On Oct 11, 2008, at 09:46, Jeremy Chadwick wrote:
On Sat, Oct 11, 2008 at 09:33:42AM -0700, Kelly Jones wrote:
newsyslog rotates logfiles so that messages.0.gz is yesterday's file,
messages.1.gz is the day before's, etc.
This is ugly. If I tell my fellow sysadmins that I ran this command:
zfgrep 'bad thing' /var/log/messages.4.gz
and found stuff, they may run it the next day and get different
results because the file is now messages.5.gz
Is it possible to educate your co-workers into looking at timestamps
on
files before randomly assuming that EVERYTHING ends up in .4.gz? :-)
Surely your co-workers aren't that dense.
Or you can have them use zgrep 'bad thing' /var/log/messages.*.gz
and tell them "pay close attention to the timestamps shown!!" That
might work as a better work-around.
Improving my cow-orkers intelligence would be the ideal solution, but
has anyone considered tweaking newsyslog to name files
messages.2008-10-05-12-00-00.gz or something. IE, give them a
constant
name that doesn't change and then delete them after how many ever
days?
I'd vote for the following strftime(3) format: "%Y%m%dT%H%M".
Otherwise
known as: YYYYMMDDThhmm
Either approach would sure increase the typing when searching for log
entries for a specific day. I keep 30 days of maillogs and reasonably
frequently have to search them for a specific day a week or 2 ago.
Given that I usually run about 5 searches to find all the relevant
entries, that would sure add to the typing. Also, I have no immediate
idea how newsyslog would be able to still retain 30 backups. The dates
on the files are not necessarily accurate. They can get changed
easily. Searching with maillog.* is a horrible waste of computer and
people time. Puts a real load on the mail server and I wait for quite
awhile.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
