You are here

Home › How to change Log Viewer data rotation and archiving

How to change Log Viewer data rotation and archiving

Submitted on 8. December 2010 - 11:48 by sha.
Last update on 28. January 2014 - 15:33.
OLD: Affects version(s): 
5
4.2
4.1-11.x

This article describes how logs are archived and how some of the parameters may be customized in Airlock 4.1 and newer.

How log rotation and compression works

Airlock stores its log files in two partitions, /data and /archive. As soon as the usage in /data exceeds a certain limit (70%) or when the log files exceed a certain age (182 days), the corresponding log files are moved (and compressed) from /data to /archive to ensure enough capacity is available in /data. Once the files are moved to /archive, they are kept there until the capacity reaches 70% or the files are older than 365 days, then they are deleted.

Custom configuration

These limits should suit most system configurations. However if you have a high traffic system with small harddrives, there might not be enough space left (those 30% of /data) to store full logs of the current day. In this case you need to adjust the settings to your own values as follows:

  • Edit the space manager configuration:# vi /opt/airlock/taclog/etc/proxy/spacemgr.conf

    For Airlock 4.x use following command:
    # vi /opt/slt/ses/taclog/proxy/etc/spacemgrp.conf
  • Check disk usage with 'df -k' and if the usage of /data is bigger than 95% you need to tweak your log archive configuration, because there might not be enough space left.
  • Lower the following value to your needs:
    DATA_MAX_DISKSPACE_USED=70: move the files needed, if disk usage is over X percent. Make sure that 100 - DATA_MAX_DISKSPACE_USED is enough space to keep the log files for at least one whole day.

    Example:
    df -k
    root@airlockhost:/[49] # df -k
    /dev/md/dsk/d40      45961994   43637353   45455577     96%    /data

    This means on the current day you have allready log data of 96 - 70 = 26% of the file system's capacity.
    If this happens mid-day, then the total amount of expected daily log data would be ~50% of the /data partition's capacity. To be safe, you set DATA_MAX_DISKPACE_USED=40.
    This means 60% of /data are kept free and you have enough space to store those 50% that are required every day.

Your manual changes might get lost when installing an Airlock update that includes changes of the log viewer component. Please check the spacemgrp.conf file after installing any updates.
Knowledge Base Categories: 
Operating
© Ergon Informatik AG