How do I deal with large syslog files that keep growing?
Do I just delete them or is there an automated way of rolling them. I don't want to lose the data or disconnect the hosts sending it.
I agree with the answer above.
Man Page:
http://linuxcommand.org/man_pages/logrotate8.html
Tutorial Step-by-Step
http://www.thegeekstuff.com/2010/07/logrotate-examples/
Note that in the Splunk context, you probably want the "delaycompress" option, so that rotated log files can be correctly identified, and read to the end of the file even after the file has been rotated.
Thanks for the tip. I'll try it.