GNU Rot[t]Log
a more powerful substitute for logrotate

This is a powerful BASH script to archive/rotate system logs. It have almost all features of RedHat, SuSE and Debian logrotate, adding many other.
It's very easy to use and understand. Using Meta Variables and another rotation algorithm it is possible to rotate logs in a way that a file rotated once is never touched again before its deletion, making log rotation much more compatible with host-based intrusion detection schemes like aide.
This is my crontab line to use it: 

00 22 * * * /usr/sbin/rottlog
Click here if you like to know a little history of this software.

What can do it

These are three little samples of what GNU Rot[t]Log can do.
Words beginning by '@' are special Meta Variables used to create dynamic fields like file and directory names to use.

  1. Store all logfiles in dir /usr/local/squid/logs onto a tape 
    /usr/local/squid/logs/* {
  # Action between firstaction and endaction tags will be performed
  # before all logfiles are rotated/archived
  firstaction
    mt -f /dev/nst0 eom
  endaction

  # Define a temporary storedir
  storedir @TMPDIR

  # Define filename of logs to be archived
  storefile @FILENAME.@WEEK@YEAR

  # Don't archive file if it's empty
  notifempty

  # After each log file is rotated following commands will be executed
  postrotate
    star -cv -f /dev/nst0 @TMPDIR/@FILENAME.@WEEK@YEAR
  endscript

  # Action between lastaction and endaction tags will be performed after
  # all logfiles has been rotated/archived
  lastaction
    mt -f /dev/nst0 offline
  endaction
}
  2. Store all logfiles in local dir /usr/local/apache/logs on a remote volume, mounted on the fly with nfs. 
    /usr/local/apache/logs/* {
  # Action between firstaction and endaction tags will be performed 
  # before all logfiles are rotated/archived
  firstaction
    mount fserver.local.net:/LogArchive /mnt/LogVol
  endaction

  # Define a destination directory available only after firstaction 
  # is performed
  storedir /mnt/LogVol/@YEAR/@MONTH/@BASENAME

  # Permissions about newly created dir
  createdir 0640 root loggers
 
  # Don't archive an empty logfile
  notifempty

  # After each log file is rotated following commands will be executed 
  postrotate
    /usr/local/apache/bin/apachectl restart
    if [ $? -ne 0 ]; then 
      /usr/local/bin/my-error-script.sh
    fi
  endscript

  # Action between lastaction and endaction tags will be performed after
  # all logfiles has been rotated/archived
  lastaction
    umount /mnt/LogVol
  endaction
}
  3. Store apache logs from many virtual hosts each odd days if it is not summer, otherwise it will store logs only wednesday and saturday 
    /hosts/domain1.com/log/access_log,/hosts/domain1.com/log/error_log,\
/hosts/domain2.com/log/access_log,/hosts/domain2.com/log/error_log,\
/hosts/domain3.com/log/access_log,/hosts/domain3.com/log/error_log,\
/hosts/domain4.com/log/access_log,/hosts/domain4.com/log/error_log,\
/hosts/domain5.com/log/access_log,/hosts/domain5.com/log/error_log {
  # @1 stays for: first token in path parsing
  # @2 stays for: second token in path parsing 
  storedir @1/@2/log/@MONTH-@YEAR

  # Create new directories if not yet existant with specified 
  # permissions, owner and group
  createdir 0644 apache apache

  # Defines archived filenames 
  storefile @BASENAME.@DAY.gz

  # Create new 0-size logfiles in place of archived with specified
  # permissions, owner and group
  create 0644 apache apache

  # Force archiving of logfiles:
  # 1 - Monday, wednesday, friday and sunday if actual month is not 
  #     between july and august
  # 2 - Wednesday and saturday if actual month is between july and 
  #     august
  period !jul-aug mon+wed+fri+sun, jul-aug wed+sat 

  # Handle this file even if it is empty
  ifempty

  # Don't mail to administrator report for each log file handled
  nomail
}

Related links

Stefano Falsetto




Valid HTML 4.01! Valid CSS!
Re-validate this page
Last modified: Fri Sep 20 11:15:24 CEST 2002