Solaris logfile rotation utilities

The logadm(1m) utility comes with the Solaris Operating System, and allows system and application logfiles to be rotated at configurable intervals. logadm(1m) is controlled through the logadm.conf configuration file, which contains the logfiles to rotate, and information to describe how to rotate the logfiles. When I need to add new entries to the logadm.conf configuration file, I usually invoke logadm(1m) with the following options:

-w  ENTRY    - Write an entry to logadm.conf
 -a           - Command to run after a logfile has been rotated
 -b           - Command to run before a logfile is rotated
 -C COUNT     - Number of logfiles to keep around
 -e EMAIL     - Send an email to EMAIL with the results
 -o OWNER     - Change the owner to OWNER after rotating the file
 -g GROUP     - Change the group to GROUP after rotate the file
 -m PERMS     - Set the permissions to PERMS after rotate the file

In addition to these flags, there are dozens of available options
to control where logfiles are stored after they are rotated, the format
logfiles will be stored in, and several directives to control when a
file is rotated (e.g., when a file is bigger than size, or after X
days/weeks/months). The following example can be used to rotate the IP
filter logfiles daily:

$ logadm -w ipflog -C 30 -o sys -g sys -m 600 /var/log/ipflog
-a ‘kill -HUP `cat /var/run/syslog.pid’

This will keep thirty copies of ipflog, set the owner and group to sys,
and restart syslogd after the logfiles are rotated. logadm(1m) will
run each day at 3:10am, and provides the “-p” option to rotate logfiles
at specific points in time. The following example will rotate the
IP filter logfiles now:

$ ls -al /var/log/ipf* | head -3

-rw-------   1 sys      sys        65316 Apr  5 10:05 /var/log/ipflog
-rw-------   1 sys      sys            0 Apr  5 09:47 /var/log/ipflog.0
-rw-r--r--   1 root     root     103495791 Apr  5 09:49 /var/log/ipflog.1

$ logadm -p now ipflog

$ ls -al /var/log/ipf* | head -3

-rw-------   1 sys      sys          149 Apr  5 10:05 /var/log/ipflog
-rw-------   1 sys      sys        65316 Apr  5 10:05 /var/log/ipflog.0
-rw-------   1 sys      sys            0 Apr  5 09:47 /var/log/ipflog.1

logadm(1m) also supports regular expressions, so entries similar to
the following are possible (this item came from the logadm man page):

/var/apache/logs/*{access,error}_log

This is a nifty little utility.

Leave a Reply

Your email address will not be published. Required fields are marked *