1) What is logrotate?
Logrotate is a log management program used to delete (back up) Old log files and create new log files. This process is called a "dumping ". We can dump logs based on the log size or the number of days they are used. This process is generally executed by cron.
Logrotate can also be used to compress log files and send logs to the specified email address.
2) default logrotate configuration file and Its Main Parameters
The main parameters of the logrotate configuration file/etc/logrotate. conf are as follows:
Parameter Functions
Compress compresses logs after dumping through Gzip
This parameter is used when nocompress does not require compression.
Copytruncate is used to back up and truncate the current log file that is still being opened.
Nocopytruncate backs up log files but does not truncate
Create mode owner group dump file, create a new log file using the specified file Mode
Nocreate does not create a new Log File
When delaycompress and compress are used together, the dumped log files are compressed only when they are transferred to the next dump.
Nodelaycompress overwrites the delaycompress option, and the dump is compressed at the same time.
The error message sent to the specified email address when the errors address exists
Ifempty dumps even empty files. This is the default logrotate option.
Notifempty is not dumped if it is an empty file
Mail address sends the dumped log file to the specified E-mail Address
Do not send log files when nomail dump
The log file after the olddir directory is dumped is placed in the specified directory and must be in the same file system as the current log file.
The log file after noolddir dumping and the current log file are placed in the same directory
Prerotate/endscript can put this pair of commands that need to be executed before dumping. These two keywords must be in a separate line.
Postrotate/endscript can be placed into this pair of commands to be executed after the dump. These two keywords must be entered separately.
Daily indicates that the dump cycle is daily.
Weekly indicates that the dump cycle is weekly.
Monthly specifies the dump cycle as per month
Rotate count indicates the number of dump times before the log file is deleted. 0 indicates no backup, and 5 indicates five backups are retained.
Tabootext [+] list to prevent logrotate from dumping files with the specified extension. The default extension is. rpm-orig,. rpmsave, V, and ~
Size size: dump a log file only when it reaches the specified size. Size can specify bytes (default), KB (sizek), or MB (sizem ).
3) logrotate. conf parsing of redhad Linux
# See "Man logrotate" For details
# Rotate log files weekly
Weekly
# Keep 4 weeks worth of backlogs
Rotate 4
# Send errors to root
Errors Root
# Create new (empty) log files after rotating old ones
Create
# Uncomment this if you want your log files compressed
# Compress
1
# Rpm packages drop log rotation information into this directory
Include/etc/logrotate. d
# No packages own lastlog or wtmp -- We'll rotate them here
/Var/log/wtmp {
Monthly
Create 0664 root utmp
Rotate 1
}
/Var/log/lastlog {
Monthly
Rotate 1
}
# System-specific logs may be configured here
Use the include option to read other configuration files
The include option allows the system administrator to centralize the dump information distributed to several files to a major configuration file. When logrotate reads the include option from logrotate. conf, it reads the configuration information from the specified file, as if they are already in/etc/logrotate. conf.
Row 3: Include/etc/logrotate. d. Tell logrotate to read data in/etc/logrotate. d directory. When the RPM package is installed in the system, the include option is very useful. The log dump parameters of the RPM package are generally stored in the/etc/logrotate. d directory.
The include option is very important. Some applications store the log dump parameter in/etc/logrotate. D.
Typical applications include Apache, linuxconf, Samba, Cron, and syslog.
In this way, the system administrator only needs to manage a/etc/logrotate. conf file.
When/etc/logrotate. conf reads a file, the dump parameter in the file specified by include will overwrite the default parameter, as shown in the following example:
The above information is stored in the logrotate file, which is located in the/etc/cron. daily directory and configured by/etc/crontab and executed by the cron program.
# Linuxconf Parameters
/Var/log/htmlaccess. Log
{
Errors Jim
Notifempty
Nocompress
Weekly
Prerotate
/Usr/bin/chattr-A/var/log/htmlaccess. Log
Endscript
Postrotate
/Usr/bin/chattr + A/var/log/htmlaccess. Log
Endscript
}
/Var/log/netconf. Log
{
Nocompress
Monthly
}
In this example, when the/etc/logrotate. d/linuxconf file is read, the following parameters will overwrite the default parameters in/etc/logrotate. conf.
Notifempty
Errors Jim
4) logrotate execution
Logrotate is run in three steps:
Determine the system's log files, establish a dump plan and parameters, and run it through cron daemon.
The following code is the default crontab of Red Hat Linux to run logrotate every day.
#/Etc/cron. daily/logrotate
#! /Bin/sh
/Usr/sbin/logrotate/etc/logrotate. conf
The above information is saved in the logrotate file, which is actually a configuration file located in the/etc/cron. daily directory.
All configuration files in/etc/cron. daily are the configuration files of programs executed by cron every day. They are all set and executed by/etc/crontab maintained by the system administrator.
It is found that the log/var/log/asterisk/full of Asterisk actually has 170 MB, so we are looking for a log rotation method. According to the above information, you only need to add
/Var/log/asterisk/messages/var/log/asterisk/* log/var/log/asterisk/full {
Missingok
Rotate 5
Daily
Create 0640 asterisk Asterisk
Postrotate
/Usr/sbin/asterisk-Rx 'logger reload'>/dev/null 2>/dev/null
Endscript
}
Reference: http://www.voip-info.org/tiki-index.php? Page = logrotate