On Wed, 27 Nov 2019, Emilio Anzalone wrote:
you edit rsyslog.conf to have it write the logs somewhere else
where? i already tried with the string "if $fromhost-ip startswith 'ip
source' then 'destination folder'" && 'second path' or adding a new string
under that like:
"if $fromhost-ip startswith 'ip source' then 'destination folder'"
"if $fromhost-ip startswith 'ip source' then 'new destination folders'"
& ~
but only the first one is working. I did something wrong?
probably, but you have lots of quotes here, are they really in your config? the
folders should not be in quotes
rather than using & use {}
if then{
action1
action2
}
this is completely up to you and your organization, there are so may ways
to do
it that there is not a simple 'best practices'
with that sort of volume, I like to rotate the logs frequently (I've even
done
every minute) so that when I need to search the files I can limit the
search and
none of the files get huge.
if i have to rotate frequently and i have to keep it for 6 months, i must
calculate the exact number of rotation to add in the logrotate conf under
the rotate parameter? or there is a easier way?
that's the easiest way
or you cn have a job that runs and deletes all files more than 6 months old
(either using date to calculate the date 6 months ago or using find to get a
list of older files
what do you do with these logs? are you commonly looking at subsets of
them? or
do you just keep them because the policy says you should?
are just for policy
then you don't need to get fancy, large files holding everything will work for
you.
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
