| 知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
logrotate 的配置檔案是 /etc/logrotate.conf。主要參數如下表: 參數 功能 compress 通過gzip 壓縮轉儲以後的日誌 nocompress 不需要壓縮時,用這個參數 copytruncate 用於還在打開中的日誌檔案,把當前日誌備份並截斷 nocopytruncate 備份日誌檔案但是不截斷 create mode owner group 轉儲檔案,使用指定的檔案模式創建新的日誌檔案 nocreate 不建立新的日誌檔案 delaycompress 和 compress 一起使用時,轉儲的日誌檔案到下一次轉儲時才壓縮 nodelaycompress 覆蓋 delaycompress 選項,轉儲同時壓縮。 errors address 專儲時的錯誤信息發送到指定的Email 地址 ifempty 即使是空檔案也轉儲,這個是 logrotate 的預設選項。 notifempty 如果是空檔案的話,不轉儲 mail address 把轉儲的日誌檔案發送到指定的E-mail 地址 nomail 轉儲時不發送日誌檔案 olddir directory 轉儲後的日誌檔案放入指定的目錄,必須和當前日誌檔案在同一個檔案系統 noolddir 轉儲後的日誌檔案和當前日誌檔案放在同一個目錄下 prerotate/endscript 在轉儲以前需要執行的命令,這兩個關鍵字必須單獨成行 postrotate/endscript 在轉儲以後需要執行的命令,這兩個關鍵字必須單獨成行 daily 指定轉儲周期為每天 weekly 指定轉儲周期為每週 monthly 指定轉儲周期為每月 rotate count 指定日誌檔案刪除之前轉儲的次數,0 指沒有備份,5 指保留5 個備份 tabootext [+] list 讓logrotate 不轉儲指定副檔名的檔案,預設的副檔名是:.rpm-orig, .rpmsave, v, 和 ~ size size 當日誌檔案到達指定的大小時才轉儲,Size 可以指定 bytes (預設)以及KB (sizek)或者MB (sizem).
logrotate 是linux系統自帶的日誌分割與壓縮程序,通過crontab每日運行一次。
$ cat /etc/cron.daily/logrotate #!/bin/sh test -x /usr/sbin/logrotate || exit 0 /usr/sbin/logrotate /etc/logrotate.conf
$ cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}
# system-specific logs may be configured here
配置多個日誌每行寫一個條,是用絶對路徑
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
通配符匹配
例如 /var/log/nginx/*.log 匹配所有 nginx 日誌
/var/log/nginx/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 640 nginx adm
sharedscripts
postrotate
[ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
endscript
}
$ cat /etc/logrotate.d/apache2
/var/log/apache2/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then
/etc/init.d/apache2 reload > /dev/null
fi
endscript
}
$ cat /etc/logrotate.d/mysql-server
# - I put everything in one block and added sharedscripts, so that mysql gets
# flush-logs'd only once.
# Else the binary logs would automatically increase by n times every day.
# - The error log is obsolete, messages go to syslog now.
/var/log/mysql.log /var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log {
daily
rotate 7
missingok
create 640 mysql adm
compress
sharedscripts
postrotate
test -x /usr/bin/mysqladmin || exit 0
# If this fails, check debian.conf!
MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then
# Really no mysqld or rather a missing debian-sys-maint user?
# If this occurs and is not a error please report a bug.
#if ps cax | grep -q mysqld; then
if killall -q -s0 -umysql mysqld; then
exit 1
fi
else
$MYADMIN flush-logs
fi
endscript
}
日誌切割後運行腳本,通常用於通知父進程,日誌已經改變。
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}
/var/log/cacti/*.log {
weekly
missingok
rotate 52
compress
notifempty
create 640 www-data www-data
sharedscripts
}