Syslog rolling between 5 and 10 hours normal?

steveschofield · ‎02-06-2014

I'm setting up syslog forwarding on our hosts, I was curious what retention others have implemented? I'm seeing files that are between 5 and 10 hours. What have others adjusted to retain more than a few hours on disk for a host.... I looked for other discussions or best practice doc and couldn't find anything specific.

Steve

NickSousa · ‎02-06-2014

I think it is environment specific, but in the past I've targeted 24 hours per log file. Work backwards from your most busiest logging amount (5 hours per log rotation). I think I ended up setting these values:

Default rotation size: 10240 (up from 1024)

Default Rotations: 15 (up from 😎

steveschofield · ‎02-06-2014

I'll give that a try, thanks for sharing your experience.

All

Syslog rolling between 5 and 10 hours normal?