Logrotate configuration and understanding under Linux

Source: Internet
Author: User
Tags syslog system log

Log files are an extremely important tool for Linux system security. System administrators can use the Logrotate program to manage the latest events in the system, and log files are an extremely important tool for Linux system security. System administrators can use the Logrotate program to manage the most recent events in the system. Logrotate can also be used to back up log files, this article will be described in the following sections

Management of log files:
1. Logrotate Configuration
2. Default configuration Logrotate
3. Use the Include option to read additional configuration files
4. Overriding the default configuration with the Include option
5. Configure the dump parameter for the specified file logrotate configuration

The Logrotate program is a log file management tool. Used to delete the old log file and create a new log file, we call it "dump". Depending on the size of the log file or the number of days we can dump it, this process is usually done through a cron program.
The Logrotate program can also be used to compress log files and send logs to the specified e-mail.

The configuration file for Logrotate is/etc/logrotate.conf. The main parameters are the following table:

Parameter function
Compress post-dump log after gzip compression
nocompress When compression is not required, use this parameter
copytruncate for log files that are still open, to back up and truncate the current log
nocopytruncate backing up log files but not truncation
Create Mode owner group dump file, creating a new log file with the specified file mode
nocreate do not create a new log file
when delaycompress and compress are in use, the dump log file is compressed until the next dump
nodelaycompress overrides the delaycompress option, the dump is compressed at the same time.
errors error message sent to the specified email address when the address is stored
Ifempty Even empty files are dumped, this is the default option for Logrotate.
Notifempty If it's an empty file, don't dump it.
mail address sends dump log files to the specified e-mail addresses
log file not sent when Nomail dump
Olddir Directory dumps the log file into the specified directory and must be in the same file system as the current log file
noolddir Dump log file and current log file in the same directory
Prerotate/endscript commands that need to be executed before dumping can be placed in this pair, these two keywords must be taken separately
Postrotate/endscript commands that need to be executed after the dump can be placed in this pair, these two keywords must be taken separately
daily Specify a dump cycle of daily
weekly Specify the dump cycle as weekly
monthly Specify a dump cycle of monthly
Rotate count Specifies the number of dumps before the log file was deleted, 0 means no backup, 5 means 5 backups reserved
Tabootext [+] list lets logrotate not dump files with the specified extension, the default extension is:. Rpm-orig,. Rpmsave, V, and ~
Size size is not dumped when the log file reaches the specified size, and size can specify bytes (default) and KB (Sizek) or MB (sizem). Second, the default configuration Logrotate

Logrotate default configuration/etc/logrotate.conf.
The file contents of the Red Hat Linux default installation are:

# see ' Man logrotate ' for details
# Rotate log Files Weekly
Weekly

# Keep 4 weeks worth of backlogs
Rotate 4

# Send errors to root
Errors Root
# Create new (empty) log files after rotating old ones
Create

# Uncomment this if you want your log files compressed
#compress
1
# RPM Packages Drop log rotation information into this directory
Include/etc/logrotate.d

# no packages own lastlog or wtmp--we ' ll rotate them here
/var/log/wtmp {
Monthly
Create 0664 Root utmp
Rotate 1
}

/var/log/lastlog {
Monthly
Rotate 1
}

# system-specific logs May is configured here


The default configuration is generally placed at the very beginning of the logrotate.conf file, affecting the entire system. In this case, the first 12 rows.

The third row weekly specifies that all log files are dumped once a week.
Line Five rotate 4 specifies a retention of 4 copies of the dump file.
Line seventh errors root specifies the error message to be sent to root.
Line Nineth Create specifies that the new log file is automatically created by the Logrotate, and the new log file has the
The same permissions as the original file.
Line 11th #compress specify not to compress the dump file, if you need to compress, remove the comment.

Third, use the Include option to read other configuration files
The Include option allows the system administrator to centralize dump information scattered over several files into a
The primary configuration file. When Logrotate reads the Include option from logrotate.conf, the configuration information is read from the specified file as if they were already in the/etc/logrotate.conf.

Line 13th INCLUDE/ETC/LOGROTATE.D tells Logrotate to read the log dump parameters stored in the/ETC/LOGROTATE.D directory, which is useful when the RPM package is installed in the system. The log dump parameters for RPM packages are generally stored in the/ETC/LOGROTATE.D directory.

The Include option is important, and some applications store log dump parameters in/ETC/LOGROTATE.D.

Typical applications are: Apache, linuxconf, Samba, cron, and syslog.

This allows the system administrator to manage only one/etc/logrotate.conf file.



Iv. overriding the default configuration with the Include option

When/etc/logrotate.conf reads a file, the dump parameter in the file specified by include overrides the default parameter, as in the following example:

# Parameters of Linuxconf
/var/log/htmlaccess.log
{Errors Jim
Notifempty
Nocompress
Weekly
Prerotate
/usr/bin/chattr-a/var/log/htmlaccess.log
Endscript
Postrotate
/usr/bin/chattr +a/var/log/htmlaccess.log
Endscript
}
/var/log/netconf.log
{nocompress
Monthly
}

In this example, when the/etc/logrotate.d/linuxconf file is read, the following parameter overrides the default parameter in/etc/logrotate.conf.

Notifempty
Errors Jim

V. Configuring the dump parameters for the specified file
It is often necessary to configure parameters for the specified file, a common example is the monthly dump/var/log/wtmp. The format of the parameters used for a particular file is:

# Notes
/full/path/to/file
{
Option (s)
}

The following example is a monthly dump/var/log/wtmp once:
#Use logrotate to rotate Wtmp
/var/log/wtmp
{
Monthly
Rotate 1
}


Vi. other issues to be aware of

1. Although the opening of curly braces can be placed on the same line as other text, the curly braces at the end must be taken separately.

2. Using Prerotate and Postrotate options
The following example is a typical script/etc/logrotate.d/syslog, which is a script that only
/var/log/messages effective.

/var/log/messages
{
Prerotate
/usr/bin/chattr-a/var/log/messages
Endscript
Postrotate
/usr/bin/kill-hup syslogd
/usr/bin/chattr +a/var/log/messages
Endscript
}

The first line specifies that the script is valid for/var/log messages
/var/log messages outside the curly braces



The prerotate command specifies the previous action of the dump/usr/bin/chattr-a remove the "Append only" attribute of the/var/log/messages file Endscript end the Prerotate section of the script postrotate specify the action after the dump

/usr/bin/killall-hup syslogd

Used to reinitialize the System log daemon syslogd

/usr/bin/chattr +a/var/log/messages

Re-specify the append-only attribute for the/var/log/messages file so that the control programmer or user overwrites the file.

The final endscript is used to end the Postrotate section of the script

3, Logrotate's operation is divided into three steps:

Judging the system's log files, creating a dump plan and parameters, running the following code through Cron daemon is the Red Hat Linux default crontab to run Logrotate every day.

#/etc/cron.daily/logrotate
#! /bin/sh

/usr/sbin/logrotate/etc/logrotate.conf

4,/var/log/messages can not produce the reason:
This is rare, but if you turn off the 514/UDP port in the/etc/services, the file cannot be created.

Summary: This paper introduces the typical logrotate configuration example of red Hat system, and explains the application method of Logrotate program in detail. You want to be helpful to all Linux system administrators. Manage well, analyze good log file is the first step of system security, in later article Freelamp also will introduce another check log of good East Logcheck.

Logrotate configuration and understanding under Linux

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.