For Linux system security, log files are extremely important tools. System administrators can use the Logrotate program to manage the latest events in the system. Logrotate can also be used to back up the log file. This article will introduce the management of the log files through the following sections: 1, logrotate configuration 2, default configuration 0, read other configuration files 4 using the include option, override the default Configuration 5, configure dump parameters for the specified file, logrotate configuration logrotate program is a log file management tool. Used to delete the old log file, and create a new log file, we call it "dump". We can dump depending on the size of the log file, which can be dumped according to the number of days, which is generally performed by the CRON program. The logrotate program can also be used to compress log files, as well as send logs to specified e-mail. Logrotate's configuration file is /etc/logrotate.conf. The main parameters are as follows: Parameter Function Compress The log NOCOMPRESS after the Gzip compression dump does not need to be compressed, with this parameter copytruncate is used to open the log file in the open, back up the current log, and truncate the NocopyTruncate backup log file but do not truncade CREATE Mode Owner Group dump file, create a new log file using the specified file mode Nocreate does not create new log files DELAYCOMPRESS and COMPRESS, the dump log file is compressed when the DELAYCOMPRESS overwrites the DELAYCOMPRESS option, turn Reserve simultaneously. ERRORS Address is stored for error messages to the specified email address ifmpty even if the empty file is also dump, this is the default option for logrotate. NotifeMpty If it is empty file, do not dump Mail Address sends the dump log file to the specified E-mail address nomail dump, the log file is not sent to the log files after the log files after dump, must be put into the specified directory, must be The current log file is in the same file system NOIDDIR dump log file and the current log file placed in the same directory. PREROTATE / EndScript You can put it in this pair before dump, these two keywords must be a row PostRotate / EndScript You need to execute in the dump, these two keywords must be used separately to specify the dump cycle for the weekly Weekly specified dump cycle for weekly Monthly specified dump cycles for monthly Rotate Count Specifies the number of times before the log file is deleted, 0 means no backup, 5 finger 5 backup Tabootext [ ] list Let LOGROTATE does not dedup the specified extension file, the default extension is: .rpm-orig,. RPMSAVE, V, and ~ SIZE SIZE When the log file reaches the specified size, SIZE can specify Bytes and KB (Sizek) or MB (SIZEM). Second, the default configuration logrotatelogrotate default configuration ? /Etc/logrotate.conf.
Red Hat linux file contents default installation is: # see "man logrotate" for details # rotate log files weeklyweekly # keep 4 weeks worth of backlogsrotate 4 # send errors to rooterrors root # create new (empty) log files after rotating old onescreate # uncomment this if you want your log files compressed # compress1 # RPM packages drop log rotation information into this directoryinclude /etc/logrotate.d# no packages own lastlog or wtmp --we'll rotate them here / var / log / wtmp {monthlycreate 0664 Root Utmprotate 1} / var / log / LastLog {MONTHLYROTATE 1} # system-specific logs may be configured Here The default configuration is typically at the beginning of the logrotate.conf file, affecting the entire system. In this example, it is 12 lines. Third line weekly specifies all log files to be dump once a week. The fifth line of Rotate 4 specifies 4 copies of the reservation of the dump file. Seventh-line error ROOT specifies the error message to ROOT. The ninth line of CREATE specifies that logrotate automatically creates a new log file, the new log file has the same permissions as the original file. Chapter 11 #compress Specifies the non-compressed dump file, if you need to be compressed, you can go out. Third, read the additional configuration files using the include option to allow the system administrator to disperse to several files dump information, focus on a major profile. When logrotate reads the include option from logrotate.conf, you read the configuration information from the specified file, it is as if they already in /etc/logrotate.conf. Chapter 13 Include /etc/logrotate.d tells LOGROTATE to read the log dump parameters stored in the /etc/logrotate.d directory, and use the include option when the RPM package is installed in the system. The log dump parameter of the RPM package is typically stored in the /etc/logrotate.d directory. The include option is important, and some applications store the log dump parameters in /etc/logrotate.d. Typical applications include Apache, LinuxConf, Samba, Cron, and Syslog. In this way, the system administrator can manage a /etc/logrotate.conf file.
Fourth, using the include option to override the default configuration When the /etc/logrotate.conf reads the file, the dump parameters in the file specified by the include the default parameters, such as the following example: # Linuxconf parameter / var / log / htmlaccess .log {errors jimnotifemptynocompressweeklyprerotate / usr / bin / chattr -a /var/log/htmlaccess.logendscriptpostrotate/usr/bin/chattr a /var/log/htmlaccess.logendscript} /var/log/netconf.log {nocompressmonthly} in In this example, when the /etc/logrotate.d/linuxconf file is read, the following parameters will overwrite the default parameters in /etc/logrotate.conf. NotifeMptyerRORS JIM 5. Configuring dump parameters for the specified files often needs to configure parameters for specified files, a common example is the monthly dump / var / log / wtmp. The parameter format used for a specific file is: # 注释 / full / path / to / file {option (s)} The following example is the monthly dump / var / log / wtmp once: #use logrotate to rotate WTMP / VAR / log / wtmp {MONTHLYROTATE 1} 6, other issues that need to be paid 1 2. Using the prerotate and postrotate options, the example below is a typical script /etc/logrotate.d/syslog, this script is just valid for / var / log / messages. / var / log / messages {prerotate / usr / bin / chattriptpostrotate / usr / bin / kill -hup syslogd / usr / bin / chattr a / var / log / messagesendscript} first line specified Script pair / var / log message effect flower ê Oh, reading a Kangmu malaria 诵? / Var / log / messagesprerotate command specifies the previous action / usr / bin / chattr -a remove / var / log / messages file "Just add" attribute ENDScript ends the foot PREROTATE section Script Postrotate specifies the dump of the dump / usr / bin / killall -hup syslogd used to reinitialize the system log daemon syslogd / usr / bin / chattr a / var / log / messages Re-use the "only" attribute to the / var / log / messages file, so that the control programmer or user overwrite this file. The last endscript is used to end the script 3 of the Postropate section. Run logrotate. # / etc / cron.daily / logrotate #! / bin / sh / usr / sbin / logrotate /etc/logrotate.conf4 ,/var/log/messages can't be generated: This situation is rare, but if you put This file cannot be generated if the 514 / UDP port in / etc / services is turned off. Summary: This article describes the application method of the Logrotate program in detail by introducing the typical logrotate configuration example on the Red Hat system. I hope to help all Linux system administrators.
