Link to home
Start Free TrialLog in
Avatar of brittonv
brittonvFlag for United States of America

asked on

Different Logrotate settings for different Log files in Linux

Greetings,

I have just started using syslog on my Linux Server to monitor my Cisco Firewall.  I have configured syslog to log to its own file, but as my firewall has a lot of traffic, the size of the log file is growing very rapidly.  Not only that, for organizational and other reasons, I'd like to have a separate file for every day.

Is there a way to set logrotate, or some other mechanism,  to create a new file every day for my firewall log, but to leave my existing log files at a week?

I checked the man page for logrotate, but it appears to be out of date, or at least it doesnt represent the /etc/logrotate.d/* configuration.  I assumed I could add a /etc/logrotate.d/ciscofw entry, but since I am logging with syslog, and I dont want to change /var/log/messages, I didnt know if that would work&.
Any ideas?


If relevant here is my current /etc/logrotate.conf
     # see "man logrotate" for details
     # rotate log files weekly
     weekly
     # keep 4 weeks worth of backlogs
     rotate 4
     # create new (empty) log files after rotating old ones
     create
     # uncomment this if you want your log files compressed
     #compress
     # RPM packages drop log rotation information into this directory
     include /etc/logrotate.d
     # no packages own wtmp -- we'll rotate them here
     /var/log/wtmp {
         monthly
         create 0664 root utmp
         rotate 1
     }

And here is the output from my /etc/logrotate.d/syslog
     /var/log/cisco/* /var/log/messages /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
         sharedscripts
         postrotate
             /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
         endscript
     }
ASKER CERTIFIED SOLUTION
Avatar of stsonline
stsonline
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of stsonline
stsonline
Flag of United States of America image
Ignore the comments about 'monthyl' and keeping one year of logs - I modified my script to match what you said you wanted.  :)

You can literally cut mine and use it if you save your files in /var/log/cisco and with a .log extension.
Avatar of stsonline
stsonline
Flag of United States of America image
I forgot one thing... you create the script as above then save it with whatever filename you want, as long as the file is stored in /etc/logrotate.d, Logrotate will attempt to take the actions inside the script file. For example, my script is svaed as /etc/logrotate.d/fwlogs, no need to add a crontab entry or anything else.
Avatar of brittonv
brittonv
Flag of United States of America image

ASKER

Awesome, thanks that is just what I wanted to here.

Additionaly is there a way for the filename to be the date of the log, instead of just 1.2.3.....

Also running killall -HUP syslog won't affect my 'normal' /var/log/messages syslog right?
Avatar of stsonline
stsonline
Flag of United States of America image
There is but I think you'd have to script it in a shell script... I'm not certain logrotate does date appending for you. And you are correct, all 'killall -HUP syslog' does is ensure syslog doesn't hang when the log files are rotated, it won't interfere with other logging whatsoever.