Solaris logfile rotation utilities


The logadm(1m) utility comes with the Solaris Operating System, and allows system and application logfiles to be rotated at configurable intervals. logadm(1m) is controlled through the logadm.conf configuration file, which contains the logfiles to rotate, and information to describe how to rotate the logfiles. When I need to add new entries to the logadm.conf configuration file, I usually invoke logadm(1m) with the following options:

-w ENTRY - Write an entry to logadm.conf
-a - Command to run after a logfile has been rotated
-b - Command to run before a logfile is rotated
-C COUNT - Number of logfiles to keep around
-e EMAIL - Send an email to EMAIL with the results
-o OWNER - Change the owner to OWNER after rotating the file
-g GROUP - Change the group to GROUP after rotate the file
-m PERMS - Set the permissions to PERMS after rotate the file

In addition to these flags, there are dozens of available options to control where logfiles are stored after they are rotated, the format logfiles will be stored in, and several directives to control when a file is rotated (e.g., when a file is bigger than size, or after X days/weeks/months). The following example can be used to rotate the IP filter logfiles daily:

$ logadm -w ipflog -C 30 -o sys -g sys -m 600 /var/log/ipflog -a 'kill -HUPcat /var/run/syslog.pid'`

This will keep thirty copies of ipflog, set the owner and group to sys, and restart syslogd after the logfiles are rotated. logadm(1m) will run each day at 3:10am, and provides the “-p” option to rotate logfiles at specific points in time. The following example will rotate the IP filter logfiles now:

$ ls -al /var/log/ipf | head -3

-rw------- 1 sys sys 65316 Apr 5 10:05 /var/log/ipflog
-rw------- 1 sys sys 0 Apr 5 09:47 /var/log/ipflog.0
-rw-r--r-- 1 root root 103495791 Apr 5 09:49 /var/log/ipflog.1

$ logadm -p now ipflog

$ ls -al /var/log/ipf | head -3

-rw------- 1 sys sys 149 Apr 5 10:05 /var/log/ipflog
-rw------- 1 sys sys 65316 Apr 5 10:05 /var/log/ipflog.0
-rw------- 1 sys sys 0 Apr 5 09:47 /var/log/ipflog.1

logadm(1m) also supports regular expressions, so entries similar to the following are possible (this item came from the logadm man page):

/var/apache/logs/*{access,error}_log

This is a nifty little utility.

This article was posted by Matty on 2005-04-05 22:28:00 -0400 -0400