These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

UNIX03/Configuring Logrotate

Classnotes | UNIX03 | RecentChanges | Preferences

Logrotate.conf

Logrotate's main configuration file is generally located in /etc/logrotate.conf. This file's format is defined by the manpage for logrotate. In a nutshell, the format is as follows:
 <global configuration options>

 <definition for logfile 1>

 <definition for logfile 2>

 <definition for logfile 3>

 ... etc ...

Let's take a look at an example logrotate.conf file and examine what we could set:

 weekly
 rotate 4
 create
 #compress

Here, we are specifying a weekly log rotation; we want to keep 4 weeks worth of logs, and we want to create blank new logs after rotating the old ones. We also have and option "compress" commented out. If we wished to compress our old log files, we would uncomment this section. This is, in fact, the default setting under Debian.

Let's take a look at another example for the global section:

 size 100K
 start 0
 nocopytruncate

Here, we are specifying that we want to rotate logs once they reach 100K in size; we want the rotated logs to start with the numbering "0" instead of "1"; and we want to not truncate the original log file in place after copying it.

Next, we will typically find an include:

 # packages drop log rotation information into this directory
 include /etc/logrotate.d

After this, we may find additional rules and scripting for log files. However, because of this include, there is actually a better place to put these.

/etc/logrotate.d

Inside this directory you will find other files which logrotate will include in its configuration when it is run. Note that this may be a security concern, as logrotate runs as root, if this directory is not well protected!

Let's take a look at what we might expect to find in this directory:

 -rw-r--r--    1 root     root      192 Feb  7  2002 apache
 -rw-r--r--    1 root     root      380 Jan  6  2002 base-config
 -rw-r--r--    1 root     root      151 Jun 11  2002 iptraf
 -rw-r--r--    1 root     root       79 Jan 30  2002 lvm-common
 -rw-r--r--    1 root     root      685 Mar 29  2002 mysql-server
 -rw-r--r--    1 root     root      211 Sep 29  2001 nessusd
 -rw-r--r--    1 root     root      267 Jan 26  2002 samba
 -rw-r--r--    1 root     root       68 Jan 24  2003 scrollkeeper
 -rw-r--r--    1 root     root      266 May  5 12:05 snort
 -rw-r--r--    1 root     root      301 Jul  4  2002 squid
 -rw-r--r--    1 root     root      371 Apr  7  2002 thttpd
 -rw-r--r--    1 root     root      108 Sep  5  2001 xtel

Each of these files specify what and how to handle specific logs for specific applications. Let's take a quick look at the definition for Apache:

 /var/log/apache/*.log {
        weekly
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                /etc/init.d/apache reload > /dev/null
        endscript
 }

Here, we are specifying how to rotate the Apache logs. They default (under Debian) to weekly rotates. They keep 52 old log files. They compress the old logs, but that decompression is delayed until the next rotate cycle. They do not rotate the logs if they are empty. They also define an external script to run when the rotation has completed (50 imaginary points to whomever can tell me what it's doing).

Now, lets look at a typical file for SAMBA:

 /var/log/samba/log.smbd {
        weekly
        missingok
        rotate 7
        postrotate
                killall -q -HUP smbd || true
        endscript
        compress
        notifempty
 }
 /var/log/samba/log.nmbd {
        weekly
        missingok
        rotate 7
        postrotate
                killall -q -HUP nmbd || true
        endscript
        compress
        notifempty
 }

Here, we have two log files which need rotation. Also, the associated SAMBA daemons are told to reload once the rotation has completed.



Classnotes | UNIX03 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited October 11, 2003 2:00 am (diff)
Search:
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.