Paul Slootman wrote: > On Mon 31 Mar 2008, Michael Biebl wrote: > >>> BTW, why are the mail files handled separately? Also, rsyslog could be >>> reloaded twice every night, perhaps that could be optimized as well. >> I grouped all log files that are rotated daily, and split all weekly >> rotated files into mail and others (for better readability). > > Hmm, OK, I missed the fact the first part was for daily :-) > >> rsyslog should not be reloaded twice every night (at least it should >> only happen once a week) as the first reload happens daily, the second >> only weekly. > > You should add the "sharedscripts" option, default is "nosharedscripts" > which means that the postrotate is run for every logfile rotated... > > Note also that the postrotate is only run if there is in fact a logfile > rotated. In the (very theoretical :-) case that the logfiles listed in > the last stanza are still empty, then rsyslog will continue writing to > the mail logfiles that had actually been rotated. As "delaycompress" is > not listed, this could mean loss of any new logged data. > Hence I'd recommend combining the last two stanzas, and also adding > "delaycompress". >
Hi Paul, I considered your suggestions and merged all daily rotated log files (and added missingok, notifempty, delaycompress and sharedscripts). The resulting file is attached as rsyslog.logrotate. I see the following problems: 1.) The file has become less readable because of the long line 2.) It becomes harder to change the configuration for a single log file (e.g. if the administrator wants to keep 8 log files of mail.log) as all weekly and daily entries are merged into a single configuration stanza. 3.) There is one day during the week, where rsyslog is reloaded twice. An alternative file layout is the one of syslog-ng, where all log files have a separate config stanza (attached as syslog-ng.logrotate). This approach has imho the following problems 1.) It's more cumbersome to change the configuration for all log files (e.g. from compress to nocompress), as you now have to edit 14 different stanzas 2.) Having a single postrotate script tied to /var/log/syslog could lead to the case, where /var/log/syslog hasn't changed (even if that is probably unlikely) but others have (such as mail.*). I'm now wondering which approach is the better, cleaner, nicer one and would be very interest in your opinion and feedback. Cheers, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
/var/log/daemon.log /var/log/syslog /var/log/kern.log { rotate 7 daily missingok notifempty compress delaycompress sharedscripts postrotate invoke-rc.d rsyslog reload > /dev/null endscript } /var/log/mail.err /var/log/mail.info /var/log/mail.log /var/log/mail.warn /var/log/auth.log /var/log/user.log /var/log/messages /var/log/debug /var/log/lpr.log { rotate 4 weekly missingok notifempty compress delaycompress sharedscripts postrotate invoke-rc.d rsyslog reload > /dev/null endscript }
/var/log/auth.log { rotate 4 missingok notifempty weekly compress } /var/log/cron.log { rotate 4 weekly missingok notifempty compress } /var/log/daemon.log { rotate 7 weekly missingok notifempty compress } /var/log/debug { rotate 4 weekly missingok notifempty compress } /var/log/kern.log { rotate 4 weekly missingok notifempty compress } /var/log/lpr.log { rotate 4 weekly missingok notifempty compress } /var/log/mail.err { rotate 4 weekly missingok notifempty compress } /var/log/mail.info { rotate 4 weekly missingok notifempty compress } /var/log/mail.log { rotate 4 weekly missingok notifempty compress } /var/log/mail.warn { rotate 4 weekly missingok notifempty compress } /var/log/messages { rotate 4 weekly missingok notifempty compress } /var/log/user.log { rotate 4 weekly missingok notifempty compress } /var/log/uucp.log { rotate 4 missingok notifempty weekly compress } /var/log/syslog { rotate 7 daily compress postrotate /usr/sbin/invoke-rc.d syslog-ng reload >/dev/null endscript }
signature.asc
Description: OpenPGP digital signature