Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Kiwi Syslog Server > Kiwi Syslog Server Getting Started Guide > Create schedules to automate log archival and retention

Create schedules to automate log archival and retention

Kiwi Syslog Server Getting Started Home

Most organizations have retention policies that require log files to be kept for a certain period. Retention policies ensure that the organization complies with regulatory standards and that documents are available if needed for audits or other legal issues.

To save time and ensure accuracy, use Kiwi Syslog Server schedules to automate your log archival and retention process. The following example creates two schedules:

  • The first schedule archives log files that are not needed for current analysis.
  • The second schedule removes archived log files after the retention period is over.

Task 1: Create a rule to log each message

If you have not already done so, create a rule to log each message to a file. Split the log files based on the date and the IP address of the sending device.

Task 2: Create a schedule to archive log files

To save disk space, you can archive log files that you probably will not need for troubleshooting. The following example moves log files into a compressed archive when they are more than one week old.

  1. Create a folder to store archived log files. For this example, archived files are stored in C:\Program Files (x86)\Syslogd\Archive.
  2. Select File > Setup to open the Kiwi Syslog Server Setup dialog box.
  3. Right-click Schedules and select Add new schedule.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-create-new.png

  4. Replace the default name with a descriptive name (for example, Archive logs after 7 days).

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-rename.png

  5. Leave the default Task Type and Task Trigger.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-task-type.png

  6. Set the frequency to Day and set it to run every day.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-frequency.png

  7. Click the Source tab and verify that the Source location is your log folder.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-source-location.png

  8. Under Source files, specify a File age of At least 8 days.

    Leave the default File mask and File size values to include all files in the directory.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-file-age.png

  9. Click the Destination tab, and browse to select the folder you created to store archived files.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-destination-folder.png

  10. Verify that Move files is selected.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-move-files.png

  11. Click the Archive Options tab and select Zip files after moving/copying.

    Optionally, you can also increase the compression level.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-zip.png

  12. Click Apply to save the schedule.

Task 3: Create a schedule to remove archived files after the retention period

To keep the Archive folder clean, remove archived log files after the retention period is over.

  1. Right-click Schedules and select Add new schedule.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules2-create-new.png

  2. Replace the default name with a descriptive name (for example, Remove logs after 7 years).

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules2-rename.png

  3. Change the Task Type to Clean-up. Leave the default Task Trigger (On a schedule).

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules2-task-type.png

  4. Set the frequency to Day and set it to run every day.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules-frequency.png

  5. Click the Source tab and change the Source location to your archive folder.

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules2-source-location.png

  6. Under Source files, specify a File age of At least 7 years (or your organization's retention period).

    File:Success_Center/Reusable_content_-_InfoDev/Kiwi_Syslog_Server_GSG/GS_MT/040/gs-schedules2-file-age.png

  7. Click Apply to save the schedule.

Log files are automatically split by date and sending device, archived after a week, and removed after the retention period.

Last modified
10:58, 28 Feb 2017

Tags

Classifications

Public