Logrotate regularly manages Linux Log Files

Source: Internet
Author: User
For Linux system security, log files are extremely important tools. The system administrator can use logrotate Program Used to manage the latest events in the system.


For Linux system security, log files are extremely important tools.

The system administrator can use the logrotate program to manage the latest events in the system. Logrotate can also be used to back up log files. This article will introduce the following parts:


Log File Management:

1. logrotate Configuration

2. logrotate is configured by default.

3. Use the include option to read other configuration files

4. Use the include option to overwrite the default configuration

5. Configure dump parameters for the specified file


1. logrotate Configuration


The logrotate program is a log file management tool. It is used to delete the old log file and create a new log file. We call it a "dump ". We can dump the logs based on the log file size or the number of days. This process is generally executed by the cron program.

The logrotate program can also be used to compress log files and send logs to the specified email.


The logrotate configuration file is/etc/logrotate. conf. The main parameters are as follows:


Parameter Functions

Compress compresses logs after dumping through Gzip

This parameter is used when nocompress does not require compression.

Copytruncate is used to back up and truncate the current log file that is still being opened.

Nocopytruncate backs up log files but does not truncate

Create mode owner group dump file, create a new log file using the specified file Mode

Nocreate does not create a new Log File

When delaycompress and compress are used together, the dumped log files are compressed only when they are transferred to the next dump.

Nodelaycompress overwrites the delaycompress option, and the dump is compressed at the same time.

The error message sent to the specified email address when the errors address exists

Ifempty dumps even empty files. This is the default logrotate option.

Notifempty is not dumped if it is an empty file

Mail address sends the dumped log file to the specified E-mail Address

Do not send log files when nomail dump

The log file after the olddir directory is dumped is placed in the specified directory and must be in the same file system as the current log file.

The log file after noolddir dumping and the current log file are placed in the same directory

Prerotate/endscript can put this pair of commands that need to be executed before dumping. These two keywords must be in a separate line.

Postrotate/endscript can be placed into this pair of commands to be executed after the dump. These two keywords must be entered separately.

Daily indicates that the dump cycle is daily.

Weekly indicates that the dump cycle is weekly.

Monthly specifies the dump cycle as per month

Rotate count indicates the number of dump times before the log file is deleted. 0 indicates no backup, and 5 indicates five backups are retained.

Tabootext [+] list to prevent logrotate from dumping files with the specified extension. The default extension is. rpm-orig,. rpmsave, V, and ~

Size size: dump a log file only when it reaches the specified size. Size can specify bytes (default), KB (sizek), or MB (sizem ).



2. logrotate is configured by default.


What is the default configuration of logrotate? /Etc/logrotate. conf.

The default installation file content of Red Hat Linux is:


# See "Man logrotate" For details

# Rotate log files weekly

Weekly


# Keep 4 weeks worth of backlogs

Rotate 4


# Send errors to root

Errors Root

# Create new (empty) log files after rotating old ones

Create


# Uncomment this if you want your log files compressed

# Compress

1

# Rpm packages drop log rotation information into this directory

Include/etc/logrotate. d


# No packages own lastlog or wtmp -- We'll rotate them here

/Var/log/wtmp {

Monthly

Create 0664 root utmp

Rotate 1

}


/Var/log/lastlog {

Monthly

Rotate 1

}


# System-specific logs may be configured here



The default configuration is generally placed at the beginning of the logrotate. conf file, affecting the entire system. In this example, the first 12 rows are displayed.


The third line weekly specifies that all log files are dumped once a week.

The fifth line rotate 4 specifies four copies of the dump file.

Row 7 errors root specifies the error message to be sent to the root user.

In the ninth line, create specifies that logrotate automatically creates a new log file. The new log file has

The original file has the same permissions.

Row 11th # compress specifies not to compress the dump file. If compression is required, remove the comment.


3. Use the include option to read other configuration files

The include option allows the system administrator to centralize the dump information distributed to several files

Main configuration file. When logrotate reads the include option from logrotate. conf, it reads the configuration information from the specified file, as if they are already in/etc/logrotate. conf.


Row 3: Include/etc/logrotate. d. Tell logrotate to read data in/etc/logrotate. d directory. When the RPM package is installed in the system, the include option is very useful. The log dump parameters of the RPM package are generally stored in the/etc/logrotate. d directory.


The include option is very important. Some applications store the log dump parameter in/etc/logrotate. D.


Typical applications include Apache, linuxconf, Samba, Cron, and syslog.


In this way, the system administrator only needs to manage a/etc/logrotate. conf file.


4. Use the include option to overwrite the default configuration


When/etc/logrotate. conf reads a file, the dump parameter in the file specified by include will overwrite the default parameter, as shown in the following example:


# Linuxconf Parameters

/Var/log/htmlaccess. Log

{Errors Jim

Notifempty

Nocompress

Weekly

Prerotate

/Usr/bin/chattr-A/var/log/htmlaccess. Log

Endscript

Postrotate

/Usr/bin/chattr + A/var/log/htmlaccess. Log

Endscript

}

/Var/log/netconf. Log

{Nocompress

Monthly

}


In this example, when the/etc/logrotate. d/linuxconf file is read, the following parameters will overwrite the default parameters in/etc/logrotate. conf.


Notifempty

Errors Jim


5. Configure dump parameters for the specified file

You often need to configure parameters for the specified file. A common example is to dump/var/log/wtmp every month. The parameter format used for a specific file is:


# Note

/Full/path/to/File

{

Option (s)

}


The following example is a monthly dump of/var/log/wtmp:

# Use logrotate to rotate wtmp

/Var/log/wtmp

{

Monthly

Rotate 1

}



Vi. Other issues needing attention


1. Although the beginning of the curly braces can be placed on the same line as other texts, the curly braces at the end must be arranged separately.


2. Use the prerotate and postrotate options

The following is a typical script/etc/logrotate. d/syslog.

/Var/log/messages is valid.


/Var/log/messages

{

Prerotate

/Usr/bin/chattr-A/var/log/messages

Endscript

Postrotate

/Usr/bin/kill-HUP syslogd

/Usr/bin/chattr + A/var/log/messages

Endscript

}


The first line specifies that the script is valid for/var/log messages

How can I read and read the apricot in mumalaria? /Var/log/messages

The prerotate command specifies the previous Dumping Action/usr/bin/chattr-a to remove the "only append" attribute of the/var/log/messages file. The endscript end the prerotate part of the script postrotate specifies action


/Usr/bin/killall-hup syslogd


Used to reinitialize the system log daemon syslogd


/Usr/bin/chattr + A/var/log/messages


Specify the "APPEND only" attribute for the/var/log/messages file to prevent programmers or users from overwriting the file.


The final endscript is used to end the postrotate part.


3. logrotate is run in three steps:


Determine the System Log File, establish the dump plan and parameters, and run the following Code It is the default crontab of Red Hat Linux to run logrotate every day.


#/Etc/cron. daily/logrotate

#! /Bin/sh


/Usr/sbin/logrotate/etc/logrotate. conf


4./var/log/messages:

This is rare, but if you disable port 514/udp in/etc/services, this file will not be generated.


Summary: This article introduces the typical logrotate configuration example on the Red Hat system, and details the application method of the logrotate program. We hope to help all Linux system administrators. Good Management and Analysis of log files are the first step in System Security (there is also a good logcheck for checking logs ).
Article Referenced from: Http://blog.sina.com.cn/s/blog_4a29d64301000786.html

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.