Hi All i have configured syslog-ng in our company to collect the logs form network devices,I am little bit confuse for setting the syslog server retention      options { chain_hostnames(no); create_dirs (yes); dir_perm(0755); dns_cache(yes); keep_hostname(yes); log_fifo_size(2048); log_msg_size(8192); perm(0644); time_reopen (10); use_dns(yes); use_fqdn(yes); }; source s_network { tcp(ip(0.0.0.0) port(514)); udp(ip(0.0.0.0) port(514)); }; #Destinations destination d_all { file("/var/syslog/logs/catch_all/$HOST/$YEAR-$MONTH-$DAY-$HOUR-catch_all.log" perm(0666) dir_perm(0777) create_dirs(yes)); }; log { source(s_network); destination(d_all); }; # Source additional configuration files (.conf extension only) #@include "/etc/syslog-ng/conf.d/*.conf" # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et: # command line audit logging local1.* -/var/log/cmdline      Please see the above configuration and advise?   splunk-enterprise syslog syslog-ng syslogs   ... View more