Help

Flushing logs best practice

jgwatson
Contributor

Posted on ‎08-29-2014 01:49 PM

I am fairly new to JAMF and was having a little look around. All of my log flushing is turned off. Just wondering if I should turn any of these on, and which ones?I have 280 iPads, and about 30 Macs.

What do other people do? Thanks

Logs Flush Logs Older Than
Application Usage Logs

Computer Usage Logs

Policy Logs

Casper Remote Logs

Screen Sharing Logs

Casper Imaging Logs

Computer and Mobile Device Management History

JDS Management History

Computer Inventory Reports

Mobile Device Inventory Reports

0 Kudos
Reply
6 REPLIES 6

mm2270
Legendary Contributor III

Posted on ‎08-29-2014 02:41 PM

We have all our logs set to flush every 2 weeks, but we have a much larger Mac environment (8700+) so for a smaller environment like yours you may be able to get away with waiting longer between, such as 1 month. Log flushing is important to keeping your JSS running smoothly, so you should set them to something. Just my opinion. But I think JAMF would also recommend setting them to flush at some interval, or at the very least doing a manual flush periodically.

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎08-31-2014 10:58 AM

JSS has the option to pipe logs to an existing syslog server. Then you can set JSS to dump logs older than two weeks.

Else, not sure how free this one is:

http://www.solarwinds.com/products/freetools/free-kiwi-syslog-server.aspx

--
https://donmontalvo.com
0 Kudos
Reply

JeffV
New Contributor III
New Contributor III

Posted on ‎09-01-2014 01:54 PM

I think it all depends on your (legal) requirements on how long you want to keep the log files.(also the size of the environment plays part)
In the end if you need older log files you can always restore a database backup to a dev server and retreive the data.
Imho (and looking at our env 2 wks to max a momth is a good practice

Hope it helps with your decision

0 Kudos
Reply

donmontalvo
Esteemed Contributor III

Posted on ‎09-01-2014 02:00 PM

Companies that have the obligation to retain logs might already have a syslog server. Pipe your logs to it and the problem goes away. :)

--
https://donmontalvo.com
0 Kudos
Reply

CasperSally
Valued Contributor II

Posted on ‎09-02-2014 04:54 AM

We have 6500 macs and keep 90 days of logs without issue. Some logs like imaging/vnc we set to not delete (those are infrequent relatively).

0 Kudos
Reply

cdenesha
Valued Contributor III

Posted on ‎09-08-2014 08:53 AM

I am not managing Macs, just 1000 iPads. I have mine set to one year so I can access the Update Inventory logs (and IP addresses) from the past.

Also, they probably should have gone over this at your JumpStart.

chris

0 Kudos
Reply