Solved

Rsyslog & loganalyzer DB size

Posted on 2014-10-14
12
379 Views
Last Modified: 2014-10-17
This is eating up the disk space at 4 gigs per day. The system runs very slow due to being old hardware so I would like to trim this down. The server is receiving syslog information from one firewall and I have 27 firewalls that I want to setup for this so just imagine how much disk space this would eat up.  Is there a setting somewhere that I can change to not log so much, or truncate the database every 8-10 hours?
0
Comment
Question by:stlhost
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 13

Expert Comment

by:Sandy
ID: 40379877
why don't you put compress parameter in logrotate.d/<log_conf> file ?

or you can use gzip on the files as-well.

TY/SA
0
 
LVL 2

Author Comment

by:stlhost
ID: 40380577
The data goes into an SQL database.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 40380724
OK.. Which firewall it is and what is the log debug level ?

Please share log configuration of firewall

TY/SA
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 2

Author Comment

by:stlhost
ID: 40380842
Sonicwall 3500. Syslog is set to local 0, syslog format is Webtrends.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40380993
4G/day is not much...
0
 
LVL 2

Author Comment

by:stlhost
ID: 40382004
Not really I guess when you are sending all info over I suppose but was wondering if there was a way to lighten the load or trim the database on daily basis.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40382542
Would be nice to know what type pf "SQL database" data is using, so I can suggest optimal either trigger or schedule script.
Do you record now() when log records arrive?
0
 
LVL 2

Author Comment

by:stlhost
ID: 40384276
That I have no idea. I just used what came with the program and created a database based on http://nolabnoparty.com/en/install-rsyslog-loganalyzer/

CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
        ID int unsigned not null auto_increment primary key,
        CustomerID bigint,
        ReceivedAt datetime NULL,
        DeviceReportedTime datetime NULL,
        Facility smallint NULL,
        Priority smallint NULL,
        FromHost varchar(60) NULL,
        Message text,
        NTSeverity int NULL,
        Importance int NULL,
        EventSource varchar(60),
        EventUser varchar(60) NULL,
        EventCategory int NULL,
        EventID int NULL,
        EventBinaryData text NULL,
        MaxAvailable int NULL,
        CurrUsage int NULL,
        MinUsage int NULL,
        MaxUsage int NULL,
        InfoUnitID int NULL ,
        SysLogTag varchar(60),
        EventLogType varchar(60),
        GenericFileName VarChar(60),
        SystemID int NULL
);

CREATE TABLE SystemEventsProperties
(
        ID int unsigned not null auto_increment primary key,
        SystemEventID int NULL ,
        ParamName varchar(255) NULL ,
        ParamValue text NULL
);

Open in new window


Thanks
0
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 40385338
It is mysql :)
select count(*) from syslog where ReceivedAt > (curdate() - 3 months)

if it seems what you want to delete just replace select count with delete
0
 
LVL 2

Author Comment

by:stlhost
ID: 40385519
mysql> select count(*) from SystemEvents where ReceivedAt > (curdate() - 90);
+----------+
| count(*) |
+----------+
| 43151859 |
+----------+
1 row in set (2 min 9.10 sec)
0
 
LVL 62

Expert Comment

by:gheist
ID: 40386025
I was meaning to delete where ReceivedAt is OLDER than those 3 months...
0
 
LVL 2

Author Comment

by:stlhost
ID: 40386557
oh lol. Thanks
0

Featured Post

Docker-Compose to Simplify Multi-Container Builds

Our veteran DevOps Author takes you through how to build a multi-container environment, managed with a single utility in order to simplify your deployments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question