(logs) perm(0640) dir_perm(0770) create_dirs(yes)
};
...to come up with a different file for every host, every day - makes it
easier to compress and archive the older files.
There are also ways to put your logs straight into an SQL database:
destination mysql {
pipe("/tmp/mysql.pipe"
template("INSERT INTO logs (host,facility,priority,level,tag,
timestamp,program,msg) VALUES ('$HOST','$FACILITY',
'$PRIORITY','$LEVEL','$TAG','$UNIXTIME','$PROGRAM',
'$MSG');\n")
template-escape(yes));
};
...so that you can delete older logs with just a 'delete from' SQL
query.
The syslog-ng mailing list archives are here:
https://lists.balabit.hu/pipermail/syslog-ng/
and more useful info can be found at:
http://www.campin.net/syslog-ng/faq.html
Best,
Dave
--
[EMAIL PROTECTED] mailing list
