rsyslog Configurations lufy June 02, 2018 <p>How to configure rsyslog</p> <p>Some records of resent works. The point is to test <strong>rsyslog's file size limit and log format</strong>.</p> <p>1. Create log format:</p> <p>Next is to add a new template about system logs.</p> <p><span style="font-family: 'courier new', courier;">$ vim /etc/rsyslog.d/test.log</span></p> <p><span style="font-family: 'courier new', courier;"># Define template test_format</span></p> <p><span style="font-family: 'courier new', courier;">$template test_format, "%$year% %msg%\n"</span></p> <p><span style="font-family: 'courier new', courier;"># Apply test_format on test.log.</span></p> <p><span style="font-family: 'courier new', courier;">local3.* /var/log/test.log;test_format</span></p> <p><span style="font-family: terminal, monaco;">2. Create log rotate rules:</span></p> <p><span style="font-family: 'courier new', courier;">$ vim /etc/logrotate.d/test</span></p> <p><span style="font-family: 'courier new', courier;">/var/log/test.log {</span><br /><span style="font-family: 'courier new', courier;">daily</span><br /><span style="font-family: 'courier new', courier;">rotate 3</span><br /><span style="font-family: 'courier new', courier;">create</span><br /><span style="font-family: 'courier new', courier;">size 1M</span><br /><span style="font-family: 'courier new', courier;">postrotate</span><br /><span style="font-family: 'courier new', courier;">/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true</span><br /><span style="font-family: 'courier new', courier;">endscript</span><br /><span style="font-family: 'courier new', courier;">}</span></p> <p><span style="font-family: 'courier new', courier;">daily <span style="font-family: terminal, monaco;">means logrotate every day, but cannot shorter than that defined in crontab.</span></span></p> <p><span style="font-family: 'courier new', courier;"><span style="font-family: terminal, monaco;"><span style="font-family: 'courier new', courier;">rotate 3</span> save 3 logs when rotate, clean the older ones.</span></span></p> <p><span style="font-family: 'courier new', courier;"><span style="font-family: terminal, monaco;"><span style="font-family: 'courier new', courier;">create</span> create a new test.log file when rotate.</span></span></p> <p><span style="font-family: 'courier new', courier;"><span style="font-family: terminal, monaco;"><span style="font-family: 'courier new', courier;">size 1M</span> when logrotate, if file size isn't reach the value, rotate would not happen.</span></span></p> <p><span style="font-family: 'courier new', courier;"><span style="font-family: terminal, monaco;"><span style="font-family: 'courier new', courier;">postrotate</span> commands need to execute after rotate. In former case, which copied from /etc/logrotate.d/syslog, means like to restart rsyslog service. If not, rotate will not happen.</span></span></p> <p><span style="font-family: 'courier new', courier;"><span style="font-family: terminal, monaco;"><span style="font-family: 'courier new', courier;">endscript</span> commands end, paired with <span style="font-family: 'courier new', courier;">postrotate</span>.</span></span></p> <p><span style="font-family: terminal, monaco;">3. <span style="font-family: 'courier new', courier;">logrotate</span> is scheduled in <span style="font-family: 'courier new', courier;">crontab</span>, by default, it's located in <span style="font-family: 'courier new', courier;">/etc/cron.daily</span>, which means logrotate every day. Even log file size reached the limit, rotate still not happen if it's not the right time.</span></p> <p><span style="font-family: terminal, monaco;">So if you want a fast logrotate, you need to add it into crontab, like:</span></p> <p><span style="font-family: 'courier new', courier;">$ crontab -e</span></p> <p><span style="font-family: 'courier new', courier;">*/1 * * * * /usr/sbin/logrotate /etc/logrotate.d/test</span></p>
Comments (0)
Leave a Comment
No comments yet. Be the first to comment!