Skip to main content

Logrotate with Syslog-NG


I wanted to archive my logs that are created with Syslog-NG. But I also wanted to delete them after a while.

Syslog-NG does a great job of rotating the logs. There is even a script on the Syslog-NG FAQ that will compress the logs.  My script has now been copied up there. (wohoo)

But we have a pretty small Syslog server, and generating 10gigs of logs day fill it up pretty quick.

Here's the script I wrote...

It's pretty simple to follow:
Find all files in the log directory that are not dated today, and that are not .gz, and archive them using gzip. We chose to use Gzip because of the time it takes compared to b2zip. Yes, we can get more space from
B2zip, but we usually have to uncompress the file, and B2zip can take 20 minutes to do this.

Then, find all files that have not been modified in 14 days, and delete them.

Then, find all directories that are empty, and remove them.

There is a small logic problem with this script. If you change the modification time of the archive, say by unzipping it, and then rezipping it, it will take an addition 14 days to delete.

[root@server cron.daily]# more syslog-ng-logrotate

# Current policy is:
# Find all non-Archived files that aren't from today, and archive them
# Archive Logs are deleted after 14 days
#
#Changes. Change -mtime +14 to the number of days to keep
# Archive old logs
/usr/bin/find /var/log/HOSTS ! -name "*.gz" -type f ! -path "*`/bin/date +%Y/%m/%d`*" -exec /usr/bin/gzip {} \;

# Delete old archives
find /var/log/HOSTS/ -daystart -mtime +14 -type f -exec rm {} \;

# Delete empty directories
find /var/log/HOSTS/ -depth -type d -empty -exec rmdir {} \;


Comments

Most Popular Posts

First Post!

In August 1999, I bought my own domain name, mpking.com .  This domain name. Over the years I've used a variety of blogging software. Initially I did all the website design myself, hand crafting the HTML myself. I even had one of those *Designed by Notepad* buttons. I still have one of the custom drop cap letters I made. Yea, it's really hard to see, because it's White text.  My first website, like most all bad websites of the early 2000, was black theme.  I ran the website off my computer in my room. I quickly tired of this, and moved onto a Blog software platform.  You used an actual program program, (I don't remember it's name) and you would type up your entry, then upload it to the website.  That tired quickly, as the software was at home, and most entries, then as now, revolved around work. Then I discovered FreeGuppy .  It was online CMS platform, and it was nearly perfect, for almost five years.I even developed some plugin's for the product. A