{"id":223,"date":"2020-08-18T19:23:47","date_gmt":"2020-08-18T20:23:47","guid":{"rendered":"http:\/\/www.linux-tutorial.info\/?page_id=77"},"modified":"2020-08-22T19:26:16","modified_gmt":"2020-08-22T20:26:16","slug":"this-is-the-page-title-toplevel-58","status":"publish","type":"page","link":"http:\/\/www.linux-tutorial.info\/?page_id=223","title":{"rendered":"Managing System Logs"},"content":{"rendered":"\nManaging System Logs<\/title>\n<question id=\"118\" text=\"What command could you use to send a message to system log deamon?\" \/>\n<p>\nOften times it is useful to log messages from scripts. This can done using\nthe <command>logger<\/command> command (usually found in <directory>\/usr\/bin<\/directory>). Without any options it takes\nthe <glossary>user name<\/glossary>\nas the <glossary>facility<\/glossary> and “notice” as the <glossary>priority<\/glossary>. However, you can\nspecify both a facility and priority from the <glossary>command line<\/glossary>\nby using <keyinput>-p<\/keyinput> option for example:\n<\/p>\n<p>\n<samp>\n<commandexample command=\"logger\">\nlogger -p kern.warning The <glossary>kernel<\/glossary> has been recompiled.\n<\/commandexample>\n<\/samp>\n<\/p>\n<p>\nThis would send the specified message to the same place other <glossary>kernel<\/glossary>\nmessages are sent. For details on the other options, see the logger(1) <glossary>man-page<\/glossary>.\n<\/p>\n<p>\nOne common problem is what to do with all of the log messages. If you do a\nlot of logging (particularly if everything is sent to a central server), you\ncan fill up your <glossary>filesystem<\/glossary>\nfaster than you think. The most\nobvious and direct solution is to remove them as after a specific length of\ntime or when they reach a particular size.\n<\/p>\n<p>\nIt is a fairly simple matter to write a <glossary>shell<\/glossary>\nscript that is started from <command>cron<\/command> that looks at the log files and takes specific actions. The nice thing\nis that you do not have to. Linux provides this functionality for you in the\nform of the <command>logrotate<\/command> command.<\/p>\n<question id=\"118\" type=\"MC\" text=\"What command is used to rotate log file when specific events occur or at specific times?\" \/>\n<concept id=\"\" description=\"The 'logrotate' command is used to rotate log file when specific events occur or at specific times\" \/>\n<p>\nAs its name implies, the goal of the <command>logrotate<\/command> program is to “rotate”\nlog files. This could be as simple as moving a log file to a different name\nand replacing the original with an empty file. However, there is much more to\nit.\n<\/p>\n<question id=\"118\" type=\"MC\" text=\"What is the logrotate 'state file'?\" \/>\n<concept id=\"\" description=\"The logrotate 'state file' tells logrotate when the last actions were\ntaken \" \/>\n<p>\nTwo files define how <command>logrotate<\/command> behaves. The state file (specified with the <keyinput>-s<\/keyinput>\nor <keyinput>–state<\/keyinput> option) basically tells logrotate when the last actions were\ntaken. The default is <file type=\"\">\/var\/state\/logrotate<\/file>.\n<\/p>\n<concept id=\"\" description=\"You can specify multiple configuration files when starting logrotate. \" \/>\n<p>\nThe configuration file tells <command>logrotate<\/command> when to rotate each of the respective\nfiles. If necessary, you can have multiple configuration files which can all\nbe specified on the same <glossary>command line<\/glossary>\nor you include configuration files within another one.\n<\/p>\n<question id=\"\" type=\"MC\" text=\"What are two sections\/parts of the logrotate configuration file?\" \/>\n<p>\nThe <command>logrotate<\/command> configuration file is broken into two parts. At the beginning\nare the global configuration options, which apply to all log files. Next, there\nare the configuration sections of each of the individual files (the logfile\ndefinitions). Note that some options\ncan be global or for a specific log file, which then overwrites the global\noptions.\nHowever, there are some that can only be used within a logfile definition.\n<\/p>\n<p>\nA very simple <command>logrotate<\/command> configuration file to rotate the <file type=\"\">\/var\/log\/messages<\/file>\nmight look like this:\n<p>\n<question id=\"\" type=\"TF\" text=\"The logrotate command can be configured to restart the related services after rotating a log file.\" \/>\n<concept id=\"\" description=\"The logrotate command can be configured to restart the related services after rotating a log file.\" \/>\n<filecontents>\nerrors root@logserver\ncompress\n\/var\/log\/messages {\n rotate 4\n weekly\n postrotate\n \t<command name=\"killall\">\/sbin\/killall<\/command> -HUP syslogd\n endscript\n}\n<\/filecontents>\n<\/p>\n<p>\nAt the top are two global options, followed by a logfile definition for\n<file type=\"\">\/var\/log\/messages<\/file>. In this case, we could have included the global definitions\nwithin the log file definition. However, there is normally more than one\nlogfile definition.<\/p>\n<p>\nThe first line says that all error messages are sent (mailed) to root at the\nlogserver. The second line says that log files are to be compressed after\nthey are rotated.