This is a powerful BASH script to archive/rotate system logs. It
have almost all features of RedHat, SuSE and Debian logrotate,
adding many other.
It's very easy to use and understand.
Using Meta Variables and another rotation algorithm
it is possible to rotate
logs in a way that a file rotated once is never touched again
before its deletion, making log rotation much more compatible
with host-based intrusion detection schemes like
aide.
This is my crontab line to use it:
00 22 * * * /usr/sbin/rottlogClick here if you like to know a little history of this software.
What can do it |
These are three little samples of what GNU Rot[t]Log can do.
Words beginning by '@' are special Meta Variables used
to create dynamic fields like file and directory names to use.
/usr/local/squid/logs/* { # Action between firstaction and endaction tags will be performed # before all logfiles are rotated/archived firstaction mt -f /dev/nst0 eom endaction # Define a temporary storedir storedir @TMPDIR # Define filename of logs to be archived storefile @FILENAME.@WEEK@YEAR # Don't archive file if it's empty notifempty # After each log file is rotated following commands will be executed postrotate star -cv -f /dev/nst0 @TMPDIR/@FILENAME.@WEEK@YEAR endscript # Action between lastaction and endaction tags will be performed after # all logfiles has been rotated/archived lastaction mt -f /dev/nst0 offline endaction }
/usr/local/apache/logs/* { # Action between firstaction and endaction tags will be performed # before all logfiles are rotated/archived firstaction mount fserver.local.net:/LogArchive /mnt/LogVol endaction # Define a destination directory available only after firstaction # is performed storedir /mnt/LogVol/@YEAR/@MONTH/@BASENAME # Permissions about newly created dir createdir 0640 root loggers # Don't archive an empty logfile notifempty # After each log file is rotated following commands will be executed postrotate /usr/local/apache/bin/apachectl restart if [ $? -ne 0 ]; then /usr/local/bin/my-error-script.sh fi endscript # Action between lastaction and endaction tags will be performed after # all logfiles has been rotated/archived lastaction umount /mnt/LogVol endaction }
/hosts/domain1.com/log/access_log,/hosts/domain1.com/log/error_log,\ /hosts/domain2.com/log/access_log,/hosts/domain2.com/log/error_log,\ /hosts/domain3.com/log/access_log,/hosts/domain3.com/log/error_log,\ /hosts/domain4.com/log/access_log,/hosts/domain4.com/log/error_log,\ /hosts/domain5.com/log/access_log,/hosts/domain5.com/log/error_log { # @1 stays for: first token in path parsing # @2 stays for: second token in path parsing storedir @1/@2/log/@MONTH-@YEAR # Create new directories if not yet existant with specified # permissions, owner and group createdir 0644 apache apache # Defines archived filenames storefile @BASENAME.@DAY.gz # Create new 0-size logfiles in place of archived with specified # permissions, owner and group create 0644 apache apache # Force archiving of logfiles: # 1 - Monday, wednesday, friday and sunday if actual month is not # between july and august # 2 - Wednesday and saturday if actual month is between july and # august period !jul-aug mon+wed+fri+sun, jul-aug wed+sat # Handle this file even if it is empty ifempty # Don't mail to administrator report for each log file handled nomail }
Related links |
Re-validate this page |