Mailinglist Archive: opensuse (4626 mails)

< Previous Next >
RE: [opensuse] syslog stuff
On Friday, January 19, 2007 @4:35 AM, Paul Walsh wrote:

>Greg Wallace wrote:

>> I do indeed now have a /var/log/firewall file. I took a look at its
>> contents and it looks just like what was going into messages. So, maybe
>> that is fixed. Now what I'd like to do is rotate out the current huge
>> messages file and start with a new one. Can you tell me how to safely do
>> that?
>>
>> Thanks,
>> Greg Wallace
>>
>>

>Something you might like to consider, now you're using syslog-ng, is
>getting it to have a different log file for each
>day. Here are the "destination" and "log" entries in my syslog-ng config
>file:


>###############################################################
>destination syslog {file("/var/log/$FACILITY.log.$YEAR$MONTH$DAY");};
>destination full-syslog {file("/var/log/system.log.$YEAR$MONTH$DAY");
>###############################################################
>log {source(src); destination(syslog); };
>log {source(src); destination(full-syslog); };
>###############################################################


>What this will give you is, for example, /var/log/system.log.20070119 which
>will contain all the syslog messages, and
>files like /var/log/local0.log.20070119, /var/log/mail.log.20070119 etc.
>which will contain the messages for each
>facility. It makes tracking things down a bit easier.

>Rather than use logrotate (most of my systems are Solaris) I use the
>following shell script to gzip the log files and
>put them in /var/log/archive (Which I have on a separate filesystem). It's
>run at 23:59 each night:


>====cut here===
>#!/bin/bash
>cd /var/log

># Get TODAY's date. As we're running just before midnight, go to
># sleep until after midnight so that the log files will no longer
># be being written to

>DAT=`date "+%Y%m%d"`
>sleep 65

># As we're running from cron, output a friendly message to say what we're
>doing
>echo "Compressing and archiving log files: \n"

># get a single colum list of all the log files that were generated then
gzip
># each file before moving to /var/logs/archive
>ls -1 *.log.${DAT} |
>while read fil
>do
> echo $fil
> gzip $fil
> mv ${fil}.gz /var/log/archive
>done

># Log files are retained for a maximum of 1 year/366 days (to cater for
>leap years)
># We remove everything older than 345 days because our oldest backups are
>21 days old
># and will have 345 days' worth of logs on them

>echo "Removing archived logs older than 345 days:\n "
>cd /var/log/archive
># the above cd isn't really necessary as the find command explicitly states
>where to search.
># DON'T be tempted to do find . -name "*.log.gz" ... you might just
>regret it! :)

># Find all the log files older than 345 days and remove them. Echo the
>file name so it gets
># captured in the cron output

>find /var/log/archive -name "*.log.*.gz" -mtime +345 |
>while read arc
>do
> rm ${arc}
> echo ${arc}
>done

>====cut here===


>The crontab entry is:

>59 23 * * * /usr/local/scripts/clear_logs



>(I keep my home-brewed stuff in /usr/local/scripts)


>Hope that helps


>- --
>Paul Walsh

Thanks for the suggestion. However, at my level of knowledge this looks a
bit intimidating. Also, with all of those firewall messages going off to a
side file now the other files are all of a fairly manageable size for me.
My installation is pretty vanilla and I don't really get all that many
messages other than those that relate to the firewall. But, I'll save this
note so that if I find myself getting bogged down wading through too many
lines at some point then I might get motivated to try to take this project
on.

Thanks for the suggestion,
Greg Wallace


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread