Home | 簡體中文 | 繁體中文 | 雜文 | 打賞(Donations) | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 知乎專欄 | Search | Email

15.2. logrotate - rotates, compresses, and mails system logs

logrotate 的配置檔案是 /etc/logrotate.conf。主要參數如下表:

參數 					功能
compress 				通過gzip 壓縮轉儲以後的日誌
nocompress 				不需要壓縮時,用這個參數
copytruncate			用於還在打開中的日誌檔案,把當前日誌備份並截斷
nocopytruncate 			備份日誌檔案但是不截斷
create mode owner group 轉儲檔案,使用指定的檔案模式創建新的日誌檔案
nocreate 				不建立新的日誌檔案
delaycompress 和 compress 一起使用時,轉儲的日誌檔案到下一次轉儲時才壓縮
nodelaycompress 		覆蓋 delaycompress 選項,轉儲同時壓縮。
errors address			專儲時的錯誤信息發送到指定的Email 地址
ifempty 				即使是空檔案也轉儲,這個是 logrotate 的預設選項。
notifempty 				如果是空檔案的話,不轉儲
mail address 			把轉儲的日誌檔案發送到指定的E-mail 地址
nomail 					轉儲時不發送日誌檔案
olddir directory 		轉儲後的日誌檔案放入指定的目錄,必須和當前日誌檔案在同一個檔案系統
noolddir 				轉儲後的日誌檔案和當前日誌檔案放在同一個目錄下
prerotate/endscript 	在轉儲以前需要執行的命令,這兩個關鍵字必須單獨成行
postrotate/endscript 	在轉儲以後需要執行的命令,這兩個關鍵字必須單獨成行
daily 					指定轉儲周期為每天
weekly 					指定轉儲周期為每週
monthly 				指定轉儲周期為每月
rotate count 			指定日誌檔案刪除之前轉儲的次數,0 指沒有備份,5 指保留5 個備份
tabootext [+] list 		讓logrotate 不轉儲指定副檔名的檔案,預設的副檔名是:.rpm-orig, .rpmsave, v, 和 ~ 
size size 				當日誌檔案到達指定的大小時才轉儲,Size 可以指定 bytes (預設)以及KB (sizek)或者MB (sizem).
		
		

logrotate 是linux系統自帶的日誌分割與壓縮程序,通過crontab每日運行一次。

15.2.1. /etc/logrotate.conf

$ cat /etc/cron.daily/logrotate
#!/bin/sh

test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf
			
$ cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0660 root utmp
    rotate 1
}

# system-specific logs may be configured here
			

15.2.2. /etc/logrotate.d/

15.2.2.1. 日誌配置

配置多個日誌每行寫一個條,是用絶對路徑

				
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
    missingok
    sharedscripts
    postrotate
	/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}
				
				
				

通配符匹配

例如 /var/log/nginx/*.log 匹配所有 nginx 日誌

				
/var/log/nginx/*.log {
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 nginx adm
        sharedscripts
        postrotate
                [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
        endscript
}
				
				
				
$ cat /etc/logrotate.d/apache2
/var/log/apache2/*.log {
        weekly
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then
                        /etc/init.d/apache2 reload > /dev/null
                fi
        endscript
}
				
				

15.2.2.2. create 創建日誌檔案,指定用於與訪問權限

				
$ cat /etc/logrotate.d/mysql-server
# - I put everything in one block and added sharedscripts, so that mysql gets
#   flush-logs'd only once.
#   Else the binary logs would automatically increase by n times every day.
# - The error log is obsolete, messages go to syslog now.
/var/log/mysql.log /var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log {
        daily
        rotate 7
        missingok
        create 640 mysql adm
        compress
        sharedscripts
        postrotate
                test -x /usr/bin/mysqladmin || exit 0
                # If this fails, check debian.conf!
                MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
                if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then
                  # Really no mysqld or rather a missing debian-sys-maint user?
                  # If this occurs and is not a error please report a bug.
                  #if ps cax | grep -q mysqld; then
                  if killall -q -s0 -umysql mysqld; then
                    exit 1
                  fi
                else
                  $MYADMIN flush-logs
                fi
        endscript
}
				
				

15.2.2.3. postrotate

日誌切割後運行腳本,通常用於通知父進程,日誌已經改變。

				
/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    postrotate
        /sbin/service httpd reload > /dev/null 2>/dev/null || true
    endscript
}
				
				
/var/log/cacti/*.log {
        weekly
        missingok
        rotate 52
        compress
        notifempty
        create 640 www-data www-data
        sharedscripts
}