Last active
January 18, 2017 19:33
-
-
Save getkub/70e3176654d55f3b72015a5c7aa1e4a2 to your computer and use it in GitHub Desktop.
Splunk logrotate example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # An example for rsyslog logrotate daemon config. | |
| # Written by isplunker.com | |
| #/etc/logrotate.d/myrotate.conf | |
| /var/log/syslog/*.log | |
| /var/log/syslog/*/*.log | |
| /var/log/syslog/*/*/*.log | |
| /var/log/syslog/*/*/*/*.log | |
| { | |
| notifempty # Do not rotate the log if it is empty | |
| compress # Old versions of log files are compressed with gzip | |
| delaycompress # Postpone compression of the previous log file to the next rotation cycle | |
| create 0600 splunk splunk # How log file should be created | |
| hourly # Interval | |
| dateext # Archive old versions of log files adding a daily extension | |
| missingok # If the log file is missing, go on to the next one without issuing an error message | |
| rotate 10 # keeps as many old logs | |
| size 500M # maximum size for your logs | |
| sharedscripts # Safeguard against multiple runs | |
| postrotate # actions after completing rotate | |
| /bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` 2 >/dev/null || true endscript | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment