Home | 简体中文 | 繁体中文 | 杂文 | 打赏(Donations) | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 知乎专栏 | Search | Email

15.2. logrotate - rotates, compresses, and mails system logs

logrotate 的配置文件是 /etc/logrotate.conf。主要参数如下表:

参数 					功能
compress 				通过gzip 压缩转储以后的日志
nocompress 				不需要压缩时,用这个参数
copytruncate			用于还在打开中的日志文件,把当前日志备份并截断
nocopytruncate 			备份日志文件但是不截断
create mode owner group 转储文件,使用指定的文件模式创建新的日志文件
nocreate 				不建立新的日志文件
delaycompress 和 compress 一起使用时,转储的日志文件到下一次转储时才压缩
nodelaycompress 		覆盖 delaycompress 选项,转储同时压缩。
errors address			专储时的错误信息发送到指定的Email 地址
ifempty 				即使是空文件也转储,这个是 logrotate 的缺省选项。
notifempty 				如果是空文件的话,不转储
mail address 			把转储的日志文件发送到指定的E-mail 地址
nomail 					转储时不发送日志文件
olddir directory 		转储后的日志文件放入指定的目录,必须和当前日志文件在同一个文件系统
noolddir 				转储后的日志文件和当前日志文件放在同一个目录下
prerotate/endscript 	在转储以前需要执行的命令,这两个关键字必须单独成行
postrotate/endscript 	在转储以后需要执行的命令,这两个关键字必须单独成行
daily 					指定转储周期为每天
weekly 					指定转储周期为每周
monthly 				指定转储周期为每月
rotate count 			指定日志文件删除之前转储的次数,0 指没有备份,5 指保留5 个备份
tabootext [+] list 		让logrotate 不转储指定扩展名的文件,缺省的扩展名是:.rpm-orig, .rpmsave, v, 和 ~ 
size size 				当日志文件到达指定的大小时才转储,Size 可以指定 bytes (缺省)以及KB (sizek)或者MB (sizem).
		
		

logrotate 是linux系统自带的日志分割与压缩程序,通过crontab每日运行一次。

15.2.1. /etc/logrotate.conf

$ cat /etc/cron.daily/logrotate
#!/bin/sh

test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf
			
$ cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0660 root utmp
    rotate 1
}

# system-specific logs may be configured here
			

15.2.2. /etc/logrotate.d/

15.2.2.1. 日志配置

配置多个日志每行写一个条,是用绝对路径

				
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
    missingok
    sharedscripts
    postrotate
	/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}
				
				
				

通配符匹配

例如 /var/log/nginx/*.log 匹配所有 nginx 日志

				
/var/log/nginx/*.log {
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 nginx adm
        sharedscripts
        postrotate
                [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid`
        endscript
}
				
				
				
$ cat /etc/logrotate.d/apache2
/var/log/apache2/*.log {
        weekly
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then
                        /etc/init.d/apache2 reload > /dev/null
                fi
        endscript
}
				
				

15.2.2.2. create 创建日志文件,指定用于与访问权限

				
$ cat /etc/logrotate.d/mysql-server
# - I put everything in one block and added sharedscripts, so that mysql gets
#   flush-logs'd only once.
#   Else the binary logs would automatically increase by n times every day.
# - The error log is obsolete, messages go to syslog now.
/var/log/mysql.log /var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log {
        daily
        rotate 7
        missingok
        create 640 mysql adm
        compress
        sharedscripts
        postrotate
                test -x /usr/bin/mysqladmin || exit 0
                # If this fails, check debian.conf!
                MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
                if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then
                  # Really no mysqld or rather a missing debian-sys-maint user?
                  # If this occurs and is not a error please report a bug.
                  #if ps cax | grep -q mysqld; then
                  if killall -q -s0 -umysql mysqld; then
                    exit 1
                  fi
                else
                  $MYADMIN flush-logs
                fi
        endscript
}
				
				

15.2.2.3. postrotate

日志切割后运行脚本,通常用于通知父进程,日志已经改变。

				
/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    postrotate
        /sbin/service httpd reload > /dev/null 2>/dev/null || true
    endscript
}
				
				
/var/log/cacti/*.log {
        weekly
        missingok
        rotate 52
        compress
        notifempty
        create 640 www-data www-data
        sharedscripts
}