Log Rotate

From DISI
Jump to navigation Jump to search

Introduction

Log Rotation is an automated process used in system administration in which log files are compressed, moved, renamed or deleted once they are too old or too big. New incoming log data is directed into a new fresh file.

Installation

yum update && yum install logrotate

Configuration

  1. Edit the httpd log rotate conf file.
    • vim /etc/logrotate.d/httpd
  2. Delete all default lines and replace with these lines
    • /var/log/httpd/*log {
              monthly
              rotate 3
              size=10M
              compress
              missingok
              notifempty
      	dateext
      	dateformat -%m%d%Y
      	sharedscripts
      	postrotate
      		/root/scp_logs.sh
              	/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
      	endscript
      }
      
      /var/log/httpd/*/*log {
              monthly
      	rotate 3
      	size=10M
      	compress
      	missingok
      	notifempty
      	dateext
              dateformat -%m%d%Y
      	sharedscripts
      	postrotate
      		/root/scp_logs.sh
      		/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
          	endscript
      }
  3. Save the file
  4. You can manually run log rotate by doing
    • logrotate /etc/logrotate.d/httpd

Log Rotate Options Descriptions

  • monthly - runs log rotate monthly
  • rotate # - rotates between specified number of logs and if it passes the number, the extra gets deleted
  • size=# - Log files are rotated only if they grow bigger then size bytes. If size is followed by k, the size is assumed to be in kilobytes. If the M is used, the size is in megabytes, and if G is used, the size is in gigabytes.
  • compress - all logs that are rotated gets compressed
  • missingok - if log file is missing then continues without issue
  • notifempty - don't rotate log if file is empty
  • dateext - use date format to name files
  • dateformat - decides the order of where day, month, and year goes
  • sharedscripts - prerotate/postrotate scripts are only ran once instead of each log
  • postrotate - you can do custom commands after log rotate happens

Rsync Script (via sh)

#!/bin/sh

logs="/var/log/httpd/*/*.gz"
logs1="/var/log/httpd/*.gz"
remove="/var/log/httpd/"

for i in $logs
do
        name=$(printf '%s\n' "${i//$remove/}" | sed -r 's/[/]+/_/g')
        rsync -rltgoDv $i /nfs/exh/archived_logs/<hostname>_$name
done

for i in $logs1
do
	name=$(printf '%s\n' "${i//$remove/}" | sed -r 's/[/]+/_/g')
        rsync -rltgoDv $i /nfs/exh/archived_logs/<hostname>_$name
done