http://www.ducea.com/2006/06/06/rotating-linux-log-files-part-2-logrotate/
logrotate is the default application used to rotate all other log files not handled by syslog itself (details on rotating system log files can be found inpart 1 of the article). It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.
logrotate是用于除了被syslog处理的其他日志文件转储的默认程序(关于转储系统日志文件的详情请看本文的part 1)。它允许为日志文件提供自动转储,压缩,移除和邮件通知服务。每个日志文件都可以按每日,每周,每月或者当文件变得太大时。
Normally, logrotate is run as a daily cron job. Let’s look into the script that was installed in /etc/cron.daily for this:
通常,logrotate是作为每日cron任务运行的。让我们安装在/etc/cron.daily的脚本:
cat /etc/cron.daily/logrotate
#!/bin/sh
test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf
Logrotate will look into /etc/logrotate.conf for its configuration directives.
logrotate会浏览/etc/logrotate.conf文件确定它的配置指令。
cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
# system-specific logs may be configured here
So we can see it defines some default parameters (weekly, rotate 4, create, compress) and includes all the files from/etc/logrotate.d/. Also it defines the rotation for some files that are not handled by syslog itself, likewtmp. For example, I would want to keep more than one month of old wtmp logs, then I would have to change the parameterrotate 1.
我们看到它定义了一些默认参数(每周,转储 4,创建,压缩),还有包含在etc/logrotate.d/目录中的所有文件。同时它还定义了对某些文件的转储,像wtmp,它们没有被syslog处理。举个例子,我想保留wtmp的旧日志多于一个月,那么我需要修改参数rotate 1。
Inside the /etc/logrotate.d/ various packages will install their own configuration file that will ensure their logs are properly rotate (on my fresh Debian install I have the following files:acpid apache2 aptitude base-config dpkg exim4-base). As long as you don’t change the paths to those logs the rotation will work out of the box. But in case you change them you might want to look inside this folder and make the proper adjustments to the log file definitions, to assure they will be rotated. For example, let’s look at the apache rotation file created here by the apache2 package:
在/etc/logrotate.d/目录中,各种包会把它们的配置文件安装到此,确保它们的日志能够被正确的转储(在我新的debian安装中,我有下列文件:acpid apache2 aptitude base-config dpkg exim4-base)。只要你不改变这些日志的路径,转储就可以使用。但是万一你改变了他们,就要到这个目录里面对日志文件定义做一些调整,确保他们可以被转储。例如,让我们看看apache2包所产生的apache转储文件:
cat /etc/logrotate.d/apache2
/var/log/apache2/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
if [ -f /var/run/apache2.pid ]; then
/etc/init.d/apache2 restart > /dev/null
fi
endscript
}
We can see that by default it will rotate apache logs found in/var/log/apache2/ that have the extension*.log, on a weekly basis and keep52 archives (about 1 year) of the old data. Once the rotation is completed it will restart the apache daemon. You can check logrotate manual page for all the available parameters, as they are self-explanatory. Now, if I would like to keep my own apache log files in a different location (/var/weblogs for example) and rotate them monthly then I will need to make the following changes:
我们看到默认情况下它会转储在/var/log/apache2/下面的*.log文件,即apache日志,每周一次,保留52个旧文件(一年)。一旦转储完成,它会重启apache daemon。你可以查看logrotate手册了解所有可用的参数,它们是自解释的。现在,如果我想保留我自己的apache日志文件到一个不同的地方(比如/var/weblogs),并按月转储。我需要做如下改动:
/var/weblogs/*.log {
monthly
...
Probably, I will also want to change the default hour when the daily cron is running to have it on midnight. Anyway this is just an example and you will most certainly configure this based on your needs.
很可能我也想改变每日cron运行的默认的时间到半夜。这只是个举例,你当然会根据你的需要来配置它。
Even though I didn’t intended with this article to describe what each configuration parameter of logrotate means (as you can easily find out yourself), but to show what is the logic and its functionality, I would like to add that while configuring and testing this you might find very useful the debug option:
虽然我不打算在这篇文章中讲解logrotate的各个配置参数的意思(你可以很容易找到),但为了展示其中的逻辑和功能,我还是加了debug选项,你会发现在配置和测试的时候,它很有用:
logrotate -d file
This will show you what it will do, without actually rotating anything, and this is most valuable while testing complex setups that you don’t want to ‘play’ with the logs to see if your configuration will work as you want it.
这样会告诉你它将会做什么,而无需真的转储任何东西,而且在测试复杂步骤的时候最有用,因为你不想对日志文件实际执行一下来看看它是否如你所想的一样工作。
Also logrotate -f file will force the rotation even if that would have normally not occurred (logrotate will only assume it need to run and rotate logs once per day).
logrotate -f file会强制转储操作,即使通常这个操作不该发生时(logrotate假定它需要执行,并每天转储一次)。
Note: as mentioned also in part 1, RedHat based systems (RHEL, Centos, Fedora, etc.) will also rotate by default the ‘system logs’ usinglogrotateand not syslog’s internal method as Debian systems. This is handled by default with the logrotate configuration file:
注解:就像在part 1所提到,基于RedHat的系统(RHEL, Centos,Fedora等)默认会用logrotate来转储系统日志而不是像debian系统用syslog。这个在logrotate配置文件中默认被这样处理:
1 2 3 4 5 | |
cat /var/run/syslogd.pid 2> /dev/null
1 2 3 | |
The sharedscripts parameter means that the postrotatescript will only be run once (after the old logs have been compressed), not once for each log which is rotated. So nothing special defined here, besides the log files that will be rotated, and it will use the defaults from/etc/logrotate.conf.
sharedscripts参数表示postrotate脚本只会运行一次(在旧日志被压缩以后),而不是在每一个日志被转储的时候都执行。所以除了从/etc/logrotate.conf取得默认参数对日志文件转储,这儿没有特别的定义。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
