If you have managed any Linux/Unix system for any length of time, you are bound to have been amazed at the amount of logs and trace files your system is capable of producing. The fact that Linux systems are able to manage all of their jobs and activities based on a handful of configuration files is pretty impressive. And they shell their output to textfiles that can be extremely useful in troubleshooting and debugging. However, this also underlines that you will have to do something about the log and trace files because if you dont, it is highly likely that you will run out of diskspace soon.
Thankfully, Linux comes with an utility to help you in this. The utility is called logrotate. A simple description of the too according to man pages is :
# man -f logrotate
logrotate (8) - rotates, compresses, and mails system logs
logrotate (rpm) - Rotates, compresses, removes and mails system log files.
At the very simplest, logrotate program is a log file manager. Its default configuration can be found in /etc/logrotate.conf. If a certain system utility like syslog or apache seeks little more than the basic default configuration, you can create a new configuration file (or modify an existing configuration file). The non default configuration files are to be found in the directory /etc/logrotate.d.
But wait. That is not all. If you want to automate the management of log rotation you can employ the good old scheduling utility cron. Simply add a new entry for the program (like syslog) whose logs you want to manage using logrotate in crontab.
For example, here is a cron entry to manage logs for syslog utility:
#/etc/cron.daily/logrotate
#! /bin/sh
0 0 * * * /usr/sbin/logrotate /etc/logrotate.d/syslog
In the above, once a day (at midnight), logrotate will read the configuration file for syslog utility (in /etc/logrotate.d) and take the actions specified in that config file. The actions could be as simple as doing certain actions before the rotation and doing certain other action post rotation. In my system, the syslog logrotate config file looks like this:
# cat /etc/logrotate.d/syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
And the default logrotate config file looks like this:
# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
minsize 1M
create 0664 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
No comments:
Post a Comment