Actions sur le document
La rotation des logs
La rotation de logs sous Fedora
On commence pas customiser le fichier /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
Ensuite on file dans le répertoire /etc/logrotate.d/
Par défaut j'ai les fichiers suivants
-rw-r--r-- 1 root root 144 mar 16 2005 acpid
-rw-r--r-- 1 root root 147 sep 22 2005 btseed
-rw-r--r-- 1 root root 149 sep 22 2005 bttrack
-rw-r--r-- 1 root root 97 fév 25 14:52 cacti
-rw-r--r-- 1 root root 161 aoû 2 2005 cups
-rw-r--r-- 1 root root 174 jan 17 12:37 httpd
-rw-r--r-- 1 root root 571 jui 27 2005 mgetty
-rw-r--r-- 1 root root 363 jun 27 01:32 nagios
-rw-r--r-- 1 root root 163 aoû 22 2005 named
-rw-r--r-- 1 root root 136 nov 2 2004 ppp
-rw-r--r-- 1 root root 323 mar 4 2005 psacct
-rw-r--r-- 1 root root 61 jui 13 2005 rpm
-rw-r--r-- 1 root root 232 mai 2 2005 samba
-rw-r--r-- 1 root root 154 jui 13 2005 snmpd
-rw-r--r-- 1 root root 313 nov 11 2004 snort
-rw-r--r-- 1 root root 543 mar 15 15:44 squid
-rw-r--r-- 1 root root 228 mai 10 2005 syslog
-rw-r--r-- 1 root root 200 mai 10 2005 tomcat5
-rw-r--r-- 1 root root 32 fév 23 2001 up2date
-rw-r--r-- 1 root root 89 aoû 16 2005 yum
J'ai customisé mes fichiers de la maniére suivante :
Pour httpd
/var/log/httpd/*_log {
# This is the instruction not to return an error if a particular log file is not present.
#missingok
# This command instructs the system not to rotate the logs if the current main log file is empty
notifempty
# This command instructs the system to run that script only once after all the files matching /var/log/httpd/*_log
sharedscripts
# Personal Add
rotate 3
weekly
mail djkwa29@gmail.com
compress
postrotate
/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
endscript
}
Pour squid
/var/log/squid/access.log {
weekly
rotate 5
copytruncate
compress
mail djkwa29@gmail.com
}
/var/log/squid/cache.log {
weekly
rotate 5
copytruncate
compress
mail djkwa29@gmail.com
}
/var/log/squid/store.log {
weekly
rotate 5
copytruncate
compress
mail djkwa29@gmail.com
# This script asks squid to rotate its logs on its own.
# Restarting squid is a long process and it is not worth
# doing it just to rotate logs
postrotate
/usr/sbin/squid -k rotate
endscript
}
/var/log/messages /var/log/mysqld.log /var/log/maillog /var/log/cron /var/log/lastlog /var/log/cron /var/log/secure {Et voilà pour le reste les log sont minimes. Pas besoin de les archiver
sharedscripts
rotate 3
weekly
mail djkwa29@gmail.com
compress
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
Pour finir et vérifier l'ensemble
/usr/sbin/logrotate /etc/logrotate.conf -v
Et pour forcer la rotation des logs
/usr/sbin/logrotate /etc/logrotate.conf -f
