All,

I have just put up Red Hat ES 4.0 to function as a Cisco PIX syslog server for my enterprise. I've installed syslog-ng to replace the default install of syslog and have configured it to log all syslog events coming in UDP 514 on facility local4 to log to /var/log/aw.

This is a snippet of my syslog-ng conf file:

destination d_aw { file("/var/log/aw/$YEAR.$MONTH.$DAY.$HOUR.aw.log" template("$DATE,$HOST,$FACILITY.$PRIORITY,$MESSAGE\n")

What this gets me is a new file created hourly, comma delimited for all of the fields I need to capture and sort on, with nice and neat names such as:

2005.09.16.13.aw.log
2005.09.16.14.aw.log
2005.09.16.15.aw.log
...etc

the reason for this setup is that we collect a few gigabyes per day of PIX logs and this makes it easier to work with.

I need to be able to run a cron job nightly at midnight to compress all 24of the logfiles on the previuos day into one file with the date on it to /var/log/aw/backup/. I am a recovering Windows admin and this was a very simple .bat job that I ran nightly. I have been slowly moving to Linux but this answer seems to be eluding me.

Any and all help appreciated,

Mac

Try this:

cd /var/log/aw;
today=`date +%Y.%m.%d`;
tar -zcvf $today.tar.gz $today.??.aw.log;
mv $today.tar.gz ./backup/;


You can also rm -f $today.??.aw.log at the end of the script if that is what you want.