| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
12-18-2012, 03:05 PM
|
#1
|
|
LQ Newbie
Registered: Dec 2012
Posts: 3
Rep: 
|
Logrotate Logs not rotating Ubunutu 12.4 LTS
Hello,
I am a rookie when it comes to Linux, and I have been tasked with creating a syslog server using Ubuntu to hold logs for 100+ networking devices. I wanted a separate log for each source ip address and dynamically created with the date. I achieved this with the following in /etc/rsyslog.conf
$IncludeConfig /etc/rsyslog.d/*.conf
$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
$template DailyPerHostLogs,"/var/log/remotehosts/%HOSTNAME%.%$YEAR%-%$MONTH%-%$DAY%.log"
*.* -?DailyPerHostLogs;TraditionalFormat
& ~
Below is the relevant section of /etc/logrotate.d/rsyslog. (IP addresses replaced with XXX or YYY). I tried 2 different settings for 2 different logs and neither works.
##TEST1##
/var/log/remotehosts/XXX.XXX.XXX.XXX.*.log {
rotate 1
maxage 2
daily
missingok
notifempty
postrotate
/etc/init.d/rsyslog restart >/dev/null 2>&1 || true
endscript
}
##TEST2##
/var/log/remotehosts/YYY.YYY.YYY.YYY.*.log {
rotate 30
daily
missingok
notifempty
maxage 2
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
Here is what is currently in my log location
-rw-r--r-- 1 root root 0 Dec 12 06:26 XXX.XXX.XXX.XXX.2012-12-11.log
-rw-r--r-- 1 root root 3236940 Dec 11 23:59 XXX.XXX.XXX.XXX.2012-12-11.log.1
-rw-r--r-- 1 root root 0 Dec 13 06:35 XXX.XXX.XXX.XXX.2012-12-12.log
-rw-r--r-- 1 root root 7033328 Dec 12 23:59 XXX.XXX.XXX.XXX.2012-12-12.log.1
-rw-r--r-- 1 root root 2369832 Dec 12 06:26 XXX.XXX.XXX.XXX.2012-12-12.log.2
-rw-r--r-- 1 root root 0 Dec 14 06:31 XXX.XXX.XXX.XXX.2012-12-13.log
-rw-r--r-- 1 root root 6566549 Dec 13 23:59 XXX.XXX.XXX.XXX.2012-12-13.log.1
-rw-r--r-- 1 root root 0 Dec 15 06:51 XXX.XXX.XXX.XXX.2012-12-14.log
-rw-r--r-- 1 root root 8569767 Dec 14 23:59 XXX.XXX.XXX.XXX.2012-12-14.log.1
-rw-r--r-- 1 root root 0 Dec 16 06:46 XXX.XXX.XXX.XXX.2012-12-15.log
-rw-r--r-- 1 root root 9113066 Dec 15 23:59 XXX.XXX.XXX.XXX.2012-12-15.log.1
-rw-r--r-- 1 root root 0 Dec 17 06:28 XXX.XXX.XXX.XXX.2012-12-16.log
-rw-r--r-- 1 root root 13063562 Dec 16 23:59 XXX.XXX.XXX.XXX.2012-12-16.log.1
-rw-r--r-- 1 root root 0 Dec 18 06:47 XXX.XXX.XXX.XXX.2012-12-17.log
-rw-r--r-- 1 root root 7929472 Dec 17 23:59 XXX.XXX.XXX.XXX.2012-12-17.log.1
-rw-r--r-- 1 root root 4438687 Dec 18 13:58 XXX.XXX.XXX.XXX.2012-12-18.log
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-06.log
-rw-r--r-- 1 root root 6843 Dec 6 23:17 YYY.YYY.YYY.YYY.2012-12-06.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-07.log
-rw-r--r-- 1 root root 23574 Dec 7 23:17 YYY.YYY.YYY.YYY.2012-12-07.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-08.log
-rw-r--r-- 1 root root 7693 Dec 8 23:17 YYY.YYY.YYY.YYY.2012-12-08.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-09.log
-rw-r--r-- 1 root root 8020 Dec 9 23:17 YYY.YYY.YYY.YYY.2012-12-09.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-10.log
-rw-r--r-- 1 root root 10790 Dec 10 23:17 YYY.YYY.YYY.YYY.2012-12-10.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-11.log
-rw-r--r-- 1 root root 19424 Dec 11 23:17 YYY.YYY.YYY.YYY.2012-12-11.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-12.log
-rw-r--r-- 1 root root 7842 Dec 12 23:17 YYY.YYY.YYY.YYY.2012-12-12.log.1
-rw-r--r-- 1 root root 0 Dec 14 06:31 YYY.YYY.YYY.YYY.2012-12-13.log
-rw-r--r-- 1 root root 16021 Dec 13 23:17 YYY.YYY.YYY.YYY.2012-12-13.log.1
-rw-r--r-- 1 root root 0 Dec 15 06:51 YYY.YYY.YYY.YYY.2012-12-14.log
-rw-r--r-- 1 root root 13646 Dec 14 23:17 YYY.YYY.YYY.YYY.2012-12-14.log.1
-rw-r--r-- 1 root root 0 Dec 16 06:46 YYY.YYY.YYY.YYY.2012-12-15.log
-rw-r--r-- 1 root root 14604 Dec 15 23:17 YYY.YYY.YYY.YYY.2012-12-15.log.1
