home " subscribe " advertise " customer service " back issues " " contacts

Sections
  Newbies
  Reviews
  How To
    Best Defense
    Guru Guidance
    On The Desktop
  Developer's Den
    Gearheads Only
    Compile Time
    Perl of Wisdom
  Who's Who
 
Indexes
  Issue Archive
  Author Index
 
Linux Magazine
  Subscribe
  Advertise
  Customer Service
  Back Issues
  
  Contacts
 
On Stands Now Click to view Table of Contents for Linux Magazine March 2000 Issue
 
Subscribe to Linux Magazine

Linux Magazine / November 1999 / GURU GUIDANCE
An X-Ray View Of Your System
 
<< prev   page 01 02 03 04       

Managing Your Log Files

One common problem is figuring out what to do with all of the log messages. If you do a lot of logging (particularly if everything is sent to a central server), you can fill up your filesystem faster than you think. The most obvious and direct solution is to remove them after a specific length of time or when they reach a particular size.

It is a fairly simple matter to write a shell script that is started from cron, and that looks at the log files and takes specific actions. With Linux, this is not necessary. Linux provides this functionality for you in the form of the logrotate command.

As its name implies, the goal of the logrotate program is to "rotate" log files. This could be as simple as moving a log file to a different name and replacing the original with an empty file. However, there is much more to it.

Two files define how logrotate behaves. The state file (located by default at /var/state/logrotate and specified with the -s or --state option) basically tells logrotate when the last actions were taken.

The configuration file tells logrotate when to rotate each of the respective files. If necessary, you can have multiple configuration files that can all be specified on the same command line, or you can include configuration files within another one.

The logrotate configuration file is broken into two parts.

At the beginning are the global configuration options, which apply to all of the log files. Next, there are the configuration sections for each of the individual log files (the log file definitions).

A very simple logrotate configuration file to rotate the /var/adm/messages might look like this:

errors 
compress

/var/log/messages {
  rotate 4
  weekly
  postrotate
    /sbin/killall -HUP syslogd
  endscript
}

At the top are two global options, followed by a log file definition for /var/log/adm. In this case, we could have included the global definitions within the log file definition. However, there is normally more than one log file definition. It is also possible to specify an entire directory rather than one log file. For example, you could rotate all of the Samba logs by specifying the directory /var/log/ samba.d/*.

The first line says that all error messages are mailed to root at the logserver. The second line says that log files are to be compressed after they are rotated.

The log file definition consists of the log file name and the directives to apply, which are enclosed within curly brackets. The first line in the log file definition says to rotate the logs four times before removing a file. The next line says to rotate the files once a week. Together, these two lines mean that any given copy of the /var/log/messages file will be saved for four weeks before it is removed.

The next three lines are actually a set of commands. The postrotate directive says that what follows should be performed immediately after the log file has been rotated. In this case, syslogd is sent an HUP signal to restart itself. There is also a prerotate directive, which has the same basic functionality, but does everything before the log is rotated.

In order to rotate logs based on their size, you would use the size= option. Setting size=100K would rotate logs larger than 100 KB and size=100M would rotate logs larger than 100 MB. There are an incredible number of additional options that you can use. Table Three contains a list of options you can use with a brief explanation of each. For more details, see the logrotate(1) man page.

Table Three: logrotate Options
compress/nocompress Compresses or does not compress old versions of logs.
delaycompress Wait until the next cycle to compress the previous log.
create mode owner group Log file is recreated with this mode, owner and group. ( nocreate overrides this.)
daily, weekly, monthly Rotate logs in the indicated interval.
errors address Send errors to the address indicated.
ifempty Rotate the logs even if they are empty. ( notifempty overrides this.)
include file_or_directory Include the indicated file at this point. If a directory is given, all real files in that directory are read.
mail address Logs rotated out of existence are mailed to this address. ( nomail overrides this.)
olddir directory Old logs are moved to this directory, which must be on the same physical device. ( noolddir overrides this.)
postrotate/endscript Delimits commands run after the log is rotated. Each must appear on a line by itself.
prerotate/endscript Delimits commands before and after the log is rotated. Each must appear on a line by itself.
rotate count Rotates the log count times before being removed.
size size Log files greater than size are removed.
tabooext [+] list List of files not to include. A plus sign means the files are added to the list rather than replacing it.

James Mohr is the author of books on Linux, SCO Unix, Web site administration, and Unix-Windows integration. He works in Coburg, Germany for a systems integrator, and can be reached at .
<< prev   page 01 02 03 04       
 
Linux Magazine / November 1999 / GURU GUIDANCE
An X-Ray View Of Your System

home " subscribe " advertise " customer service " back issues " " contacts