Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Log Files > Rolling event log files
Rolling event log files
Help | Content Gateway | Version 8.1.x
Websense Content Gateway provides automatic log file rolling. This means that at specific intervals during the day, Content Gateway closes its current set of log files and opens new log files.
Log file rolling offers the following benefits:
*
*
*
You should roll log files several times a day. Rolling every six hours is a good guideline to follow.
Rolled log filename format
Help | Content Gateway | Version 8.1.x
Websense Content Gateway provides a consistent name format for rolled log files that allows you to identify log files.
When Content Gateway rolls a log file, it saves and closes the old file and starts a new file. Content Gateway renames the old file to include the following information:
*
*
*
Two timestamps separated by a hyphen (-). The first time stamp is a lower bound for the time stamp of the first record in the log file. The lower bound is the time when the new buffer for log records is created. Under low load, the first time stamp in the filename can be different from the timestamp of the first entry. Under normal load, the first time stamp in the filename and the time stamp of the first entry are similar.
The second time stamp is an upper bound for the time stamp of the last record in the log file (this is normally the rolling time).
*
The suffix .old, which makes it easy for automated scripts to find rolled log files.
The timestamps have the following format:
%Y%M%D.%Hh%Mm%Ss-%Y%M%D.%Hh%Mm%Ss
The following table describes the format:
 
The following is an example of a rolled log filename:
squid.log.mymachine.20000912.12h00m00s-20000913.12h00m00s.old
In this example, the file is squid log format and the host machine is mymachine. The first time stamp indicates a date and time of year 2000, month September, and day 12 at 12:00 noon. The second time stamp indicates a date and time of year 2000, month September, and day 13 at 12:00 noon. At the end, the file has a .old suffix.
The logging system buffers log records before writing them to disk. When a log file is rolled, the log buffer might be partially full. If so, the first entry in the new log file will have a time stamp earlier than the time of rolling. When the new log file is rolled, its first time stamp will be a lower bound for the time stamp of the first entry. For example, suppose logs are rolled every three hours, and the first rolled log file is:
squid.log.mymachine.19980912.12h00m00s-19980912.03h00m00s.old
If the lower bound for the first entry in the log buffer at 3:00:00 is 2:59:47, the next log file, when rolled, will have the following time stamp:
squid.log.mymachine.19980912.02h59m47s-19980912.06h00m00s.old
The contents of a log file are always between the two timestamps. Log files do not contain overlapping entries, even if successive timestamps appear to overlap.
Rolling intervals
Help | Content Gateway | Version 8.1.x
Log files are rolled at specific intervals relative to a given hour of the day. Two options control when log files are rolled:
*
*
Both the offset hour and the rolling interval determine when log file rolling starts. Rolling occurs every rolling interval and at the offset hour.
For example, if the rolling interval is six hours and the offset hour is 0 (midnight), the logs roll at midnight (00:00), 06:00, 12:00, and 18:00 each day. If the rolling interval is 12 hours and the offset hour is 3, logs roll at 03:00 and 15:00 each day.
Setting log file rolling options
1.
Navigate to Configure > Subsystems > Logging > General.
2.
In the Log Rolling section, ensure the Log Rolling option is enabled (the default).
3.
In the Offset Hour field, enter a specific time each day you want log file rolling to take place. Content Gateway forces the log file to be rolled at the offset hour each day.
You can enter any hour in the range 0 (midnight) to 23.
4.
In the Interval field, enter the amount of time Content Gateway enters data in the log files before rotation takes place.
The minimum value is 300 seconds (five minutes). The maximum value is 86400 seconds (one day).
 
Note 
5.
Ensure the Auto-Delete Rolled Files option is enabled (the default). This enables auto deletion of rolled log files when available space in the log directory is low.
Auto deletion is triggered when the amount of free space available in the log directory is less than the headroom.
6.
Click Apply.
 
Note 
You can fine tune log file rolling settings for a custom log file in the LogObject specification in the logs_xml.config file. The custom log file uses the rolling settings in its LogObject, which override the default settings you specify in the Content Gateway manager or the records.config file described above.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Log Files > Rolling event log files
Copyright 2016 Forcepoint LLC. All rights reserved.