Thursday 12 September 2013

How to rotate log files

Problem: You want to control and organize your ever-growing log files

Solution:  Use logrotate, a program to compress and/or delete log files automatically when they are sufficiently old,


Add entries to /etc/logrotate.d/syslog



eg:   /etc/logrotate.d/syslog:
     /var/log/local0 /var/log/local1 ...others... {
      sharedscripts
       postrotate
         /bin/kill -HUP `cat /var/run/syslogd.pid`
        endscript
     }


You need use tool called logrotate, It allows automatic rotation, compression, removal, and mailing of log files.

Each log file may be handled daily, weekly, monthly, or when it grows too large. With this tool you keep logs longer with less disk space.


 The default configuration file is /etc/logrotate.conf:

# see "man logrotate" for details
# rotate log files weekly
weekly
 

# keep 4 weeks worth of backlogs
rotate 4
 

# create new (empty) log files after rotating old ones
create
 

# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
 

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}


Service or server specific configurations stored in /etc/logrotate.d directory, for example here is sample apache logrotate configuration file:

# cat /etc/logrotate.d/httpd
Output:

/var/log/httpd/*.log {
 weekly
 rotate 52
 compress
  missingok
  notifempty
  sharedscripts
  postrotate
      /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true    endscript
}


weekly : Log files are rotated if the current weekday is less then the weekday of the last rotation or if more then a week has passed since the last rotation.

rotate 52 : Log files are rotated 52 times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather then rotated.


compress : Old versions of log files are compressed with gzip to save disk space.


missingok : If the log file is missing, go on to the next one without issuing an error message.


notifempty : Do not rotate the log if it is empty


sharedscripts : Normally, prerotate and postrotate scripts are run for each log which is rotated, meaning that a single script may be run multiple times for log file entries which match multiple files. If sharedscript is specified, the scripts are only run once, no matter how many logs match the wildcarded pattern. However, if none of the logs in the pattern require rotating, the scripts will not be run at all.


postrotate /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true


endscript : The lines between postrotate and endscript (both of which must appear on lines by themselves) are executed after the log file is rotated. These directives may only appear inside a log file definition
.

Apache log rotate

# vim /etc/logrotate.d/apache
/usr/local/apache2/logs/access_log /usr/local/apache2/logs/error_log {
    size 100M
    compress
    dateext
    maxage 30
    postrotate
      /usr/bin/killall -HUP httpd
      ls -ltr /usr/local/apache2/logs | mail -s "$HOSTNAME: Apache restarted and log files rotated" ctechz@ctechz.com
    endscript
}

No comments:

Post a Comment