Hi
I'm using an old version of elasticsearch (6.4.1).
In /var/log/elasticsearch I have a lot of logs file since 2018 with log.gz extension.
It seems using logrotate is not a good option, but instead, using the parameters in log4j2.properties.
However, in this file, the configuration seems good :
appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
appender.rolling.layout.type = PatternLayout
appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n
appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 128MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.fileIndex = nomax
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
appender.rolling.strategy.action.condition.type = IfFileName
appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
appender.rolling.strategy.action.condition.nested_condition.type = IfLastModified
appender.rolling.strategy.action.condition.nested_condition.age = 7D
It's the same parameter as the documentation
but it's not working.
What is wrong ?
I don't know the logstash version, what should I do ?
-
add this parameter :
appender.rolling.strategy.delete.ifLastModified.age = 30dinstead of
appender.rolling.strategy.action.condition.nested_condition.age = 7D -
add this one :
appender.rolling.strategy.action.condition.nested_condition.lastMod.age = 30D
or another option ?
what is the good option in order to keep 30 days of logs ?
thank you for your help.
