Hello everyone. I have a couple questions about controlling logs on Linux servers.

I am currently running Red Hat 8.0.

Right now, in my /var/log directory, I have my log files that seem to be stored and backed up accordingly.

What I am wondering is, is it possible, to setup log files with different attributes as to how they are going to be handled?

For example, let's say I want the 'message' logs to be rotated 3 times a week at a given time and make sure I do not archive more than 3 logs. Thus, I would have message.1, message.2 and message.3 for example.

Now, let's say I want some firewall logs that I am sending over daily to be archived and saved.

I have setup syslog to accept firewall logs from a remote server. I want these logs to stop at a certain time (1am lets say) so I can then run a perl script against the log and extract certain pieces of information. The, a new log will start to accumulate without a hitch. I can then archive the firewall logs as far back as I like.

First, is it possible to do that?

From doing a bit of research, it looks like I will need to modify logrotate.conf as well as setup a cronjob to have my perl script execute against the log file.

Other than that, am I on the right track?

I appreciate it.

For reference, here is my logrotate.conf file:

# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

# system-specific logs may be also be configured here

Plain jane setup, but I want to configure it to my likeing.

Anyone know where I can find some good documentation on this, besides the man page?

Tarballed

For example, let's say I want the 'message' logs to be rotated 3 times a week at a given time and make sure I do not archive more than 3 logs.

Here's an example cron job: "01 00 */3 * * <user> logrotate <config>", where <config> should not reside in the regular logrotate dir. This job just would run at 1 past midnight every 3rd day of the week.

From doing a bit of research, it looks like I will need to modify logrotate.conf
No, you needn't do that, here's a simple config:
/var/log/<somelogfile> {
create 0644 root root
rotate 3
}

Ya, I was reading into that.

However, I was doing some reading on the man page for logrotate, and there was a bit of information that says I can enter my own info at the bottom of logrotate.conf.

Now, I would need to edit logrotate.conf correct?

I keep thinking there may be a way to have my firewall logs rotated at a specific time through logrotate.conf. I may be wrong though.

Am I completely missing the point, or am I semi-close?

Tarballed