MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat

Fri, Sep 17, 2004 8:40 pm

Daily Rotation of Mail Logs

For a Linux mail server I set up, I want to have sendmail's log file, which is /var/log/maillog, rotated daily rather than once a week. With the default setting for logrotate, the file maillog will be closed and become maillog.1 after a week. If there is a maillog.1 it becomes maillog.2, etc. I want this to occur at midnight every night. To achieve the daily rotation, log in under the root account and edit the file /etc/logrotate.d/syslog, removing /var/log/maillog from the line where it is listed with all of the other log files that get rotated. Then create a new logrotate control file, e.g. /etc/maillogrotate.conf. Don't put it in the /etc/logrotate.d directory. My maillogrotate.conf file contains the following lines:

# Begin maillogrotate control file
/var/log/maillog {
   rotate 14
   create 0600 root root
   /bin/kill -HUP `cat /var/run/ 2> /dev/null` 2> /dev/null || true
# End maillogrotate control file

The meaning of the lines is as follows:

  1. Comment
  2. Specifies the file to be rotated, /var/log/maillog
  3. Indicates the file should be rotated on a daily basis
  4. rotate 14 indicates 14 previous versions (2 weeks worth of logs) should be kept, i.e. there will be a maillog file as well as maillog.1 through maillog.14
  5. sharedscripts means that the postrotate script will only be run once, not for every file that is rotated.
  6. create 0600 root root indicates that immediately after logrotate has rotated the file, it should create a new file with the same name as the one just rotated, in this case maillog. The permissions for the file, 0600, indicate that the owner will have read and write access to the file, but no one else will be given any access to the file. After access is specified, the owner and group for the file are each set to root (the format is create mode owner group.
  7. missingok indicates that if the log file is missing, proceed to the next one without issuing an error message.
  8. Any lines between postrotate and endscript will be executed after the rotation is completed. In this case, the syslog process will be restarted. The process id for syslog is stored in /var/run/, so cat /var/run/ displays the contents of The 2> /dev/null at the end indicates that STDERR (error messages) will be redirected to /dev/null, which means that they are discarded. The backticks around this command (be certain to use the ` character, which is on the key to the left of the 1 key not the single quote, ' here) mean take the output of this command and use it as an argument to /bin/kill -HUP, which kills the syslog process, which will get automatically restarted. The second 2> /dev/null means that any error messages generated from the kill command are also discarded. The || true at the end means that if there is a problem with the kill command then still mark this part of the script as successful, i.e. don't abort with an error message. The || means "or" and true always returns a successful exit status.

You then need to create a crontab entry with crontab -e. This will open the crontab file in the vi editor. The crontab file can be used to run commands on a scheduled basis. Hit the i key to put the vi editor in insert mode then type the following command:

0 0 * * * /usr/sbin/logrotate /etc/maillogrotate.conf 1>/dev/null 2>/dev/null

Then hit the : (colon) key and type wq to save the file and exit from the editor.

The crontab file consists of 6 fields:

minute A number from 0 to 59 indicating the minute the command will run
hour A number from 0 to 23 indicating the hour for the command to be run
day of month A number from 1 to 31 indicating the day of the month to run the command
month A number from 1 to 12 indicating the month to run the command
day of week A number from 0 to 6 (Sunday to Saturday) for the command to be run
command The command to be run

So the listed crontab entry will run the /usr/sbin/logrotate program at midnight every day (the asterisks means use all possible values for the field). The logrotate program will use the file I created, /etc/maillog.conf, to determine what it should do. Any output, whether standard output or error messages, are sent to /dev/null, i.e. discarded.

In addition to keeping two weeks worth of logs in the /var/log/maillog directory, I like to archive mail logs in a separate directory to be parsed by statistics generation programs. If I add new programs, I can run them on all the old log files to generate statistics for the entire year. So I create a /root/maillog directory to hold the maillog files and a program, copy-maillog, which will copy the previous day's maillog to that directory with that day's date appended to the filename. I place the copy-maillog file in /root/bin and make it executable.

mkdir /root/maillog
mkdir /root/bin

The copy-maillog program contains the following lines:

cp -a /var/log/maillog.1 /root/maillog/maillog.$(date --date=yesterday +%m%d%y)

This will copy the previous day's maillog file, maillog.1 to the /root/maillog/ directory. The $(date --date=yesterday +%m%d%y) extension means append yesterday's date formated as month, day, year, e.g. maillog.091604 for the September 16, 2004 mail log file.

To make the script executable, type chmod 700 copy-maillog.

I then create a crontab entry to run copy-maillog script at half past midnight every night. Use crontab -e again to edit the crontab file, then move the cursor to the end of the file and hit the a key to append data after the cursor. Hit the enter key to start a new line and insert the following:

30 0 * * * /root/bin/copy-maillog 1>/dev/null 2>/dev/null

Then hit the Esc key followed by the colon key. Type wq to save the modifications to the crontab file and exit from the editor. If you then type crontab -l to list the contents of the crontab file, you shold see something similar to the following:

[root@mail bin]# crontab -l # DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.8726 installed on Fri Sep 17 18:27:16 2004)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
0 0 * * * /usr/sbin/logrotate /etc/maillogrotate.conf 1>/dev/null 2>/dev/null
30 0 * * * /root/bin/copy-maillog 1>/dev/null 2>/dev/null


  1. How to rotate maillogs daily on RedHat
  2. Linux / Unix Command: logrotate
  3. Sams Teach Yourself Shell Programming in 24 Hours
  4. Redirection, Pipes, and Backticks

[/network/email/sendmail] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo