For Linux system security, log files are extremely important tools. The system administrator can use the logrotate program to manage the latest events in the system. For Linux system security, log files are an extremely important tool. The system administrator can use the logrotate program to manage the latest events in the system. Logrotate can also be used to back up log files. This article describes how to manage log files through the following sections:
1. logrotate Configuration
2. logrotate is configured by default.
3. Use the include option to read other configuration files
4. Use the include option to overwrite the default configuration
5. Configure dump parameters for the specified file
1. logrotate Configuration
The logrotate program is a log file management tool. It is used to delete the old log file and create a new log file. We call it a "dump ". We can dump the logs based on the log file size or the number of days. This process is generally executed by the cron program.
The logrotate program can also be used to compress log files and send logs to the specified email.
The logrotate configuration file is/etc/logrotate. conf. The main parameters are as follows:
Parameter Functions
Compress compresses logs after dumping through gzip
This parameter is used when nocompress does not require compression.
Copytruncate is used to back up and truncate the current log file that is still being opened.
Nocopytruncate backs up log files but does not truncate
Create mode owner group dump file, create a new log file using the specified file mode
Nocreate does not create a new Log File
When delaycompress and compress are used together, the dumped log files are compressed only when they are transferred to the next dump.
Nodelaycompress overwrites the delaycompress option, and the dump is compressed at the same time.
The error message sent to the specified Email address when the errors address exists
Ifempty dumps even empty files. This is the default logrotate option.
Notifempty is not dumped if it is an empty file
Mail address sends the dumped log file to the specified E-mail address
Do not send log files when nomail dump
The log file after the olddir directory is dumped is placed in the specified directory and must be in the same file system as the current log file.
The log file after noolddir dumping and the current log file are placed in the same directory
Prerotate/endscript can put this pair of commands that need to be executed before dumping. These two keywords must be in a separate line.
Postrotate/endscript can be placed into this pair of commands to be executed after the dump. These two keywords must be entered separately.
Daily indicates that the dump cycle is daily.
Weekly indicates that the dump cycle is weekly.
Monthly specifies the dump cycle as per month
Rotate count indicates the number of dump times before the log file is deleted. 0 indicates no backup, and 5 indicates five backups are retained.
Tabootext [+] list to prevent logrotate from dumping files with the specified extension. The default extension is. rpm-orig,. rpmsave, v, and ~
Size: dump a log file only when it reaches the specified Size. size can specify bytes (default), KB (sizek), or MB (sizem ).
Description in the Linux help manual:
Size
Log files are rotated when they grow bigger then size bytes. If size is followed by M, the size if assumed to be in megabytes.
If the k is used, the size is in kilobytes. So size 100, size 100 k, and size 100 M are all valid.
Dump when the log file is greater than or equal to size. The following is a valid format: other formats are case-insensitive)
Size = 5 or size 5> = 5 bytes to dump)
Size = 100 kb or size 100 KB
Size = 100 M or size 100 M