 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Wed, 16 Aug 2000, Scott Ehrlich wrote:
> I am trying to find proper way to roll system logs (/var/log/messages,
> /var/log/syslog) to make them smaller and offload older ones for
> archiving.
RedHat et. al. have logrotate, which personally I think is WAY overkill,
but it works. Slackware may not have it though. You can accomplish the
task with a fairly short shell script, which is how I usually have done it
on systems that don't have built-in facilities.
> What utility/command is responsible for management of these log files, and
> what is the best way to roll them? I plan to date-stamp the file names
> (alrady being done for something else) once the proper UNIX command(s) for
> proper rolling is revealed.
I've typically appended a sequential number to my logs, but using the date
is even easier. A shell script to do it might be:
----------------------
#!/bin/sh
###########################################################
# logrotate.sh - rotate some log files
#
# Copyright 8/17/2000 Derek D. Martin
#
# GPL baby! See http://www.gnu.org/copyleft/gpl.html
# for details of distribution and licensing - heheh
#
############################
# define some variables
PATH="/bin:/usr/bin:/sbin:/usr/sbin"
export PATH
# change this to the options you want syslog to run with
# -r allows a remote system to log to this host and -m 0 turns off
# the annoying timestamp feature, but you might WANT it on
SYSLOG_OPTS="-r -m 0"
# change this to the directory you have your logs in
LOG_DIR=/var/log
# change this to the list of log files you want to rotate
LOG_FILES="messages syslog security"
DATESTAMP=`date +%Y%m%d`
########################
# do useful stuff
# remove logs older than this many days:
LOG_AGE=5
find $LOG_DIR -mtime +$LOG_AGE -exec rm {} \;
# kill syslog so the log files aren't open
kill -TERM `cat /var/run/syslogd.pid`
cd $LOG_DIR
for file in $LOG_FILES; do
mv $file $file.$DATESTAMP
touch $file
# use different permissions if you like
chmod 644 $file
done
# restart syslog
syslogd $SYSLOG_OPTS
---------------------------
And voila! rotated log files. Run in cron however often you like and
fagedabboutit.... Until you need to look at old logs that is! :)
You might also want to gzip your old log files. You might have other
ideas about what to do with them, like maybe tar-ing them to tape or
something. You can do whatever you like.
While the logs are being rotated (like for about half a second) syslogd
will not be running, so you should do this at a time when you're not
likely to be having a lot of stuff that you want logged going on.
It's necessary to stop and start syslog because if you don't, syslog
keeps the old files open for writing, and it will continue to append to
the OLD log file, even if you move it to a different name!
--
Derek Martin
System Administrator
Mission Critical Linux
martin at MissionCriticalLinux.com
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
