|
Working example -- Manually |
|
Subject: Working example -- Manually
Author: AwsEC2
In response to: Logrotate configuration file
Posted on: 09/06/2012 08:12:58 PM
Let's demo the utility with an example.
Step 1) Log file before rotation The file which is about to be rotated is /home/ec2-user/example1.com/access_log which has the info as the following:
$ cd /home/ec2-user/example1.com
$ ls -l access_log
-rw-r--r-- 1 root root 173608 Sep 4 22:43 access_log
Step 2) Configuring how to rotate itIf you want to rotate the above log file for every 1KB, create the logrotate.conf as shown below.
$ vi my_logrotate.conf
/home/ec2-user/example1.com/access_log {
size 1k
create 644 root root
rotate 3
}
This logrotate configuration has following three options: size 1k logrotate runs only if the filesize is equal to (or greater than) this size. create rotate the original file and create the new file with specified permission, user and group. rotate limits the number of log file rotation. So, this would keep only the recent 3 rotated log files.
Step 3) Manually run the utility tool
$ sudo logrotate my_logrotate.conf
Step 4) Log files after rotation After the logrotation, following is the size of access_log
$ ls -l access_log*
-rw-r--r-- 1 root root 0 Sep 7 00:04 access_log
-rw-r--r-- 1 root root 173608 Sep 4 22:43 access_log.1
Note: After rotation, the running instance, Apache httpd, is holding the file descriptor pointing to access_log.1, rather than access_log. This can be verified by witnessing the growth of access_log.1. That's why you have to restart your instance after rotation for most cases. The alternative is to use copytruncate rather than create.
$ vi my_logrotate.conf
/home/ec2-user/example1.com/access_log {
size 1k
# create 644 root root
copytruncate
rotate 3
}
>
> On 09/06/2012 02:13:52 AM AwsEC2 wrote:
A simple configuration file looks like this:
# sample logrotate configuration file compress
/var/log/messages {
rotate 5
weekly
postrotate
/sbin/killall -HUP syslogd
endscript
}
"/var/log/httpd/access.log" /var/log/httpd/error.log {
rotate 5
mail www@my.org
size=100k
sharedscripts
postrotate
/sbin/killall -HUP httpd
endscript
}
/var/log/news/news.crit {
monthly
rotate 2
olddir /var/log/news/old
missingok
postrotate
kill -HUP cat /var/run/inn.pid
endscript
nocompress
}
The first section of the config files defined how to handle the log file /var/log/messages. The log will go through five weekly rotations before being removed. After the log file has been rotated (but before the old version of the log has been compressed), the command /sbin/killall -HUP syslogd will be executed.
The next section defines the parameters for both /var/log/httpd/access.log and /var/log/httpd/error.log. They are rotated whenever is grows over 100k is size, and the old logs files are mailed (uncompressed) to www@my.org after going through 5 rotations, rather then being removed. The sharedscripts means that the postrotate script will only be run once(after the old logs have been compressed), not once for each log which is rotated. Note that the double quotes around the first filename at the beginning of this section allows logrotate to rotate logs with spaces in the name. Normal shell quoting rules apply, with , ", and \ characters supported.
The last section defines the parameters for all of the files in /var/log/news. Each file is rotated on a monthly basis. This is considered a single rotation directive and if errors occur for more then one file, the log files are not compressed.
Please use wildcards with caution. If you specify *, logrotate will rotate all files, including previously rotated ones. A way around this is to use the olddir directive or a more exact wildcard (such as *.log).
References:
|
|
|
|