Monday, August 30, 2010

Basic guide for Logrotate in Linux

Log files in Linux usually reside at /var/log... It keeps on growing so log management is essential. Log management is usually achieved using logrotate. Logrotate is managed by cronjobs in Linux.

For logrotate, you can configure /etc/logrotate.conf or create the individual configuration files for each application or each log file in /etc/logrotate.d

step 1:

Let's say, I have VOIP application 'asterisk' running on my system. Asterisk generates various log files under /var/log/asterisk directory. I would create astlog under /etc/logrotate.d to manage the log files.

#cd /etc/logrotate.d
#vi astlog
/var/log/asterisk/full /var/log/asterisk/messages /var/log/asterisk/debug /var/log/asterisk/*.log {
nocompress
daily
rotate 5
missingok
copytruncate
}

Here we listed all the log files to be managed and provided the attributes of the log management. Don't compress the log file, rotate the log file daily, max number of log rotation 5 ( i.e logfilexxx.1, logfilexxx.2, .... , logfilexxx.5). It only keeps 5 log files. With copytruncate option, the original log file is truncated in place after creating a copy, instead of moving the old log file and optionally creating a new one. It is useful when some program cannot be told its logfile and thus might continue writing(apending) to the previous log file.

[you can use #stat < filename > or # ls -l < filename > to check the inode number
copytruncate helps the log file to preserver it's inode(unique file number) ]

If you don't want to use copytruncate option, then you have to tell the program that log file has been recreated (with new INODE number). For example, in my case I could have done

#cd /etc/logrotate.d
#vi astlog
/var/log/asterisk/full /var/log/asterisk/messages /var/log/asterisk/debug /var/log/asterisk/*.log {
nocompress
daily
rotate 5
missingok
create

        postrotate
                /usr/sbin/asterisk -rx 'logger reload' > /dev/null 2> /dev/null
    endscript

}

Here, we are telling our program 'asterisk' to reload logger as new log file has been created after log rotation.

step 2:

By default, Logrotate is scheduled daily. You can find 'logrotate' under /etc/cron.daily

Let's look at /etc/crontab

# less /etc/crontab
SHELL=/bin/sh
PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin
MAILTO=root
#
# check scripts in cron.hourly, cron.daily, cron.weekly, and cron.monthly
#
-*/15 * * * * root test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons >/dev/null 2>&1


The time to execute the scripts is managed by crontab. /usr/lib/cron/run-crons script controls the cron.hourly, cron.daily, cron.weekly and cron.monthly. run_crons runs every 15 minutes and ensures that cron jobs are taken care of.

In SLES, if you need to change the default daily time , you can go to YAST --> System --> /etc/sysconfig editor --> System --> Cron --> DAILY_TIME and change the time.

Let's say, I want logrotation to be done at OFF hours (10:30 pm) to avoid the possible load on the server, then, I can change DAILY_TIME to 22:30

For more information:

http://www.linuxtopia.org/online_books/suse_linux_guides/SLES10/suse_enterprise_linux_server_installation_admin/sec_suse_pakete.html

No comments:

Post a Comment