On 15.11.2009 13:45, Mick wrote:
> On Saturday 14 November 2009 16:53:24 Alex Schuster wrote:
>> I assume you are using logrotate, and have the /etc/logrotate.d/kernel
>> file? I guess the 'compytruncate' is misspelled and should be
>> 'copytruncate'. And 'endscript' is used after using 'prerotate' or
>> 'postrotate', which you probably do not have.
>>
>> Something like that, I never used logrotate by myself. See the man page
>> for more information.
>
> Hmm ... how do you keep your log files under control?
Use time-based file names. For syslog-ng something like:
destination mail {
file("/var/log/mail/$YEAR/$MONTH/$DAY/$HOUR"
template("$ISODATE $HOST $MSG\n") template_escape(no)
owner("root") group("log") perm(0640)
dir_owner("root") dir_group("log")
dir_perm(02750) create_dirs(yes));
};
destination msgs {
file("/var/log/msgs/$YEAR/$MONTH/$DAY/$HOUR"
template("$ISODATE $HOST $MSG\n") template_escape(no)
owner("root") group("log") perm(0640)
dir_owner("root") dir_group("log")
dir_perm(02750) create_dirs(yes));
};
source local { unix-dgram("/dev/log"); pipe("/proc/kmsg");
internal(); };
filter mail { facility(mail); };
filter notmail { not facility(mail); };
log { source(local); filter(mail); destination(mail); };
log { source(local); filter(notmail); destination(msgs); };
Important points:
- "unix-dgram" is good
- Use template() to determine the format
- No need to logrotate with time based filenames. Hence, no need to
"kill -HUP" the syslog daemon. No missed logs.
- Easier to get the log files to a central server with time based
filenames.
- "log" group is for transfering the log files to a central server
--
Eray
