Managing System-Log Files
Configuring and fine-tuning your system-logging facilities is extremely important for system security and general diagnostics. But if your logs grow too large and fill up their filesystem, all that work may come to naught.
As with syslog itself, most Linux distributions come with a preconfigured log-rotation scheme. As with syslog, while this scheme tends to work adequately for many users, it’s too important a mechanism to take for granted: it behooves you to understand, periodically evaluate, and, if necessary, customize your log-management setup.
Log Management in Red Hat 7 and Debian 2.2: /sbin/logrotate
Both
Red Hat 7 and Debian 2.2 use a binary program called
logrotate to handle system-log growth. In fact,
they use very similar implementations of
logrotate: global options and low-level (system)
log files are addressed in /etc/logrotate.conf,
and application-specific configuration scripts are kept in
/etc/logrotate.d/.
When logrotate is run, all scripts in
/etc/logrotate.d are included into
logrotate.conf and parsed as one big script.
This makes logrotate’s
configuration very modular: when you install an RPM or DEB package
(of software that creates logs), your package manager automatically
installs a script in /etc/logrotate.d, which
will be removed later if you uninstall the package.
Warning
Actually, the include directive in
logrotate.conf may be used to specify additional or different directories and files to include. In no event, however, should you ...
Get Building Secure Servers with Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
