看板 Knuckles_note
作者 標題 [CentOS] 用 logrotate 做log檔管理
時間 2014年05月06日 Tue. AM 05:47:30
參考:
鳥哥的 Linux 私房菜 第十九章、認識與分析登錄檔
http://linux.vbird.org/linux_basic/0570syslog.php
使用環境: CentOS 6
系統用來記錄log檔的程式為 rsyslog
(CentOS 5 之前是 syslog)
設定檔在 /etc/rsyslog.conf
可以看到系統預設的log檔設定:
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
設定log檔的自動開新檔案與過期的自動刪除
預設的設定在 /etc/logrotate.conf
每個不同服務的設定分別存在資料夾 /etc/logrotate.d/ 裡面
/etc/logrotate.conf 預設的內容為
每個禮拜開新的log檔,將舊的log檔改名為 原檔名-日期
只保留4個舊的log檔,不啟用壓縮
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
# 只保留4個舊的log檔
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
weekly
# keep 4 weeks worth of backlogs
# 只保留4個舊的log檔
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
其他服務的設定,例如 httpd 的設定檔為 /etc/logrotate.d/httpd
/var/log/httpd/*log /home/*/log/*log{
missingok
notifempty
sharedscripts
delaycompress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}
設定 log檔的路徑為 /var/log/httpd/*log 以及 /home/*/log/missingok
notifempty
sharedscripts
delaycompress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}
其中 postrotate 與 endscript 之間的內容,代表執行完 logrotate 後要執行的script
例如這邊會執行一下 service httpd reload
如果要把 httpd 的log檔改成: 每天換一個檔,保留30個舊的檔案
就在{}裡面加上
daily
rotate 30
即可rotate 30
重新載入 rsyslog
$ service rsyslog reload
Ⓞ 檢查 logrotate 運作是否正常
使用 $ logrotate -vf /etc/logrotate/logrotate.conf
可強制執行 rotate 並顯示運作過程
--
※ 作者: Knuckles 時間: 2014-05-06 05:47:30
※ 編輯: Knuckles 時間: 2017-03-16 10:06:56
※ 看板: KnucklesNote 文章推薦值: 0 目前人氣: 0 累積人氣: 1198
回列表(←)
分享