-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greg Wallace wrote:
I do indeed now have a /var/log/firewall file. I took a look at its contents and it looks just like what was going into messages. So, maybe that is fixed. Now what I'd like to do is rotate out the current huge messages file and start with a new one. Can you tell me how to safely do that?
Thanks, Greg Wallace
Something you might like to consider, now you're using syslog-ng, is getting it to have a different log file for each day. Here are the "destination" and "log" entries in my syslog-ng config file: ############################################################### destination syslog {file("/var/log/$FACILITY.log.$YEAR$MONTH$DAY");}; destination full-syslog {file("/var/log/system.log.$YEAR$MONTH$DAY"); ############################################################### log {source(src); destination(syslog); }; log {source(src); destination(full-syslog); }; ############################################################### What this will give you is, for example, /var/log/system.log.20070119 which will contain all the syslog messages, and files like /var/log/local0.log.20070119, /var/log/mail.log.20070119 etc. which will contain the messages for each facility. It makes tracking things down a bit easier. Rather than use logrotate (most of my systems are Solaris) I use the following shell script to gzip the log files and put them in /var/log/archive (Which I have on a separate filesystem). It's run at 23:59 each night: ====cut here=== #!/bin/bash cd /var/log # Get TODAY's date. As we're running just before midnight, go to # sleep until after midnight so that the log files will no longer # be being written to DAT=`date "+%Y%m%d"` sleep 65 # As we're running from cron, output a friendly message to say what we're doing echo "Compressing and archiving log files: \n" # get a single colum list of all the log files that were generated then gzip # each file before moving to /var/logs/archive ls -1 *.log.${DAT} | while read fil do echo $fil gzip $fil mv ${fil}.gz /var/log/archive done # Log files are retained for a maximum of 1 year/366 days (to cater for leap years) # We remove everything older than 345 days because our oldest backups are 21 days old # and will have 345 days' worth of logs on them echo "Removing archived logs older than 345 days:\n " cd /var/log/archive # the above cd isn't really necessary as the find command explicitly states where to search. # DON'T be tempted to do find . -name "*.log.gz" ... you might just regret it! :) # Find all the log files older than 345 days and remove them. Echo the file name so it gets # captured in the cron output find /var/log/archive -name "*.log.*.gz" -mtime +345 | while read arc do rm ${arc} echo ${arc} done ====cut here=== The crontab entry is: 59 23 * * * /usr/local/scripts/clear_logs (I keep my home-brewed stuff in /usr/local/scripts) Hope that helps - -- Paul Walsh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFsJ7EMgcRY6KQRjQRAtVJAJ9mnZwwCAHBtRz1IX5rv6BZEfzYCACfQncE POYiy5wvkSkiUNMLUPucTIU= =8GlG -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org