<\/p>\n<p>\nThe logfile definition consists of the logfile name and the directives to\napply, which are enclosed within curly brackets. The first line in the\nlogfile definition says to rotate the 4 times before being removed. The next\nline says to rotate the files once a week. Together these two lines mean\nthat any given copy of the <file type=\"\">\/var\/log\/messages<\/file> file will be saved for 4 weeks\nbefore it is removed.\n<\/p>\n<question id=\"\" type=\"MC\" text=\"What does the 'postrotate' option in thew logrotate file do?\" \/>\n<p>\nThe next three lines are actually a set. The postrotate directive says that\nwhat follows should be done immediately after the log file has been rotated.\nIn this case, <command>syslogd<\/command> is sent a HUP <glossary>signal<\/glossary>\nto restart itself. There is also a\nprerotate directive, which has the same basic functionality, but does\neverything <b>before<\/b> the log is rotated.\n<\/p>\n<question id=\"\" type=\"\" text=\"You can configure logrotate to rotate all on the files within a specific directory.\" \/>\n<concept id=\"\" description=\"You can configure logrotate to rotate all on the files within a specific directory.\" \/>\n<p>\nIt is also possible to specify an entire directory. For example, you could\nrotate all of the <glossary>samba<\/glossary> logs by specifying the directory <directory>\/var\/log\/samba.d\/*<\/directory>.\n<\/p>\n<concept id=\"\" description=\"You can configure logrotate to rotate files when they reach a specific size.\" \/>\n<question id=\"\" type=\"TF\" text=\"You can configure logrotate to rotate files when they reach a specific size.\" \/>\n<p>\nAs I mentioned, you can also rotate logs based on their size. This is done by\nusing the <keyinput>size=<\/keyinput> option. Setting <keyinput>size=100K<\/keyinput> would rotate logs larger than 100 KiB and 100MiB would rotate logs larger than 100 <glossary>MiB<\/glossary>.\n<\/p>\n<p>\nAlthough you can ease the management of your log files with just the options\nwe discussed, there are an incredible number of additional options which you can\nuse. Table 3 contains a list of options you can use with a brief explanation.\nFor more details see the logrotate(1) <glossary>man-page<\/glossary>.\n<\/p>\n<question id=\"\" type=\"mc\" text=\"What logrotate option would you use to wait until the next rotation cycle to compress the previous log.\" \/>\n<question id=\"\" type=\"mc\" text=\"What logrotate option would you use to rotate the logs even if they are empty.\" \/>\n<question id=\"\" type=\"mc\" text=\"What logrotate option would you use to delimits commands run before the log is rotated\" \/>\n<question id=\"\" type=\"mc\" text=\"What logrotate option would you use to delimits commands run after the log is rotated\" \/>\n<question id=\"\" type=\"tf\" text=\"Logs rotated with logrotate are always compressed.\" \/>\n<p>\nTable 3 – logrotate options\n<\/p>\n<question id=\"\" type=\"TF\" text=\"You can configure the logrotate command to move files into a directory on a different filesystem.\" \/>\n<concept id=\"\" description=\"You cannot configure the logrotate command to move files into a directory on a different filesystem.\" \/>\n<p>\ncompress\/nocompress – compresses or does not compress old versions of logs.\n<p>\ndelaycompress – Wait until the next cycle to compress the previous log.\n<p>\ncreate mode owner group – Log file is recreated with this mode, owner and\ngroup. (nocreate overrides this.)\n<p>\ndaily, weekly, monthly – Rotate logs in the indicated interval.\n<p>\nerrors <glossary>address<\/glossary>\n– Send errors to the address indicated.\n<p>\nifempty – Rotate the logs even if they are empty. (notifempty overrides\nthis.)\n<p>\ninclude file_or_directory – Include the indicate file at this point. If a\ndirectory is given, all real files in that directory are read.\n<p>\nmail <glossary>address<\/glossary>\n– Logs rotate out of existence are mailed to this address.\n(nomail overrides this)\n<p>\nolddir directory – old logs are moved to this directory, which must be on\nthe same physical device. (noolddir overrides this.)\n<p>\npostrotate\/endscript – delimits commands run after the log is rotated. Both\nmust appear on a line by themselves.\n<p>\nprerotate\/endscript – delimits commands run before the log is rotated. Both\nmust appear on a line by themselves.\n<p>\nrotate count – Rotates the log ‘count’ times before being removed.\n<p>\nsize size – Log files greater than ‘size’ are removed.\n<p>\ntabooext [+] list – list of files not to include. A plus-sign means the files\nare added to the list rather than replacing it.\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Managing System Logs Often times it is useful to log messages from scripts. This can done using the logger command (usually found in \/usr\/bin). Without any options it takes the user name as the facility and “notice” as the priority. … <a href=\"http:\/\/www.linux-tutorial.info\/?page_id=223\">Continue reading <span class=\"meta-nav\">→<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-223","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages\/223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=223"}],"version-history":[{"count":1,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages\/223\/revisions"}],"predecessor-version":[{"id":617,"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=\/wp\/v2\/pages\/223\/revisions\/617"}],"wp:attachment":[{"href":"http:\/\/www.linux-tutorial.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}