Tools Index

1. Logrotate

Logrotate allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. I have used Mikhail Kolesnik from openbunker, use syslog-ng as example how to create package from now on.

        $ sudo prt-get depinst logrotate
        $ sudo vim /etc/logrotate.conf
        
        IMPORTANTE

        Preciso por o logrotate a comprimir apenas depois do
        segundo ciclo para o samhain ficar feliz.

        Thus log rotation will be handled gracefully as long
            as the inode is kept (i.e. the old file is moved rather than copied)
            and the first rotated file is not compressed (the logrotate tool can
            be told to compress only after the second cycle, and on Debian this
            seems to be standard anyway).
        

This is just an example configuration, review to match syslog-ng and other tools that write logs

        # see "man logrotate" for details
        # rotate log files weekly
        weekly

        # keep 4 weeks worth of backlogs
        rotate 4

        # create new (empty) log files after rotating old ones
        create

        # uncomment this if you want your log files compressed
        #compress

        olddir /var/log/old
        maxsize 1M

        # some packages can drop log rotation information into 
        # this directory
        include /etc/logrotate.d

        # few generic files to rotate
        /var/log/wtmp {
            monthly
            create 0644 root root
            rotate 1
        }

        /var/log/btmp {
            monthly
            create 0600 root root
            rotate 1
        }

        # system-specific logs may be also be configured here.
        /var/log/auth {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/sudo {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/cron {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/daemon {
           rotate 7
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/debug {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/error {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/iptables {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/kernel {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/lpr {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/mail.err {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/mail.info {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/mail {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/mail.warn {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/messages {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }


        /var/log/user {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/uucp {
           missingok
           notifempty
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/syslog-ng {
           rotate 7
           daily
           compress
           delaycompress
           sharedscripts
           postrotate
              /etc/init.d/syslog-ng reload
           endscript
        }

        /var/log/dnsmasq {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/pgsql {
            # create new (empty) log files after rotating old ones
            create 0644 root root
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            notifempty
            maxsize 5M
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/git-daemon {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/gitolite {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/php-fpm {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/php {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/nginx_access {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/nginx_error {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/nginx/tribu_error.log {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            olddir /var/log/old/nginx
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }

        /var/log/nginx/tribu_access.log {
            # uncomment this if you want your log files compressed
            delaycompress
            compress
            olddir /var/log/old/nginx
            postrotate
                /etc/rc.d/syslog-ng reload >/dev/null
            endscript
        }
        

To force logrotate to test configuration;

        # logrotate -f /etc/logrotate.conf
        

This is part of the LeetIO System Documentation. Copyright (C) 2021 LeetIO Team. See the file Gnu Free Documentation License for copying conditions.