Re: newsyslog naming scheme could be improved?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Walt Pawley wrote: | At 9:33 AM -0700 10/11/08, Kelly Jones wrote: | newsyslog rotates logfiles so that messages.0.gz is yesterday's file, | messages.1.gz is the day before's, etc. | | This is ugly. | | IMHO, this is worse than merely ugly. I gave up rotating log | files a long time ago when I kept running into problems that | needed extensive time periods worth of log data with which to | resolve issues. I use some modifications to the periodic | scripts to do the log data archiving with time related names. | | Of course, if you're generating megabytes of compressed log | data every day, this is likely impractical but it works well | for systems I normally use. I note that syslog.conf allows you to pipe log messages into some other application. Simply using cronolog (or rotatelogs from one of the Apache ports) would allow you to create date-stamped logfile names pretty easily. Eg. *.* |/usr/local/sbin/cronolog /var/log/all-%Y-%m-%d.log This doesn't provide control of file permissions or compression of old log files, but either of those are relatively simple to fix. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. Flat 3 ~ 7 Priory Courtyard PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate ~ Kent, CT11 9PW, UK -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREDAAYFAkj0TuEACgkQ3jDkPpsZ+VYhMQCfTMJFKWSGWLAOrbQgbZ3HFEWo DWgAoJDLjWy7kSwPxAzmUcXcZW1B1v0m =k4af -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: newsyslog naming scheme could be improved?
At 9:33 AM -0700 10/11/08, Kelly Jones wrote: newsyslog rotates logfiles so that messages.0.gz is yesterday's file, messages.1.gz is the day before's, etc. This is ugly. IMHO, this is worse than merely ugly. I gave up rotating log files a long time ago when I kept running into problems that needed extensive time periods worth of log data with which to resolve issues. I use some modifications to the periodic scripts to do the log data archiving with time related names. Of course, if you're generating megabytes of compressed log data every day, this is likely impractical but it works well for systems I normally use. -- Walter M. Pawley [EMAIL PROTECTED] Wump Research Company 676 River Bend Road, Roseburg, OR 97471 541-672-8975 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: newsyslog naming scheme could be improved?
On Sat 2008-10-11 14:58:39 UTC-0400, Garance A Drosehn ([EMAIL PROTECTED]) wrote: It would be bad to change the default behavior, but there have been several people who wished for some option for newsyslog which would make it use some alternate naming scheme. There's at least one PR about it, for instance. It is on my list of things to do, but I've had a long stretch of time where I have too many things on that list. I wouldn't go for a naming scheme that's as long as the above suggestion, though. Perhaps newsyslog could support filenames in strftime(3) format, eg. /var/log/messages.%Y-%m-%d I think the format of newsyslog.conf might need to change to allow that though, breaking compatibility... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
newsyslog naming scheme could be improved?
newsyslog rotates logfiles so that messages.0.gz is yesterday's file, messages.1.gz is the day before's, etc. This is ugly. If I tell my fellow sysadmins that I ran this command: zfgrep 'bad thing' /var/log/messages.4.gz and found stuff, they may run it the next day and get different results because the file is now messages.5.gz Improving my cow-orkers intelligence would be the ideal solution, but has anyone considered tweaking newsyslog to name files messages.2008-10-05-12-00-00.gz or something. IE, give them a constant name that doesn't change and then delete them after how many ever days? -- We're just a Bunch Of Regular Guys, a collective group that's trying to understand and assimilate technology. We feel that resistance to new ideas and technology is unwise and ultimately futile. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: newsyslog naming scheme could be improved?
On Sat, Oct 11, 2008 at 09:33:42AM -0700, Kelly Jones wrote: newsyslog rotates logfiles so that messages.0.gz is yesterday's file, messages.1.gz is the day before's, etc. This is ugly. If I tell my fellow sysadmins that I ran this command: zfgrep 'bad thing' /var/log/messages.4.gz and found stuff, they may run it the next day and get different results because the file is now messages.5.gz Is it possible to educate your co-workers into looking at timestamps on files before randomly assuming that EVERYTHING ends up in .4.gz? :-) Surely your co-workers aren't that dense. Or you can have them use zgrep 'bad thing' /var/log/messages.*.gz and tell them pay close attention to the timestamps shown!! That might work as a better work-around. Improving my cow-orkers intelligence would be the ideal solution, but has anyone considered tweaking newsyslog to name files messages.2008-10-05-12-00-00.gz or something. IE, give them a constant name that doesn't change and then delete them after how many ever days? I'd vote for the following strftime(3) format: %Y%m%dT%H%M. Otherwise known as: MMDDThhmm = Year (4-digit) MM = Month (01 to 12) DD = Day (01 to 31) T = Literal ASCII string T hh = Hour (24-hour time, e.g. 00 to 23) mm = Minute (00 to 59) The T aspect is optional, but it's what we use at my workplace, and makes recognising the hour-minute portion easier. I don't think we need second-level granularity on this stuff; even minute granularity is questionable (because not all logs will get rotated at exactly 00 minutes; they might take 20 minutes to compress based on system load, etc...), since you'd have inconsistencies in the filenames, e.g.: messages.20081005T.gz messages.20081006T0001.gz messages.20081007T0001.gz messages.20081008T.gz messages.20081009T0002.gz And so on. Food for thought. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: newsyslog naming scheme could be improved?
On Oct 11, 2008, at 09:46, Jeremy Chadwick wrote: On Sat, Oct 11, 2008 at 09:33:42AM -0700, Kelly Jones wrote: newsyslog rotates logfiles so that messages.0.gz is yesterday's file, messages.1.gz is the day before's, etc. This is ugly. If I tell my fellow sysadmins that I ran this command: zfgrep 'bad thing' /var/log/messages.4.gz and found stuff, they may run it the next day and get different results because the file is now messages.5.gz Is it possible to educate your co-workers into looking at timestamps on files before randomly assuming that EVERYTHING ends up in .4.gz? :-) Surely your co-workers aren't that dense. Or you can have them use zgrep 'bad thing' /var/log/messages.*.gz and tell them pay close attention to the timestamps shown!! That might work as a better work-around. Improving my cow-orkers intelligence would be the ideal solution, but has anyone considered tweaking newsyslog to name files messages.2008-10-05-12-00-00.gz or something. IE, give them a constant name that doesn't change and then delete them after how many ever days? I'd vote for the following strftime(3) format: %Y%m%dT%H%M. Otherwise known as: MMDDThhmm Either approach would sure increase the typing when searching for log entries for a specific day. I keep 30 days of maillogs and reasonably frequently have to search them for a specific day a week or 2 ago. Given that I usually run about 5 searches to find all the relevant entries, that would sure add to the typing. Also, I have no immediate idea how newsyslog would be able to still retain 30 backups. The dates on the files are not necessarily accurate. They can get changed easily. Searching with maillog.* is a horrible waste of computer and people time. Puts a real load on the mail server and I wait for quite awhile. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: newsyslog naming scheme could be improved?
At 9:33 AM -0700 10/11/08, Kelly Jones wrote: ...but has anyone considered tweaking newsyslog to name files messages.2008-10-05-12-00-00.gz or something. IE, give them a constant name that doesn't change and then delete them after how many ever days? It would be bad to change the default behavior, but there have been several people who wished for some option for newsyslog which would make it use some alternate naming scheme. There's at least one PR about it, for instance. It is on my list of things to do, but I've had a long stretch of time where I have too many things on that list. I wouldn't go for a naming scheme that's as long as the above suggestion, though. -- Garance Alistair Drosehn = [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Institute; Troy, NY; USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
