I have this dusty syslog-ng 3.1.3 that writes to a database and all is working well however it seems to keep only 30 days of logs (last table is logs20150826)
How can I increase that? I see nothing immediately clear in the documentation.
There are some references in logrotate dirs but nothing that seems to be controlling the mysql destination and nothing in /etc/syslog-ng/syslog-ng.conf so this 30 day retention must be some kind of default.
Check if you have php-syslog-ng installed, syslog-ng isn't responsible for this.
Log rotation
Log rotation should be part of most installations where you use php-syslog-ng. It is better to use log rotation than deleting rows in the main table because deleting rows can lead to performance problems. Rotating old logs out of the main table will also usually result in better performance because the tables with old logs are static and can be optimized. There is a logrotate.php script in the scripts directory. You may have to edit it to enter the correct path to your php-syslog-ng installation but after that it should be ready for use. If you enable merge tables in the config.php file then a merge table of all log tables will be created at the end of the script. The merge table will allow you to search across all tables instead of having to do searches against one table at a time. The merge table does equate to a slight performance hit on the search form because the fields are populated based on all tables instead of one particular table.
You can also specify enable the LOGRETENTION setting in config.php. If you enable this then logs older than this setting will be dropped whenever the logrotate.php is run.
If you decide to use the logrotate.php script then just add it to your crontab and have it run however frequent you want (max is currently one time per day).
