Syslog Output File Splitting HOURLY at Syslog Server












0















I have implemented syslog server on CentOS and using below Template to generate output file on daily basis -



$template TmplNationalIP_PL, "/var/log/NIPFW/MX480/CGNAT_PL_%$year%.%$month%.%$day%"
if ($msg contains 'OR_NAT' and $msg contains '55.91.165.') then ?TmplNationalIP_PL
& ~


Similar to above (daily), I am looking to split syslog files on HOURLY basis (instead of daily).



Can you please suggest how I can split syslog messages files on HOURLY basis as I couldn't find any HOURLY variables to use?



Also, I am using logrotate + cron jobs but there is no option to rotate hourly basis in logrotate (minimum is daily).



Below is the snip from cat /etc/logrotate.d/syslog



/var/log/NIPFW/MX480
{
rotate 50
daily
copytruncate
missingok
notifempty
compress
delaycompress
dateext
maxage 30
sharedscripts
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}









share|improve this question





























    0















    I have implemented syslog server on CentOS and using below Template to generate output file on daily basis -



    $template TmplNationalIP_PL, "/var/log/NIPFW/MX480/CGNAT_PL_%$year%.%$month%.%$day%"
    if ($msg contains 'OR_NAT' and $msg contains '55.91.165.') then ?TmplNationalIP_PL
    & ~


    Similar to above (daily), I am looking to split syslog files on HOURLY basis (instead of daily).



    Can you please suggest how I can split syslog messages files on HOURLY basis as I couldn't find any HOURLY variables to use?



    Also, I am using logrotate + cron jobs but there is no option to rotate hourly basis in logrotate (minimum is daily).



    Below is the snip from cat /etc/logrotate.d/syslog



    /var/log/NIPFW/MX480
    {
    rotate 50
    daily
    copytruncate
    missingok
    notifempty
    compress
    delaycompress
    dateext
    maxage 30
    sharedscripts
    postrotate
    reload rsyslog >/dev/null 2>&1 || true
    endscript
    }









    share|improve this question



























      0












      0








      0








      I have implemented syslog server on CentOS and using below Template to generate output file on daily basis -



      $template TmplNationalIP_PL, "/var/log/NIPFW/MX480/CGNAT_PL_%$year%.%$month%.%$day%"
      if ($msg contains 'OR_NAT' and $msg contains '55.91.165.') then ?TmplNationalIP_PL
      & ~


      Similar to above (daily), I am looking to split syslog files on HOURLY basis (instead of daily).



      Can you please suggest how I can split syslog messages files on HOURLY basis as I couldn't find any HOURLY variables to use?



      Also, I am using logrotate + cron jobs but there is no option to rotate hourly basis in logrotate (minimum is daily).



      Below is the snip from cat /etc/logrotate.d/syslog



      /var/log/NIPFW/MX480
      {
      rotate 50
      daily
      copytruncate
      missingok
      notifempty
      compress
      delaycompress
      dateext
      maxage 30
      sharedscripts
      postrotate
      reload rsyslog >/dev/null 2>&1 || true
      endscript
      }









      share|improve this question
















      I have implemented syslog server on CentOS and using below Template to generate output file on daily basis -



      $template TmplNationalIP_PL, "/var/log/NIPFW/MX480/CGNAT_PL_%$year%.%$month%.%$day%"
      if ($msg contains 'OR_NAT' and $msg contains '55.91.165.') then ?TmplNationalIP_PL
      & ~


      Similar to above (daily), I am looking to split syslog files on HOURLY basis (instead of daily).



      Can you please suggest how I can split syslog messages files on HOURLY basis as I couldn't find any HOURLY variables to use?



      Also, I am using logrotate + cron jobs but there is no option to rotate hourly basis in logrotate (minimum is daily).



