[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

logrotation

Hi,

I have posted a logrotation proposal on -devel which I copy here too (with 
some slight modifications), so that the required policy modifications can be
made.

In the meanwhile logrotate has been packaged and uploaded.

The section 4.8. should be modified, for example the following way:

4.8. Log files
--------------

     Log files should usually be named `/var/log/<package>.log'. If you
     have many log files, or need a separate directory for permissions
     reasons (`/var/log' is writable only by `root'), you should usually
     create a directory named `/var/log/<package>'.

     Make sure that any log files are rotated occasionally so that they
     don't grow indefinitely; the best way to do this is to drop a script
     into /etc/logrotate.d and use the facilities provided by logrotate.
     
     Here is a good example for a logrotate config file (for more
     information see logrotate(8)):

	/var/log/apache/* {
		rotate 12
		weekly
		compress
		postrotate
			kill -HUP `cat /var/run/apache.pid`
		endscript
	}

     Which rotates all files under /var/log/apache, saves 12 compressed
     generations, and sends a HUP signal at the end of rotation.

     Make sure that any log files are removed when the package is purged
     (but not when it is only removed), by checking the argument to the
     `postrm' script (see the _Debian Packaging Manual_ for details).



----------------------------------------------------------------------------

Proposal about logrotation in Debian
------------------------------------

I have been in Linux system administration for about 3+ years, and saw several
logrotation approaches:

1) DIY (aka do it yourself) slackware (at least ancient versions) did not do 
	automatic logrotation, one had to set up custom crontab entries for
	rotation. While this approach is highly customizable <grin>, it 
	requires some (more than necessary) sysadmin work.

2) Debian style: the logrotation system of debian is like a DIY system, but the
	distribution automatically installs it. What I mean on DIY here, is 
	that when a sysadm sets up logrotation, he sees his own purposes only,
	and what he does, works for him (tm), but for a distribution it is not
	general enough. See details later.

3) RedHat style (versions 4.x and later): RedHat has developed a GPLd program
	called logrotate, which centralizes log management. It has both a
	config file (/etc/logrotate.conf) and a directory where packages can
	drop logrotation info (/etc/logrotate.d) Logrotation is highly
	customizable and is maintained by the distribution.

Problems with Debian Style logrotation, and some solutions
----------------------------------------------------------

Each debian package which has logfiles, drops a file to one of /etc/cron.xxx,
which takes care about logrotation. If one wants to rotate a given file at
different intervals, he should move that file to a different cron.xxx 
directory. 

Another issue, syslogd. Logfiles created by syslogd are rotated also by a 
script, which uses syslogd-listfiles to find which files are to be rotated.
syslogd-listfiles has three catagories to list:

Without parameter: files that have *.* in their facility.level specification

--auth: files which contain auth.*

--news: files which contain news.*

--weekly: files to be rotated weekly

there's no way of specifying (other than modifying scripts) which files belong 
to which categories.

The solution I used on several computers was to modify cron.d scripts to bypass
syslogd-listfiles, and create three files: syslog.daily, syslog.weekly && 
syslog.monthly, which all list logfiles that are to be rotated at given time
periods. This way I could control how individual files are rotated. This is 
IMHO a bit more general, than it was originally, but again IMHO is not the real
solution. It was a quick hack, to make the system do what I wanted.

The Real Solution
-----------------

Logrotate developed for RedHat originally keeps logrotation info in a central
config file (/etc/logrotate.conf), and a directory (/etc/logrotate.d), where 
packages can drop additional rotation info. One can specify the time period
a given file is rotated, whether it is to be compressed or not, and the script 
to run when the file is rotated. (e.g. send a HUP signal to it).

It is the best solution I have seen so far, so I suggest moving to logrotate. 
This is not an easy transition, since each package has to drop files to
/etc/logrotate.d/ instead of /etc/cron.xxx.

This requires some policy changes, so all packages move to this new scheme.
And that's why I post this here.

-- 
Bazsi
PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu

Attachment: pgpSeTMvmAcp5.pgp
Description: PGP signature

Reply to: