Last month, we discussed setting up and configuring the syslog facility. This month, we will look at two additional considerations that come into play where syslog is concerned. First, we need a way to manage all the log files that we are creating and insure that they do not consume too much disk space. Second, we will need to have a strategy for processing all of the information and discerning what is most important within it. All of the log files in the world are of little use if no one looks at them. This column will explore both of these issues.
Last month, we discussed setting up and configuring the syslog facility. This month, we will look at two additional considerations that come into play where syslog is concerned. First, we need a way to manage all the log files that we are creating and insure that they do not consume too much disk space. Second, we will need to have a strategy for processing all of the information and discerning what is most important within it. All of the log files in the world are of little use if no one looks at them. This column will explore both of these issues.
The traditional solution for managing Unix log files involves periodically saving their contents to another file, and then truncating the active log to zero length. Typically, several old log files would be saved on the system and given names consisting of the original file name with a numeric extension: message.0, message.1 and so on for the messages log file, with higher numbers indicating older saved files.
Generally, some specific number of old files would be present on the system. Each day, the oldest one would be deleted, existing saved files would have their numbers increased by one and the current contents of the active log file would be saved to the .0 file. That is, each day’s messages would be rotated through this fixed set of saved log files (finally falling off the end after a preset period of time). Note that in some cases,…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