      Below is the snip from cat /etc/logrotate.d/syslog



      /var/log/NIPFW/MX480
      {
      rotate 50
      daily
      copytruncate
      missingok
      notifempty
      compress
      delaycompress
      dateext
      maxage 30
      sharedscripts
      postrotate
      reload rsyslog >/dev/null 2>&1 || true
      endscript
      }






      cron rsyslog syslog logrotate






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 57 mins ago









      Rui F Ribeiro

      40.5k1479137




      40.5k1479137










      asked 1 hour ago









      SarjitSSarjitS

      13




      13






















          2 Answers
          2






          active

          oldest

          votes


















          0














          The hour-based system property for rsyslog is appropriately called '$hour'. This is documented under the rsyslog Properties page.



          Therefore, you can modify your template as shown below to generate hourly log files:



          $template TmplNationalIP_PL,"/var/log/NIPFW/MX480/CGNAT_PL_%$year%.%$month%.%$day%.%$hour%"





          share|improve this answer































            0














            cron and logrotate



            The script /etc/cron.daily/logrotate is located in the daily folder.



            You have to move it to /etc/cron.hourly and change daily to hourly in your config file.






            share|improve this answer























              Your Answer








              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "106"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: false,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: null,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f503053%2fsyslog-output-file-splitting-hourly-at-syslog-server%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              0














              The hour-based system property for rsyslog is appropriately called '$hour'. This is documented under the rsyslog Properties page.



              Therefore, you can modify your template as shown below to generate hourly log files:



              $template TmplNationalIP_PL,"/var/log/NIPFW/MX480/CGNAT_PL_%$year%.%$month%.%$day%.%$hour%"





              share|improve this answer




























                0














                The hour-based system property for rsyslog is appropriately called '$hour'. This is documented under the rsyslog Properties page.



                Therefore, you can modify your template as shown below to generate hourly log files:



                $template TmplNationalIP_PL,"/var/log/NIPFW/MX480/CGNAT_PL_%$year%.%$month%.%$day%.%$hour%"





                share|improve this answer


























                  0












                  0








                  0







                  The hour-based system property for rsyslog is appropriately called '$hour'. This is documented under the rsyslog Properties page.



                  Therefore, you can modify your template as shown below to generate hourly log files:



                  $template TmplNationalIP_PL,"/var/log/NIPFW/MX480/CGNAT_PL_%$year%.%$month%.%$day%.%$hour%"





                  share|improve this answer













                  The hour-based system property for rsyslog is appropriately called '$hour'. This is documented under the rsyslog Properties page.



                  Therefore, you can modify your template as shown below to generate hourly log files:



                  $template TmplNationalIP_PL,"/var/log/NIPFW/MX480/CGNAT_PL_%$year%.%$month%.%$day%.%$hour%"






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered 1 hour ago









                  HaxielHaxiel

                  2,9801917




                  2,9801917

























                      0














                      cron and logrotate



                      The script /etc/cron.daily/logrotate is located in the daily folder.



                      You have to move it to /etc/cron.hourly and change daily to hourly in your config file.






                      share|improve this answer




























                        0














                        cron and logrotate



                        The script /etc/cron.daily/logrotate is located in the daily folder.



                        You have to move it to /etc/cron.hourly and change daily to hourly in your config file.






                        share|improve this answer


























                          0












                          0








                          0







                          cron and logrotate



                          The script /etc/cron.daily/logrotate is located in the daily folder.



                          You have to move it to /etc/cron.hourly and change daily to hourly in your config file.






                          share|improve this answer













                          cron and logrotate



                          The script /etc/cron.daily/logrotate is located in the daily folder.



                          You have to move it to /etc/cron.hourly and change daily to hourly in your config file.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered 30 mins ago









                          FreddyFreddy

                          8598




                          8598






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Unix & Linux Stack Exchange!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f503053%2fsyslog-output-file-splitting-hourly-at-syslog-server%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              Loup dans la culture

                              How to solve the problem of ntp “Unable to contact time server” from KDE?

                              ASUS Zenbook UX433/UX333 — Configure Touchpad-embedded numpad on Linux