-rw-r--r-- 1 root root 0 Dec 17 06:28 YYY.YYY.YYY.YYY.2012-12-16.log
-rw-r--r-- 1 root root 16194 Dec 16 23:17 YYY.YYY.YYY.YYY.2012-12-16.log.1
-rw-r--r-- 1 root root 0 Dec 18 06:47 YYY.YYY.YYY.YYY.2012-12-17.log
-rw-r--r-- 1 root root 17130 Dec 17 23:17 YYY.YYY.YYY.YYY.2012-12-17.log.1
-rw-r--r-- 1 root root 18255 Dec 18 13:45 YYY.YYY.YYY.YYY.2012-12-18.log
So, initially I want to be able to delete all files that are older than X day(s). And modify this value based on the device. In this example, I want XXX to delete files older than 1 day and YYY to delete files older than 30. It seems like it is renaming the old file with a .1 at the end, creating a new file that is empty, and that is it. I've researched this for hours and tried various things found in the man pages but nothing seems to produce the result that I want. Any help would be appreciated. If I didn't explain something correctly, please let me know.
Thanks!!
|
|
|
|
|
12-19-2012, 08:46 AM
|
#2
|
|
Member
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5
Posts: 537
Rep: 
|
Is your syslog server logs rotating correctly? If so then check to see how the default syslogd and rsyslogd are being treated.
For example on my CentOS server I have:
Code:
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
Rather then a direct init.d restart of the deamon. |
|
|
|
|
12-19-2012, 08:48 AM
|
#3
|
|
Member
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5
Posts: 537
Rep:
|
Here's also my syslog.d entry that's doing a daily rotate of logs from a remote device:
Code:
/var/log/remote/fortigate.log {
compress
rotate 31
daily
missingok
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
|
|
|
|
|
12-19-2012, 08:52 AM
|
#4
|
|
Member
Registered: Nov 2010
Location: Minneapolis, MN
Distribution: Ubuntu, Red Hat, Mint
Posts: 113
Rep:
|
You could do something like this, modify the 90 to meet your needs (this deletes log files last modified more than 90 days ago).
Code:
postrotate
/usr/bin/find /path/to/your/logs -mtime +90 | /usr/bin/xargs /bin/rm
endscript
You can also try adding "copytruncate" into your definition.
Last edited by thesnow; 12-19-2012 at 08:54 AM.
Reason: copytruncate
|
|
|
|
|
12-27-2012, 09:20 AM
|
#5
|
|
LQ Newbie
Registered: Dec 2012
Posts: 3
Original Poster
Rep:
|
Im sorry it has taken so long to reply - I have been out for Christmas. I attempted your suggestions but was still unsuccessful. I came to the idea that maybe the dynamic portion of the code was the issue %HOSTNAME%.%$YEAR%-%$MONTH%-%$DAY%.log and instead reverted to an individual log as so:
$template TraditionalFormat,"%timegenerated% %HOSTNAME% %syslogtag%%msg:::drop-last-lf%\n"
if $fromhost-ip == 'XXX.XXX.XXX.XXX' then /var/log/remotehosts/FW.log
*.* -?TraditionalFormat
& ~
I modified the logrotate.d/rsyslog.conf like this:
##FW##
/var/log/remotehosts/FW.log
{
rotate 2
daily
missingok
notifempty
ipostrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
Now it doesn't appear to be rotating at all... It created one empty file FW.log.1 and just kept appending the original file for many days. Also, I'm not sure if this would cause anything, but when I deleted the original directory, modified this code, and first restarted the rsyslog service, the /var/log/remotehosts directory denied me access. So I did chmod 777 /var/log/remotehosts..... Any ideas? I appreciate the help that you have already offered.
|
|
|
|
|
01-04-2013, 01:51 PM
|
#6
|
|
LQ Newbie
Registered: Dec 2012
Posts: 3
Original Poster
Rep:
|
Turned out to be a permissions issue..The solution was:
create 640 syslog adm
Also did
sudo chown syslog:adm remotehosts
sudo chown syslog:adm FW.log
Last edited by 116Fanatic; 01-04-2013 at 01:53 PM.
|
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 11:31 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
