We help IT Professionals succeed at work.

Different Logrotate settings for different Log files in Linux

brittonv
brittonv asked
on
960 Views
Last Modified: 2013-12-16
Greetings,

I have just started using syslog on my Linux Server to monitor my Cisco Firewall.  I have configured syslog to log to its own file, but as my firewall has a lot of traffic, the size of the log file is growing very rapidly.  Not only that, for organizational and other reasons, I'd like to have a separate file for every day.

Is there a way to set logrotate, or some other mechanism,  to create a new file every day for my firewall log, but to leave my existing log files at a week?

I checked the man page for logrotate, but it appears to be out of date, or at least it doesnt represent the /etc/logrotate.d/* configuration.  I assumed I could add a /etc/logrotate.d/ciscofw entry, but since I am logging with syslog, and I dont want to change /var/log/messages, I didnt know if that would work&.
Any ideas?


If relevant here is my current /etc/logrotate.conf
     # see "man logrotate" for details
     # rotate log files weekly
     weekly
     # keep 4 weeks worth of backlogs
     rotate 4
     # create new (empty) log files after rotating old ones
     create
     # uncomment this if you want your log files compressed
     #compress
     # RPM packages drop log rotation information into this directory
     include /etc/logrotate.d
     # no packages own wtmp -- we'll rotate them here
     /var/log/wtmp {
         monthly
         create 0664 root utmp
         rotate 1
     }

And here is the output from my /etc/logrotate.d/syslog
     /var/log/cisco/* /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
         sharedscripts
         postrotate
             /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
         endscript
     }
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Ignore the comments about 'monthyl' and keeping one year of logs - I modified my script to match what you said you wanted.  :)

You can literally cut mine and use it if you save your files in /var/log/cisco and with a .log extension.
I forgot one thing... you create the script as above then save it with whatever filename you want, as long as the file is stored in /etc/logrotate.d, Logrotate will attempt to take the actions inside the script file. For example, my script is svaed as /etc/logrotate.d/fwlogs, no need to add a crontab entry or anything else.

Author

Commented:
Awesome, thanks that is just what I wanted to here.

Additionaly is there a way for the filename to be the date of the log, instead of just 1.2.3.....

Also running killall -HUP syslog won't affect my 'normal' /var/log/messages syslog right?
There is but I think you'd have to script it in a shell script... I'm not certain logrotate does date appending for you. And you are correct, all 'killall -HUP syslog' does is ensure syslog doesn't hang when the log files are rotated, it won't interfere with other logging whatsoever.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.