Maintaining Syslog Files on the Server
Problem
You want to automatically rotate and archive router logfiles on a Unix server.
Solution
The Bourne shell script in Example 18-1 automatically rotates router logfiles to ensure that these files don't become too big and cumbersome to navigate. The script is intended to be invoked via a cron job on a daily basis, but you can also run it manually. By default, the script retains seven days worth of archived logfiles and compresses files older than two days. No arguments are required or expected.
Example 18-1. rotatelog.sh
#!/bin/sh # # rotatelog.sh -- a script to rotate logfiles and # compress archived files # # Set behavior SYSLOGPID=/etc/syslog.pid LOGDIR=/var/log LOG=rtrlog DAYS=7 COMPRESS="/usr/bin/compress -f" # # Program body [ -f $SYSLOGPID ] || echo "Syslog PID file doesn't exist" if [ -d $LOGDIR ]; then cd $LOGDIR [ -f $LOG.1 ] && Q$COMPRESS $LOG.1Q && sleep 1 while [ $DAYS -gt 1 ] do LOW=Qexpr $DAYS - 1Q [ -f $LOG.$LOW.Z ] && mv $LOG.$LOW.Z $LOG.$DAYS.Z DAYS=$LOW done [ -f $LOG ] || echo "Log file $LOG doesn't exist" [ -f $LOG ] && mv $LOG $LOG.1 touch $LOG chmod 644 $LOG sleep 10 kill -HUP Qcat $SYSLOGPIDQ # else echo "Log directory $LOGDIR is not valid" fi |
Discussion
If left unchecked, the router logfiles grow until your disk space runs out. This script is designed to rotate router logfiles on a daily basis to ensure they don't grow too large.
This script will rotate logs on a daily basis and retain seven days worth of archived logfiles, and overwrite files that are older than this. To reduce the required disk space of the archived logfiles, the script will retain the previous day's log, in a normal format, and compress the remaining days. The number of archived days stored by the script is completely configurable. For instance, to change the number of archived days to 30, change the DAYS variable:
DAYS=30
The script is initially configured to rotate a file called /var/log/rtrlog, but it can easily be configured to rotate any logfile by changing the two variables, LOGDIR and LOG. The variable named LOGDIR contains the directory that the logfiles reside in, and the variable LOG contains the name of the logfile itself. For instance, if you want to change the script to rotate a file called /var/adm/nmslog, then you would modify the following lines in the script:
LOGDIR=/var/adm LOG=nmslog
The final variable that may require modification is the SYSLOGPID variable. This variable contains the location of your system's syslog.pid file. The script assumes that the process ID number (PID), which is carried by the SYSLOGPID variable, can be found in the file /etc/syslog.pid, which is a common location for Solaris-based machines (another common location is /var/run/syslog.pid). Configuring the script with the correct syslog.pid location is vitally important; otherwise, your logfiles will not rotate correctly. To find the location of your syslog.pid file on your system, use the following command, which can take several minutes to run:
server% find / -name syslog.pid print /etc/syslog.pid server%
As mentioned earlier, the script is intended to be launched from cron on a nightly basis. Since it will likely require root privileges to create the necessary files, launch the script from root's crontab. Below is an example of the crontab entry required to launch the script each day at midnight (assuming it is located in /usr/local/bin):
0 0 * * * /usr/local/bin/rotatelog.sh
Finally, since archived files older then one day, are compressed, we should mention some methods of working with compressed files. First, to view a compressed file, use the zcat command or uncompress c command. To permanently uncompress a compressed file, use the uncompress command (without any switches).