Logstash log4j2.properties deleting all the compressed files

tahseen_fatima · December 3, 2021, 12:33pm

Hi Team,

I am trying to delete the audit files from Elasticsearch logs directory "C:\test-elk\Elasticsearch-7.7.0\data\logs". My audit files are generating to the mentioned path but unfortunately I am not able to delete only the audit files.
Below are my configuration in log4j.

appender.audit_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_audit-%d{yyyy-MM-dd}-%i.json.gz
appender.audit_rolling.policies.type = Policies
appender.audit_rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.audit_rolling.policies.time.interval = 1
appender.audit_rolling.policies.time.modulate = true

appender.audit_rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.audit_rolling.policies.size.size = 1KB
appender.audit_rolling.strategy.type = DefaultRolloverStrategy
appender.audit_rolling.strategy.fileIndex = nomax

#If you want to optionally want to delete files 
appender.audit_rolling.strategy.action.type = Delete
appender.audit_rolling.strategy.action.basepath = ${sys:es.logs.base_path}
appender.audit_rolling.strategy.action.condition.type = IfLastModified

#Files will delete when the LastModified timestamp is 30 minutes old, can also be set to D for Days
appender.audit_rolling.strategy.action.condition.age = 1m
#appender.audit_rolling.strategy.action.PathConditions.type = IfFileName
#appender.audit_rolling.strategy.action.PathConditions.type = poc_audit-%d{yyyy-MM-dd}-%i.json.gz
appender.rolling.strategy.action.PathConditions.type = IfFileName
#appender.rolling.strategy.action.PathConditions.glob = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_audit-%d{yyyy-MM-dd}-%i.json.gz
appender.rolling.strategy.action.PathConditions.glob = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_audit-%d{yyyy-MM-dd}-%i.json.gz
appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
appender.rolling.strategy.action.condition.nested_condition.exceeds = 1KB

I have tried giving multiple conditions but didn't worked.
It is deleting all the compressed files. I just want to delete only audit files.

Kindly help,

Regards,
Tahseen

system · December 31, 2021, 12:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.