[TriLUG] rotate logs to another device? WAS: Re: centralized logging

Ronald Kelley rkelleyrtp at gmail.com
Wed Jan 20 09:07:16 EST 2010 

I would simply script the rsync into a nighly cron job then rename the resulting files to a standard date-time format. 

As an alternative, I would look to see if syslog-ng has the ability to rename the rotated logs into a date-time format.  Then, you won't have to worry about the count.

-Ron



On Jan 20, 2010, at 9:00 AM, Josh Johnson wrote:

> Yes. I'm concerned about the magic numbering scheme that logrotate uses (e.g. messages.1.gz)... do I have to worry about the count?
> 
> JJ
> 
> On Jan 19, 2010, at 5:23 PM, Ron Kelley wrote:
> 
>> Can you map the SAN share as a LUN and rsync your files?
>> 
>> Thanks,
>> 
>> -Ron
>> Sent from my iPhone
>> 
>> On Jan 19, 2010, at 15:27, Josh Johnson <josh_johnson at unc.edu> wrote:
>> 
>>> I've gone ahead with syslog-ng and I really like it.
>>> 
>>> I have a ton of space on a SAN. What I'd like to do is have excess logs get moved over to the SAN on a regular basis. Im going to dig into the syslog-ng docs and see if it can handle this sort of mirror/split-brain setup, but this seems like a common enough use case (at least, I think so!), so I'd like to hear what other people are doing.
>>> 
>>> logrotate won't rotate to another device. Does anyone have any pointers or suggestions to putting together a cron job or something to do handle this?
>>> 
>>> I like having the logs handy for quick debugging/checking, but then have a relatively  large store for historical logs that will get crunched from time to time. I also don't want logging to fail if the SAN has gone down (or I'd just put all the logs directly on the SAN).
>>> 
>>> Thanks,
>>> JJ
>>> 
>>> On Jan 13, 2010, at 10:00 AM, Clay Stuckey wrote:
>>> 
>>>> I used syslog-ng before with great results. It had lots of features such as logging to a db as well as log relaying with spoofed source.
>>>> 
>>>> --
>>>> Clay Stuckey
>>>> (919) 600-0486
>>>> claystuckey at gmail.com
>>>> 
>>>> On Jan 13, 2010, at 9:22 AM, Josh Johnson <josh_johnson at unc.edu> wrote:
>>>> 
>>>>> I want to collect various server logs into a centralized place. What's the best way to do this? What should I keep in mind when migrating to a centralized logging infrastructure?
>>>>> 
>>>>> I've been looking at syslog-ng and rsyslogd. I've got a combination of RHEL 5 and Ubuntu machines.
>>>>> 
>>>>> The primary reason why I need this is because I've got SAN hardware that will send syslog messages over the SAN network when drives are getting close to failure or have failed (the docs say I can get a fairly early warning).
>>>>> 
>>>>> I'm also going to deploy some web applications that generate lots of logs and will need to be periodically checked to extract usage statistics and diagnose usability issues.
>>>>> 
>>>>> Thanks,
>>>>> JJ
>>>>> --
>>>>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>>>>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>> --
>>>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>>>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>>>> 
>>> 
>>> --
>>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>> --
>> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
>> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions
>> 
> 
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions

Thanks,

-Ron
rkelleyrtp at gmail.com

More information about the TriLUG mailing list