[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Problems with logrotation



Hi fellows,

I have put together a small essay pointing some of the problems of Debian
logrotation scheme.

Let's start a discussion about it, and make Debian a bit better at this part
too.

Proposal about logrotation in Debian
------------------------------------

I have been in Linux system administration for about 3+ years, and saw several
logrotation approaches:

1) DIY (aka do it yourself) slackware (at least ancient versions) did not do 
	automatic logrotation, one had to set up custom crontab entries for
	rotation. While this approach is highly customizable <grin>, it 
	requires some (more than necessary) sysadmin work.

2) Debian style: the logrotation system of debian is like a DIY system, but
	the distribution automatically installs it. What I mean on DIY here,
	is that it works (tm), but for a distribution it is not general
	enough. See details later.

3) RedHat style (versions 4.x and later): RedHat has developed a GPLd program
	called logrotate, which centralizes log management. It has both a
	config file (/etc/logrotate.conf) and a directory where packages can
	drop logrotation info (/etc/logrotate.d) Logrotation is highly
	customizable and is maintained by the distribution.

Problems with Debian Style logrotation, and some solutions
----------------------------------------------------------

Each debian package which has logfiles, drops a file to one of /etc/cron.xxx,
which takes care about logrotation. I one wants to rotate a given file at
different intervals, he should move that file to a different cron.xxx 
directory. This file dropped to the cron dir is tagged as a config file.
Now if this given package is updated, dpkg will not find the moved file, and 
will happily install the new version distributed in the .deb file - and the
old one will still exist. Two cron scripts will try to rotate logfiles.

Another issue, syslogd. Logfiles created by syslogd are rotated also by a 
script, which uses syslogd-listfiles to find which files are to be rotated.
syslogd-listfiles has three catagories to list:

Without parameter: files that have *.* in their facility.level specification

--auth: files which contain auth.*

--news: files which contain news.*

--weekly: files to be rotated weekly

there's no way of specifying (other than modifying scripts) how given files
are to be rotated. 

The solution I used on several computers was to modify cron.d scripts to bypass
syslogd-listfiles, and create three files: syslog.daily, syslog.weekly && 
syslog.monthly, which all list logfiles that are to be rotated at given time
periods. This way I could control, how individual files are rotated. This is 
IMHO a bit more general, than it was originally, but again IMHO is not the real
solution. It was a quick hack, to make the system do what I wanted.

The Real Solution
-----------------

I think the best solution would be to move to logrotate, even if it was 
developed by/for RedHat. 

This is not an easy transition, since each package has to drop files to
/etc/logrotate.d/ instead of /etc/cron.xxx.

-- 
Bazsi
PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu

Attachment: pgpsp4uxAp2FI.pgp
Description: PGP signature


Reply to: