Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello everyone. I have a couple questions about controlling logs on Linux servers.
I am currently running Red Hat 8.0.
Right now, in my /var/log directory, I have my log files that seem to be stored and backed up accordingly.
What I am wondering is, is it possible, to setup log files with different attributes as to how they are going to be handled?
For example, let's say I want the 'message' logs to be rotated 3 times a week at a given time and make sure I do not archive more than 3 logs. Thus, I would have message.1, message.2 and message.3 for example.
Now, let's say I want some firewall logs that I am sending over daily to be archived and saved.
I have setup syslog to accept firewall logs from a remote server. I want these logs to stop at a certain time (1am lets say) so I can then run a perl script against the log and extract certain pieces of information. The, a new log will start to accumulate without a hitch. I can then archive the firewall logs as far back as I like.
First, is it possible to do that?
From doing a bit of research, it looks like I will need to modify logrotate.conf as well as setup a cronjob to have my perl script execute against the log file.
Other than that, am I on the right track?
I appreciate it.
For reference, here is my logrotate.conf file:
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
# system-specific logs may be also be configured here
Plain jane setup, but I want to configure it to my likeing.
Anyone know where I can find some good documentation on this, besides the man page?
For example, let's say I want the 'message' logs to be rotated 3 times a week at a given time and make sure I do not archive more than 3 logs.
Here's an example cron job: "01 00 */3 * * <user> logrotate <config>", where <config> should not reside in the regular logrotate dir. This job just would run at 1 past midnight every 3rd day of the week.
From doing a bit of research, it looks like I will need to modify logrotate.conf
No, you needn't do that, here's a simple config:
/var/log/<somelogfile> {
create 0644 root root
rotate 3
}
However, I was doing some reading on the man page for logrotate, and there was a bit of information that says I can enter my own info at the bottom of logrotate.conf.
Quote:
From doing a bit of research, it looks like I will need to modify logrotate.conf
No, you needn't do that, here's a simple config:
/var/log/<somelogfile> {
create 0644 root root
rotate 3
}
Now, I would need to edit logrotate.conf correct?
I keep thinking there may be a way to have my firewall logs rotated at a specific time through logrotate.conf. I may be wrong though.
Am I completely missing the point, or am I semi-close?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.