Request trial
Request Trial

Rotate log based on size and schedule using variables in path and filename

Tags:
#1 Paul_Thomas

Hi all,

I can...

 - rotate log files based on size.

 - rotate log files based on size using event fields- such as $Hostname from Syslog

 - rotate log files based on size and schedule.

I CANNOT rotate log files based on size and schedule using event fields !  It seems that the Schedule component does not like references to fields.

At end of tether, please help.

 

ERROR invalid om_file keyword: $newfilepath

 

<Extension syslog>
    Module xm_syslog
</Extension>
 
<Input in>
    Module im_udp
    Host 0.0.0.0
    Port 514
    Exec parse_syslog();
</Input>
 
<Output out>
    Module om_file
$newfilepath = "D:/Test/" + $Hostname + "/" + $SourceName + "/"
$currfilename = strftime(now(), "%Y%m%d") + ".current"
File $newfilepath + $currfilename
 
# Check the size of our log file every minute and rotate if it is larger than 1Mb
<Schedule>
Every 60 sec
Exec if (out->file_size() >= 1M) \
{ \
$newfilename = $newfilepath + strftime(now(), "%Y%m%dT%H%M%S") + ".s"); \
out->rotate_to($newfilename); \
}
</Schedule>
 
CreateDir   TRUE
</Output>
 
<Route 1>
    Path in => out
</Route>

 

Thanks in advance. Paul

 

Permalink
#2 b0ti Nxlog ✓
#1 Paul_Thomas
Hi all, I can...  - rotate log files based on size.  - rotate log files based on size using event fields- such as $Hostname from Syslog  - rotate log files based on size and schedule. I CANNOT rotate log files based on size and schedule using event fields !  It seems that the Schedule component does not like references to fields. At end of tether, please help.   ERROR invalid om_file keyword: $newfilepath   <Extension syslog>     Module xm_syslog </Extension>   <Input in>     Module im_udp     Host 0.0.0.0     Port 514     Exec parse_syslog(); </Input>   <Output out>     Module om_file $newfilepath = "D:/Test/" + $Hostname + "/" + $SourceName + "/" $currfilename = strftime(now(), "%Y%m%d") + ".current" File $newfilepath + $currfilename   # Check the size of our log file every minute and rotate if it is larger than 1Mb <Schedule> Every 60 sec Exec if (out->file_size() >= 1M) \ { \ $newfilename = $newfilepath + strftime(now(), "%Y%m%dT%H%M%S") + ".s"); \ out->rotate_to($newfilename); \ } </Schedule>   CreateDir   TRUE </Output>   <Route 1>     Path in => out </Route>   Thanks in advance. Paul  

The <Schedule> block is not triggered/evaluated in the context of an event record, thus you cannot use fields there.  You should use module variables instead.
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS