• State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 21 subscribers
  • Views 650 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Sys Log Configuation.

ybableh

Dears,

I have some questions here regarding the below:

1- log rotation

2- log archiving

3- Clean up.

Please advise with a best practice configuration. currently we have a clean up action to delete logs every one week. our requirement to keep three months logs.

: we are using AutoSplit option using IP address. so the number of logs is equal the number of hosts. . and if I use log rotation then the information for all logs will be accessible from the console,shall I use archiving as well?

what is the best practices configuration?

Thanks

  • 0

    Log archiving will move the logs from one location to another and, optionally, zip them.  We archive our zipped logs daily at midnight to another drive. These are stored then there are clean-up actions that run to delete files older than the retention requirements. The clean up actions run daily, typically around 6am.

    For example, our host logs are archived daily, then deleted after 30 days. When archiving we prepend the ISO date to the hostname(2016-10-17-hostname.txt). Our catchall logs are also archived daily and then deleted after 6 months from the archive location.

    We only use log rotation based on size.  We limit each file to 250mb then rotate to a new file. This keeps the file size manageable when needing to open and search.

  • 0 in reply to kstone

    Thank you kstone

    what do you mean by host logs and catchall logs, is not the same logs?

    for our environment the logs is like this "SyslogCatchAll-2016-10-17-010.200.018.025", so the IP address is added to the end of the file name. I am sorry that I didn't get your explanation well. is it possible to provide steps is how to do what you explained above. and provide screenshots if possible?

    Thanks

  • 0 in reply to ybableh

    We have our default rule(first action), it logs everything to a file called syslogcatchall.txt in D:\syslog\logs. This file is rolled over every 250mb so there may be syslogcatchall.txt.001, syslogcatchall.txt.002, etc. 

    Our second action is to log by hostname using the auto-split function.  This then logs to D:\syslog\hostlogs.  These file are also set to roll over every 250mb.

    We do this for two reasons, ease of searching for an event on a specific host and that they have different retention times.  We are required to save all log entries for 6 months.  We only keep the hostlogs for 30 days as they are for convenience and not a requirement.

    At the end of each day at midnight we archive these to F:\archive\logs and F:\archive\hostlogs respectively with the date prepended to the filename.

    Then, every day the clean up tasks run and delete any files outside of the respective retention times for each directory.

  • 0 in reply to kstone

    now its very clear for me, Thank you very much for you help.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.