Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Wed, 16 Aug 2000, Scott Ehrlich wrote: > I am trying to find proper way to roll system logs (/var/log/messages, > /var/log/syslog) to make them smaller and offload older ones for > archiving. RedHat et. al. have logrotate, which personally I think is WAY overkill, but it works. Slackware may not have it though. You can accomplish the task with a fairly short shell script, which is how I usually have done it on systems that don't have built-in facilities. > What utility/command is responsible for management of these log files, and > what is the best way to roll them? I plan to date-stamp the file names > (alrady being done for something else) once the proper UNIX command(s) for > proper rolling is revealed. I've typically appended a sequential number to my logs, but using the date is even easier. A shell script to do it might be: ---------------------- #!/bin/sh ########################################################### # logrotate.sh - rotate some log files # # Copyright 8/17/2000 Derek D. Martin # # GPL baby! See http://www.gnu.org/copyleft/gpl.html # for details of distribution and licensing - heheh # ############################ # define some variables PATH="/bin:/usr/bin:/sbin:/usr/sbin" export PATH # change this to the options you want syslog to run with # -r allows a remote system to log to this host and -m 0 turns off # the annoying timestamp feature, but you might WANT it on SYSLOG_OPTS="-r -m 0" # change this to the directory you have your logs in LOG_DIR=/var/log # change this to the list of log files you want to rotate LOG_FILES="messages syslog security" DATESTAMP=`date +%Y%m%d` ######################## # do useful stuff # remove logs older than this many days: LOG_AGE=5 find $LOG_DIR -mtime +$LOG_AGE -exec rm {} \; # kill syslog so the log files aren't open kill -TERM `cat /var/run/syslogd.pid` cd $LOG_DIR for file in $LOG_FILES; do mv $file $file.$DATESTAMP touch $file # use different permissions if you like chmod 644 $file done # restart syslog syslogd $SYSLOG_OPTS --------------------------- And voila! rotated log files. Run in cron however often you like and fagedabboutit.... Until you need to look at old logs that is! :) You might also want to gzip your old log files. You might have other ideas about what to do with them, like maybe tar-ing them to tape or something. You can do whatever you like. While the logs are being rotated (like for about half a second) syslogd will not be running, so you should do this at a time when you're not likely to be having a lot of stuff that you want logged going on. It's necessary to stop and start syslog because if you don't, syslog keeps the old files open for writing, and it will continue to append to the OLD log file, even if you move it to a different name! -- Derek Martin System Administrator Mission Critical Linux martin at MissionCriticalLinux.com - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |