Solaris has been shipping with a robust logfile management facility for a few years now, and I have found it super useful for managing system and application logs. The log management facility revolves around the logadm utility, which allows admins to set policies on when and how logfiles are rotated. Logadm stores it’s configuration in the file /etc/logadm.conf, and provides the “-w” and “-r” options to add and remove entries from the configuration file. The following example shows how to add an entry to rotate and compress the IP filter logfiles once per week:
$ logadm -w /var/log/ipflog -C 8 -P 'Fri Jul 14 23:05:38 2006 -a '/usr/sbin/svcadm refresh system-log' -g root -m 644 -o root -p 7d -z 0
This example has several interesting options. The first parameter contains the logfile to rotate, the “-C” option indicates how many copies to keep, the “-a” option lists a command to run after the file is rotated, the “-g,” “-o” and “-m” options indicate the user, group and permissions to apply to the logfiles, the “-p” option indicates how often to rotate the file, and the “-z” option can be used to compress logfiles after they are rotated. All of the options are covered in gory detail in the logadm(1m) manul page.