Documentation forKiwi Syslog Server

Create schedules to automate log file archival and retention in KSS — Legacy

This documentation is for legacy Kiwi Syslog Server versions 1.3 and older. See the KSS NG version of Create schedules to automate log archival and retention for the newest version of the following documentation.

Most organizations have retention policies that require log files to be kept for a certain period. Retention policies ensure that the organization complies with regulatory standards and that documents are available if needed for audits or other legal issues.

To save time and ensure accuracy, use Kiwi Syslog Server schedules to automate your log archival and retention process. The following example creates two schedules:

  • The first schedule archives log files that are not needed for current analysis.
  • The second schedule removes archived log files after the retention period is over.

Task 1: Create a rule to log each message

If you have not already done so, create a rule to log each message to a file. Split the log files based on the date and the IP address of the sending device.

Task 2: Create a schedule to archive log files

The following example moves log files into a compressed archive when they are more than one week old.

  1. Create a folder to store archived log files. For this example, archived files are stored in C:\Program Files (x86)\Syslogd\Archive.
  2. Select File > Setup to open the Kiwi Syslog Server Setup dialog box.
  3. Right-click Schedules and select Add new schedule.

  4. Replace the default name with a descriptive name (for example, Archive logs after 7 days).

  5. Leave the default Task Type and Task Trigger.

  6. Set the frequency to Day and set it to run every day.

  7. Click the Source tab and verify that the Source location is your log folder.

  8. Under Source files, specify a File age of At least 8 days.

    Leave the default File mask and File size values to include all files in the directory.

  9. Click the Destination tab, and browse to select the folder you created to store archived files.

  10. Verify that Move files from source to destination is selected.

  11. Click the Archive Options tab and select Zip files after moving/copying.

    Optionally, you can also increase the compression level.

  12. Click Apply to save the schedule.

Task 3: Create a schedule to remove archived files after the retention period

  1. Right-click Schedules and select Add new schedule.

  2. Replace the default name with a descriptive name. For example, Remove logs after 7 years.

  3. Change the Task Type to Clean-up. Leave the default Task Trigger: On a schedule.

  4. Set the frequency to Month and set it to run once a month.

  5. Click the Source tab and change the Source location to your archive folder.

  6. Under Source files, specify a File age of At least 7 years (or your organization's retention period).

  7. Click Apply to save the schedule.

Log files are automatically split by date and sending device, archived after a week, and removed after the retention period.