brittonv
asked on
Different Logrotate settings for different Log files in Linux
Greetings,
I have just started using syslog on my Linux Server to monitor my Cisco Firewall. I have configured syslog to log to its own file, but as my firewall has a lot of traffic, the size of the log file is growing very rapidly. Not only that, for organizational and other reasons, I'd like to have a separate file for every day.
Is there a way to set logrotate, or some other mechanism, to create a new file every day for my firewall log, but to leave my existing log files at a week?
I checked the man page for logrotate, but it appears to be out of date, or at least it doesnt represent the /etc/logrotate.d/* configuration. I assumed I could add a /etc/logrotate.d/ciscofw entry, but since I am logging with syslog, and I dont want to change /var/log/messages, I didnt know if that would work&.
Any ideas?
If relevant here is my current /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
And here is the output from my /etc/logrotate.d/syslog
/var/log/cisco/* /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
I have just started using syslog on my Linux Server to monitor my Cisco Firewall. I have configured syslog to log to its own file, but as my firewall has a lot of traffic, the size of the log file is growing very rapidly. Not only that, for organizational and other reasons, I'd like to have a separate file for every day.
Is there a way to set logrotate, or some other mechanism, to create a new file every day for my firewall log, but to leave my existing log files at a week?
I checked the man page for logrotate, but it appears to be out of date, or at least it doesnt represent the /etc/logrotate.d/* configuration. I assumed I could add a /etc/logrotate.d/ciscofw entry, but since I am logging with syslog, and I dont want to change /var/log/messages, I didnt know if that would work&.
Any ideas?
If relevant here is my current /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
And here is the output from my /etc/logrotate.d/syslog
/var/log/cisco/* /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I forgot one thing... you create the script as above then save it with whatever filename you want, as long as the file is stored in /etc/logrotate.d, Logrotate will attempt to take the actions inside the script file. For example, my script is svaed as /etc/logrotate.d/fwlogs, no need to add a crontab entry or anything else.
ASKER
Awesome, thanks that is just what I wanted to here.
Additionaly is there a way for the filename to be the date of the log, instead of just 1.2.3.....
Also running killall -HUP syslog won't affect my 'normal' /var/log/messages syslog right?
Additionaly is there a way for the filename to be the date of the log, instead of just 1.2.3.....
Also running killall -HUP syslog won't affect my 'normal' /var/log/messages syslog right?
There is but I think you'd have to script it in a shell script... I'm not certain logrotate does date appending for you. And you are correct, all 'killall -HUP syslog' does is ensure syslog doesn't hang when the log files are rotated, it won't interfere with other logging whatsoever.
You can literally cut mine and use it if you save your files in /var/log/cisco and with a .log extension.