Rotating log using logadm

logadm is a general log rotation tool that is suitable for running from cron.

Without arguments, logadm reads the /etc/logadm.conf file, and for every entry found in that file checks the corresponding log file to see if it should be rotated. Typically this check is done each morning by an entry in the root’s crontab.

Examples,

1 Rotating a File and Keeping Previous Versios -The following example rotates the /var/adm/exacct/proc file, keeping ten previous versions in /var/adm/exacct/proc.0 through /var/adm/exacct/proc.9.

% logadm -c /var/adm/exacct/proc

2 Rotating syslog – The following example rotates syslog and keeps eight log files. Old log files are put in the directory /var/oldlogs instead of /var/log:

% logadm -C8 -t’/var/oldlogs/syslog.$n’ /var/log/syslo

3 Rotating /var/adm/sulog and Expiring Based on Age – The following entry in the /etc/logadm.conf file rotates the /var/adm/sulog file and expires any copies older than 30 days.

/var/adm/sulog -A 30d

4 Rotating Files and Expiring Based on Disk Usage -The following entry in the /etc/logadm.conf file rotates the /var/adm/sulog file and expires old log files when more than 100 megabytes are used by the sum of all the rotated log files.

/var/adm/sulog -S 100m

5 Creating an Entry that Stores the Logfile Name – This example creates an entry storing the log file name and the fact that we want to keep 20 copies in /etc/logadm.conf, but the -p never means the entry is ignored by the normal logadm run from root’s crontab every morning.

% logadm -w locallog /usr/local/logfile -C20 -p never

Use the following entry on the command line to override the -p never option:

% logadm -p now locallog

6 Rotating the apache Error and Access Logs – The following example rotates the apache error and access logs monthly to filenames based on current year and month. It keeps the 24 most recent copies and tells apache to restart after renaming the logs.

This command is run once, and since the -w option is specified, an entry is made in /etc/logadm.conf so the apache logs are rotated from now on.

% logadm -w apache -p 1m -C 24\
-t ‘/var/apache/old-logs/$basename.%Y-%m’\
-a ‘/usr/apache/bin/apachectl graceful’\
‘/var/apache/logs/*{access,error}_log’

This example also illustrates that the entry name supplied with the -w option doesn’t have to match the log file name. In this example, the entry name is apache and once the line has been run, the entry in /etc/logadm.conf can be forced to run by executing the following command:

% logadm -p now apache

Because the expression matching the apache log file names was enclosed in quotes, the expression is stored in /etc/logadm.conf, rather than the list of files that it expands to. This means that each time logadm runs from cron it expands that expression and checks all the log files in the resulting list to see if they need rotating.

The following command is an example without the quotes around the log name expression. The shell expands the last argument into a list of log files that exist at the time the command is entered, and writes an entry to /etc/logadm.conf that rotates the files.

logadm -w apache /var/apache/logs/*_log

The following example shows how to add an entry to rotate and compress the IP filter logfiles once per week:

$ logadm -w /var/log/ipflog -C 8 -P ‘Fri Jul 14 23:05:38 2006’ \
-a ‘/usr/sbin/svcadm refresh system-log’ -g root -m 644 \
-o root -p 7d -z 0

This example has several interesting options. The first parameter contains the logfile to rotate, the “-C” option indicates how many copies to keep, the “-a” option lists a command to run after the file is rotated, the “-g,” “-o” and “-m” options indicate the user, group and permissions to apply to the logfiles, the “-p” option indicates how often to rotate the file, and the “-z” option can be used to compress logfiles after they are rotated.

Advertisements

One Response to “Rotating log using logadm”

  1. Gaurav Says:

    Hi,

    Is there a way where the log rotation happens on 1st of every month only and the log file should be moved to abc.log.%Y-%m, where m is the last month and not the current month.

    Regards,
    Gaurav

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: