voip ~ # journalctl --disk-usage
Archived and active journals take up 4.2G on disk.voip ~ # du -sh /var/log/journal/
4,3G /var/log/journal/Let’s leave 500M of logs only:
voip ~ # journalctl --vacuum-size=500M
…
Vacuuming done, freed 3.5G of archived journals on disk.Check once again:
voip ~ # journalctl --disk-usage
Archived and active journals take up 744.2M on disk.
voip ~ #
voip ~ # du -sh /var/log/journal/
745M /var/log/journal/
Let’s slice log file of an application to store separate log files during each hour and keep them in separate directories accroding to the date.
Example for RTPEngine:
2. add to it the following settings:
template(
name="rtpengine-tmpl" type="string"
string="/var/log/rtpengine/%$NOW%/rtpengine-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log"
)
template(
name="rtpengine-fmt" type="string"
string="%timegenerated% %HOSTNAME% %syslogtag% %msg:::drop-last-lf%\n"
)
if $app-name == ["rtpengine"] then {
action(type="omfile" dynaFile="rtpengine-tmpl" template="rtpengine-fmt")
stop
}
3. restart rsyslog.
4. profit
Example for OpenSIPS:
# :msg, startswith, "ACC:" /var/log/opensips/acc.log # & stop # # :syslogtag, contains, "opensips" /var/log/opensips/opensips.log # & stop template( name="opensips-tmpl" type="string" string="/var/log/opensips/opensips/%$NOW%/opensips-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log" ) template( name="opensips-acc-tmpl" type="string" string="/var/log/opensips/acc/%$NOW%/acc-%HOSTNAME%-%$YEAR%%$MONTH%%$DAY%.%$HOUR%.log" ) template( name="opensips-fmt" type="string" string="%timegenerated% %HOSTNAME% [%procid%] %syslogseverity-text% %msg%\n" ) if $syslogtag contains "opensips" and $msg contains "ACC:" then { action(type="omfile" dynaFile="opensips-acc-tmpl" template="opensips-fmt") stop } if $syslogtag contains "opensips" then { action(type="omfile" dynaFile="opensips-tmpl" template="opensips-fmt") stop }
3. restart rsyslog.