Improving Log Retention Policy

(Davide Marini) #1

Hi all,
I would like to know your thoughts about the log policy retention and how to improve it.
Currently, unless otherwise specified, logs are kept for 52 weeks (one year), but many important sections have specific settings, for example the web proxy logs are kept for just 4 weeks.

I personally would like to modify the log retention policy in a simpler way than going through the logrotate files, a place where I can clearly see and modify the policies for each section.
A good starting point could be to templetize all the files in the /etc/logrotate.d/ directory, separating the rotate fragment from other ones and create a db where rotate values will be stored and can be changed.

It would be great to have a dedicated web panel, but maybe somebody could have more clever (and easier to implement) ideas.

What do you think about that?
Some of you have already done something similar?

(Filippo Carletti) #2

Logs are kept only for 4 weeks:

# config show logrotate

(Davide Marini) #3

You’re right, the community version has just 4 weeks by default, but the question is still valid because however, there are many sections (those in /etc/logrotate.d/) that have settings different from the default.

(Giacomo Sanchietti) #4

Different software have different requirements, this is why every RPM comes with its own logrotate configuration.
Some software also uses rotation based on size, rather then on time.

For example, there /var/log/yum.log and /var/log/messages have such different configuration which can be hardly unified.

(Michael Kicks) #5

Therefore… Package customizable log rotation?
Only few daemons/services are system, biggest part is service or application related.