I am a little hesitant to implement your steps because it appears to me that the /var/log/syslog_info file is an OS-level file and therefore is not really controlled by the log rotation process in LMS. The /var/log/messages file in your document is, in fact, rotated by an OS process using the /etc/logrotate.d and /etc/logrotate.conf and should probably not be put under LMS control.
But now I am unsure how to proceed. Since the /var/log/syslog_info file is an OS-level file, why was it not included in the /etc/logrotate.d files? And if it is now added into the /etc/logrotate.d configuration, how will that affect the LMS SyslogCollector subscription?
Or, if the /var/log/syslog_info file is put into the LMS logrotation process, how will the OS syslogd process find out that the file has changed?
The linux method to logrotate files is as you mentioned /etc/logrotate.d and /etc/logrotate.conf which is the one that contains the main information/configuration and points to logrotate.d and if we look at logrotate.d its content is:
It does not contain the syslog_info as you as well mentioned, but keep in mind that such linux is included in an OVA file "I assume you have a LMS in a virtual machine and was installed with an OVA", therefore, such operating system is customized for LMS to work properly, at the moment I do not have the exact answer as to why such syslog_info was not included, but I can tell you for sure that LMS wont cause any trouble if you let it rotate this OS files, in fact, I have it at the moment
As for your question about the SyslogCollector subscription it wont be affected due to the fact that LMS when receives a given syslog at port 514 it is taken by the syslogd service and it moves it to the syslogcollector.log which is the one that filters any syslog, once syslogcollector is done then it proceeds to move it to the sysloganalyzer.log which is the one that writes it to the syslog database, at the end all this process occurs fastly.
In a nutshell, by logrotating syslog_info from LMS, it should not cause any issue, however, you can test it if you want just to make sure that any syslog report such as 24h syslog report gets affected by this modification.
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions
With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper...
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion
Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti...
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ...
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes.