For a Linux mail server I set up, I want to have sendmail's log file, which is /var/log/maillog, rotated daily rather than once a week. With the default setting for logrotate, the file maillog will be closed and become maillog.1 after a week. If there is a maillog.1 it becomes maillog.2, etc. I want this to occur at midnight every night. To achieve the daily rotation, log in under the root account and edit the file /etc/logrotate.d/syslog, removing /var/log/maillog from the line where it is listed with all of the other log files that get rotated. Then create a new logrotate control file, e.g. /etc/maillogrotate.conf. Don't put it in the /etc/logrotate.d directory. My maillogrotate.conf file contains the following lines:
# Begin maillogrotate control file
/var/log/maillog {
daily
rotate 14
sharedscripts
create 0600 root root
missingok
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
# End maillogrotate control fileThe meaning of the lines is as follows:
- Comment
- Specifies the file to be rotated, /var/log/maillog
- Indicates the file should be rotated on a daily basis
- rotate 14 indicates 14 previous versions (2 weeks worth of logs) should be kept, i.e. there will be a maillog file as well as maillog.1 through maillog.14
- sharedscripts means that the postrotate script will only be run once, not for every file that is rotated.
- create 0600 root root indicates that immediately after logrotate
has rotated the file, it should create a new file with the same name as the
one just rotated, in this case maillog. The permissions for the file, 0600,
indicate that the owner will have read and write access to the file, but
no one else will be given any access to the file. After access is specified,
the owner and group for the file are each set to root (the format is
create mode owner group. - missingok indicates that if the log file is missing, proceed to the next one without issuing an error message.
- Any lines between postrotate and endscript will be executed after the rotation is completed. In this case, the syslog process will be restarted. The process id for syslog is stored in /var/run/syslog.pid, so cat /var/run/syslogd.pid displays the contents of syslogd.pid. The 2> /dev/null at the end indicates that STDERR (error messages) will be redirected to /dev/null, which means that they are discarded. The backticks around this command (be certain to use the ` character, which is on the key to the left of the 1 key not the single quote, ' here) mean take the output of this command and use it as an argument to /bin/kill -HUP, which kills the syslog process, which will get automatically restarted. The second 2> /dev/null means that any error messages generated from the kill command are also discarded. The || true at the end means that if there is a problem with the kill command then still mark this part of the script as successful, i.e. don't abort with an error message. The || means "or" and true always returns a successful exit status.
You then need to create a crontab entry with crontab -e.
This will open the crontab file in the vi editor. The crontab file can be
used to run commands on a scheduled basis. Hit the i key to put the
vi editor in insert mode then type the following command:
0 0 * * * /usr/sbin/logrotate /etc/maillogrotate.conf 1>/dev/null 2>/dev/null
Then hit the : (colon) key and type wq to save the file and exit from the editor.
The crontab file consists of 6 fields:
| minute | A number from 0 to 59 indicating the minute the command will run |
| hour | A number from 0 to 23 indicating the hour for the command to be run |
| day of month | A number from 1 to 31 indicating the day of the month to run the command |
| month | A number from 1 to 12 indicating the month to run the command |
| day of week | A number from 0 to 6 (Sunday to Saturday) for the command to be run |
| command | The command to be run |
So the listed crontab entry will run the /usr/sbin/logrotate program at midnight every day (the asterisks means use all possible values for the field). The logrotate program will use the file I created, /etc/maillog.conf, to determine what it should do. Any output, whether standard output or error messages, are sent to /dev/null, i.e. discarded.
In addition to keeping two weeks worth of logs in the /var/log/maillog directory, I like to archive mail logs in a separate directory to be parsed by statistics generation programs. If I add new programs, I can run them on all the old log files to generate statistics for the entire year. So I create a /root/maillog directory to hold the maillog files and a program, copy-maillog, which will copy the previous day's maillog to that directory with that day's date appended to the filename. I place the copy-maillog file in /root/bin and make it executable.
mkdir /root/maillog
mkdir /root/bin
The copy-maillog program contains the following lines:
#!/bin/bash
cp -a /var/log/maillog.1 /root/maillog/maillog.$(date --date=yesterday +%m%d%y)
This will copy the previous day's maillog file, maillog.1 to the /root/maillog/ directory. The $(date --date=yesterday +%m%d%y) extension means append yesterday's date formated as month, day, year, e.g. maillog.091604 for the September 16, 2004 mail log file.
To make the script executable, type chmod 700 copy-maillog.
I then create a crontab entry to run copy-maillog script at half past
midnight every night. Use crontab -e again to edit the
crontab file, then move the cursor to the end of the file and hit the
a key to append data after the cursor. Hit the enter key to
start a new line and insert the following:
30 0 * * * /root/bin/copy-maillog 1>/dev/null 2>/dev/null
Then hit the Esc key followed by the colon key. Type wq to save
the modifications to the crontab file and exit from the editor. If
you then type crontab -l to list the contents of the
crontab file, you shold see something similar to the following:
[root@mail bin]# crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.8726 installed on Fri Sep 17 18:27:16 2004)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
0 0 * * * /usr/sbin/logrotate /etc/maillogrotate.conf 1>/dev/null 2>/dev/null
30 0 * * * /root/bin/copy-maillog 1>/dev/null 2>/dev/null
References:
