Embedded Linux - Preserve log file thats cleared on boot
 

Hi

Im looking for some advice on how to solve a simple enough issue I have with a portable device that uses a stripped down version of linux with the BusyBox tools.

The problem is that the device clears its log on each boot. I need to preserve the log for auditing. I've tried several different methods but none really give me a elegant solution.

I've tried the following

1. Setup a cron job to copy the log file to a folder which is not cleared on boot with a timestamp in the filename. This achives the aim however it leaves me with a lot of files that are mainly duplicates of each other. Im sure there must be a better way.

2. Using a bash script to do a diff against the live log file and the backup and then append the differences to the bottom of the backup log file. This kinda words but due to the output of the diff command it makes the log file very difficult to read.

One solution that has been mentioned to me is to use syslog to write a copy of the logfile to another directory that is cleared on reboot. I like the sound of this solution as its clean and simple. I've had a look at what seems to be the config file for syslog its at /etc/sysconfig/syslog

It only contains one line which I dont understand at all (yes, I have been googling syslog configuration but havnt managed to get any information to help me understand the line) its:

SYSLOG="-m 0 -b 2 -s 64"

Anyone got any experience with getting syslog to do what I want

Many thanks

Eamo

Why not just mount /var/log on whatever non-volatile volume you have? Or symlink it, if that would be easier in your setup. That way all the logs will be preserved transparently to the system.

Beyond that option, it sounds like it is just an issue of getting the correct Bash script to backup the log file. So for example, if the multiple logs are bothering you, why not simply have the script delete any that are more than x hours/days/weeks old?

I like your suggestion of adding to the bash script some code that deletes files if they are older than X hours lets say.

I've been searching the net for some information on how to write this script but havnt come up with much.

Even a list of commands that possibly could help would be a good start. Im not afraid of man pages I just dont even know what commands are most suited to getting this result

Regards

Eamo

Here is a very simple script (actually, you can really do the whole thing with just the one line) to remove files from a given directory that are older than a given number of hours. Adjusting the two variables to match your system should work. The third variable allows you to either delete everything, or delete only files matching a specific pattern (I.E. "logfile-*")

Once you have things sent the way you want, you could put the "find ..." line in your boot scripts with the minutes, directory, and file pattern hard-coded in.