Skip to main content

Logrotate with Syslog-NG


I wanted to archive my logs that are created with Syslog-NG. But I also wanted to delete them after a while.

Syslog-NG does a great job of rotating the logs. There is even a script on the Syslog-NG FAQ that will compress the logs.  My script has now been copied up there. (wohoo)

But we have a pretty small Syslog server, and generating 10gigs of logs day fill it up pretty quick.

Here's the script I wrote...

It's pretty simple to follow:
Find all files in the log directory that are not dated today, and that are not .gz, and archive them using gzip. We chose to use Gzip because of the time it takes compared to b2zip. Yes, we can get more space from
B2zip, but we usually have to uncompress the file, and B2zip can take 20 minutes to do this.

Then, find all files that have not been modified in 14 days, and delete them.

Then, find all directories that are empty, and remove them.

There is a small logic problem with this script. If you change the modification time of the archive, say by unzipping it, and then rezipping it, it will take an addition 14 days to delete.

[root@server cron.daily]# more syslog-ng-logrotate

# Current policy is:
# Find all non-Archived files that aren't from today, and archive them
# Archive Logs are deleted after 14 days
#
#Changes. Change -mtime +14 to the number of days to keep
# Archive old logs
/usr/bin/find /var/log/HOSTS ! -name "*.gz" -type f ! -path "*`/bin/date +%Y/%m/%d`*" -exec /usr/bin/gzip {} \;

# Delete old archives
find /var/log/HOSTS/ -daystart -mtime +14 -type f -exec rm {} \;

# Delete empty directories
find /var/log/HOSTS/ -depth -type d -empty -exec rmdir {} \;


Comments

Popular posts from this blog

Embed a Slideshow from Picasa Web / Google Plus

One of the great features of Picasa Web was that you could embed a Flash slideshow of your albums. Google would even give you the code to do it.  There was a button that said Embed and it would give you the code. Just cut and paste and you were done. With the migration to Google Plus Photos, this disappeared. Here's a work around. Use the following link to get back to the original PicasaWeb site. https://picasaweb.google.com/ lh/myphotos?noredirect=1 Hopefully the embed button makes a re-appearance, or Google leaves the old page up forever. *******UPDATE******* One of the commenters below posted this website. http://www.slidemypics.com/ It seems to work pretty good!

WPAD does not resolve in DNS

At work, we're doing a POC (proof of concept) with a web-proxy, specifically Ironport Websecurity Appliance. Like most all proxies, you have to get the traffic from the client to the proxy. It supports transparent traffic redirection, but we're looking at using WPAD instead. However, when I created the WPAD DNS entry, it didn't resolve. C:\>ping wpad Ping request could not find host wpad. Please check the name and try again. C:\>nslookup wpad <DNSServer1> Server: <DNSServer1>.domain.net Address: <IPofDNSServer1> *** <DNSServer1>.domain.net can't find wpad: Non-existent domain This of course, is a big problem. It took a little investigating, but I found the cause. Windows Server 2008 introduced a new feature, called "Global Query Block list", which prevents some arbitrary machine from registering the DNS name of WPAD. This is a good security feature, as it prevents someone from just joining your network, and setting himsel