How do I check that the Syslog table is being cleared on a daily basis? Our table went from 10gb to 25gb in 4days..
There has to be a log file to display this somewhere right..
I'm not sure if there is a log file or not but there are ways to see if they are being cleared.
Nightly maintenance should be culling the old entries from your SysLog table according to the Syslog settings on your system. For example, we keep 2 years(730 days) of syslog data.
This table size grew as expected until we had 2 full years of data. Once we had 2 years of data the table size didnt change much because nightly maintenance runs everynight removing entries older than 2 years.
I can verify this if i wanted to; I could check the Events table for the most recent event with the EventType of 1000 to verify that nightly maintenance ran and completed.
Then i could query the Syslog table to see if there were any messages with an EventTime that does not fall into our defined window of time for syslog retention.
This being said, 15GB of syslog data in 4 days is a ton of syslog data. Are these valid messages being received from your sending devices?
When you ask 'are the messages being cleared on a daily basis', are you expecting the whole syslog table to be cleared? If so, just move your slider all the way to the left. That would clear everything except for one days worth.
I agree.. we dont use the orion server for its syslog functionality.. i dropped the retention period to a day and was hoping to see that table size SHRINK, but it still seems to be growing..
i might have to re-index and shrink that table to see the actual results. I dont see any data from 2days ago but the table size hasnt shrunk..
We also have a report that helps identify devices that are maybe producing thousands of syslog messages (sometimes we find someone has turned debug on etc). It might be the cause of your issue rather than a maintenance job type issue.
It uses the following SQL statement:
Select hostname, count(hostname) as count from syslog where DateTime > Getdate() - 1 Group by Hostname order by count(hostname) desc
Dave.
