Don't put your scripts that rotate and archive your firewall logs in the same directory that the syslog demon puts logs in. Some fine day, when you're looking to whack all of those old log files, you are bound to be a little too free with that rm * and you will blow your scripts away.
If you're me, you'll do it days ago and have to reconstruct the scripts by hand because you only have a ten-day tape rotation. <sigh> At least I had an old version of the main script to start from. I had to recreate from scratch the little twelve-line Perl script that spits out a date stamp for yesterday.
Hmm, looking at the size of these log files, I may have to start doing things a little differently. I had been taking the hourly firewall logs (some over a gigabyte in size) and grepping out just the entries I needed into a composite daily log. But, that looks like it may be over the 2GB max file size. I may need to further process the log files to shrink the daily aggregate file: the Fortigate log entries are amazingly verbose, there's a lot I can throw out and still keep all the data I need.
If you're me, you'll do it days ago and have to reconstruct the scripts by hand because you only have a ten-day tape rotation. <sigh> At least I had an old version of the main script to start from. I had to recreate from scratch the little twelve-line Perl script that spits out a date stamp for yesterday.
Hmm, looking at the size of these log files, I may have to start doing things a little differently. I had been taking the hourly firewall logs (some over a gigabyte in size) and grepping out just the entries I needed into a composite daily log. But, that looks like it may be over the 2GB max file size. I may need to further process the log files to shrink the daily aggregate file: the Fortigate log entries are amazingly verbose, there's a lot I can throw out and still keep all the data I need.
- Current Location:home
- Current Mood:
tired
- Current Music:AWM - something new
Profile
netcurmudgeon- netcurmudgeon
- House of Hum
