In order to have an easy administration of systems which generates large number of log files, you can configure your log files according by an utility called logroate, which allows automatic rotation, compression, removal and also mailing of log files which can be handled daily, weekly or when it grows too large.
Objective: compress and rotate logs after certain threshold on the file size.
Environment: Solaris 10 32-bit
The system log rotation is defined in the /etc/logadm.conf file. This file includes log rotation entries for processes such as syslogd. For example, one entry in the /etc/logadm.conf file specifies that the /var/log/ciscofirewall.log file is rotated weekly unless the file is empty. The most recent ciscofirewall.log file becomes ciscofirewall.log.0, the next most recent becomes ciscofirewall.log.1, and so on. Eight previous ciscofirewall log files are kept.
The /etc/logadm.conf file also contains time stamps of when the last log rotation occurred.
# vi /etc/logadm.conf
/var/log/ciscofirewall.log -C 9 -s 10240k -z 4 -N -a 'kill -HUP `cat /var/run/syslog.pid`'
#
where,
-C = expire old logs until count remain.( 9 log files created and rotated )
-N = not an error if log file nonexistent.
-s = only rotate if given size or greater.
-a = execute command after taking actions.
-z = gzip old logs except most recent count ( last 5 log files would be compressed )
- Restart the syslogd to take changes effectively.
The command is often run on a cron job, which has the effect of fully automatic log rotation.
# crontab -l
10 3 * * * /usr/sbin/logadm
# ls -l /var/log/ciscofirewall*.log.* | wc -l
9
#
# ls -l /var/log/ciscofirewall*.log.*.gz | wc -l
5
#
# ls -ltr /var/log/ciscofirewall.log*
-rw-r--r-- 1 root root 41048 Apr 6 14:38 /var/log/ciscofirewall.log.8.gz
-rw-r--r-- 1 root root 42076 Apr 6 14:39 /var/log/ciscofirewall.log.7.gz
-rw-r--r-- 1 root root 41621 Apr 6 14:40 /var/log/ciscofirewall.log.6.gz
-rw-r--r-- 1 root root 41524 Apr 6 14:41 /var/log/ciscofirewall.log.5.gz
-rw-r--r-- 1 root root 41410 Apr 6 14:42 /var/log/ciscofirewall.log.4.gz
-rw-r--r-- 1 root root 21510944 Apr 6 14:43 /var/log/ciscofirewall.log.3
-rw-r--r-- 1 root root 21139079 Apr 6 14:44 /var/log/ciscofirewall.log.2
-rw-r--r-- 1 root root 21536814 Apr 6 14:45 /var/log/ciscofirewall.log.1
-rw-r--r-- 1 root root 21399755 Apr 6 14:46 /var/log/ciscofirewall.log.0
-rw-r--r-- 1 root root 16434041 Apr 6 14:46 /var/log/ciscofirewall.log
#
all your logs has been rotated in a discipline manner, which would be easy to troubleshoot in-case of any errors.
No comments:
Post a Comment