Search This Blog

2014-01-08

Logs and Logrotate

It's easy to have logs grow out of control without some kind of maintenance service to go through and compress/truncate them as it goes.

Logrotate gives the ability to rotate logs at given intervals and when the timeframe/parameters match a given value in /etc/logrotate.conf

The way logrotate works is by running a cron in /etc/cron.daily/logrotate.

This cron pulls in /etc/logrotate.conf and logrotate.conf then pulls in all of the configs from /etc/logrotate.d

Most times when you're configuring a service to rotate logs you would specify the options in /etc/logrotate.d/service-name

Example: I was running a script that is listening in on a socket and outputting all data from that socket to a log file called bash_rexec
cat /etc/logrotate.d/bash_rexec
/tmp/bash_rexec.log {
    su vi-admin root
    compress
    dateext
    maxage 365
    rotate 99
    size=+2048k
    notifempty
    missingok
    copytruncate

Because I am running this script as vi-admin the service account vi-admin will be the one creating logs so if I do not su to this user there will be permission discrepancies and I will get failure logs as follows:
error: "/tmp" has insecure permissions. It must be owned and be writable by root only to avoid security problems. Set
the "su" directive in the config file to tell logrotate which user/group should be used for rotation.
  log needs rotating

compress - compressing with gzip
dateext - I want the filename to end in the date in which it was archived -20140108.gz
maxage - nothing should be stored longer than 365 days
rotate - I want a maximum of 99 rotations
size - no logs should be greater than 2MB
notifempty - don't rotate if the log is empty
missingok - if the log is missing go to the next one
copytruncate - Truncate the original log file in place after creating a copy, instead of moving the old log file and optionally creating a new one

Debugging Logrotate


Using logrotate in debug mode
logrotate -vdf 

Where config_file could be /etc/logrotate.config or one of the sub-configs in /etc/logrotate.d/

-d option will ensure that no actions are actually taken when rotating logs
-f will force rotation even when not required
-v will just give a verbose output of what is going on

Note: Sometimes the /var/lib/logrotate.status file may get corrupted or not updated. In which case it might need to be removed and re-created.

References:
http://www.rackspace.com/knowledge_center/article/understanding-logrotate-part-2
http://www.novell.com/support/kb/doc.php?id=7005219
http://www.cyberciti.biz/tips/lighttpd-rotating-logs-with-logrotate.html
http://www.cyberciti.biz/faq/how-do-i-rotate-log-files/
http://doc.opensuse.org/products/draft/SLES/SLES-tuning_sd_draft/cha.tuning.logfiles.html#sec.tuning.logfiles.logrotate

No comments:

Post a Comment