Exploring logrotate
Refer to the logrotate man page while doing this exercise. I suggest printing it out.
First create working alternatives to the "real" configuration file, configuration directory, and log directory, for purposes of this exercise:
cp /etc/logrotate.conf /etc/logrotate.conf.test
mkdir /etc/logrotate.d.test
mkdir /var/log.test
In the log directory /var/log.test create 3 empty log files, belonging to hypothetical utilities utilityA, utilityB, and utilityC. The utilities are written to deposit their log messages into these files:
cd /var/log.test
touch utilityAs.log utilityBs.log
utilityCs.log
Modify the configuration file /etc/logrotate.conf.test so that it ends up as in the right column below. You'll need to run an editor. vi is good in character mode, but only if you know it. Otherwise the simpler and more intuitive graphical editor gedit may be available on your system.
| Original (Fedora) /etc/logrotate.conf | Your version in /etc/logrotate.conf.test |
| # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp, or btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 } # system-specific logs may be also be configured here. |
# see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 3 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d.test /var/log.test/utilityAs.log { } /var/log.test/utilityBs.log { |
date 010112002012
It's a Sunday. Linux numbers the days of the week. Sunday through Saturday are 0 through 6 respectively. So it's day number 0 today. These day numbers are used by various utilities, notably cron (job scheduling). Logrotate uses them too, "...files are rotated if the current weekday is less than the weekday of the last rotation...." Definition of "less than" is in terms of these numbers.
(When told to increment the date below, repeat the date command-- uparrow
in bash shell for command recall is always useful-- and modify it on the command line by
changing the DD or day portion. For example, to increment the date now, since
it's January 1st, the command to use would be "date 01021200". It
would become noon January 2, year unchanged.)
Here's a calendar for the
month.
January 2012
Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Initialize to January 1, 2012, now if that isn't already the current date . Now examine the log directory, observing the 3 files' sizes and datestamps, and then perform a rotation:
ls -l /var/log.test
logrotate -v /etc/logrotate.conf.test
Look at the log directory again afterward:
ls -l /var/log.test
Which file(s) got rotated? Note we use logrotate's -v verbosity option. It makes logrotate tell what it's doing on the screen. Read the messages, since learning what it does is our purpose. Change the date to anything between January 2 and January7 and repeat:
date 010612002012
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
Any rotations? Now change the date to January 8 and repeat:
date 010812002012
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
Any rotations this time? What got rotated? Why today? Change the date to January 9 and repeat:
date 010912002012
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
Any rotations? Change the frequency directive "weekly" in /etc/logrotate.conf.test to "daily" instead. Run logrotate again. Then successively increment the date to January 10 and 11, repeating each time and checking the outcome.
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
date 011012002012
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
date 011112002012
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
Change /etc/logrotate.conf.test's stanza for /var/log.test/utilityBs.log by deleting the notifempty directive and inserting the compress directive instead. To give the log file some bulk there's a pretty big file we can copy to it.. It's /etc/services, about 300K in size. That provides some throwaway material to be compressed.
cp /etc/services /var/log.test/utilityBs.log
ls -l /var/log.test
date 011212002012
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
date 011312002012
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
date 011412002012
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
Change /etc/logrotate.conf.test's stanza for /var/log.test/utilityBs.log by inserting a postrotation script at the end (within the stanza). When you run logrotate thereafter, do it without the -v verbosity option:
postrotate
echo "Finished working on B"
endscript
date 011512002012
logrotate /etc/logrotate.conf.test
Inside directory /etc/logrotate.d.test create file utilityC with these contents:
/var/log.test/utilityCs.log {
}
Advance the date, rotate and examine results:
date 011612002012
logrotate -v /etc/logrotate.conf.test
ls -l /var/log.test
You should now understand how logrotate decides, each time it runs, whether or not to cycle each log file it manages by copying it under a new name and creating a fresh-start one under the old name. You should understand how logrotate determines its config file, and the basic operation of a config file and any "included" config directory(s).
Cleanup please (type carefully, to erase the test files not the "real" ones):
cd /etc
rm ./logrotate.conf.test
rm ./logrotate.d.test/ -rf
cd /var
rm ./log.test/ -rf
And set the computer back to the actual date.