Note: Before Solaris 9 there was FreeBSD-style tool
newsyslog located at /usr/lib/  and Perl script
rotatelog written
by  Shaun Rowland. It  meant to be run from cron, with a configuration file and
documentation available. For Solaris 8 and earlier you can download the tar.gz file and untar it. Then go in
the new directory, and execute make install. It will install everything
by default under /usr/local/ (mainly /usr/local/sbin/rotatelog and /usr/local/etc/rotatelog.conf).

logadm uses a configuration file
logadm.conf. The latter specifies the schedule for log rotation and
options with which rotation will be performed. In the default configuration of
logadm.conf  the
/var/adm/messages file is already configured to be
rotated:

The syntax of the

logadm.conf  file is as follows:

logname  <space> options

A very simple configuration to rotate these files. Insert the
following line:

/var/adm/sshdlog -C 7 -P 'Sat Jan  21 08:10:00 2006' -a 'pkill sshd2'

As you can see from the line above, we specified /var/adm/sshdlog

as our log to rotate.

The options (see
Reference for the full list).:

• -C -- count  Delete the oldest versions until there are not more than count
  files left. This option specifies the maximum number of
  log files to keep. If exceeded, the oldest file will be deleted to keep the
  total 
  
  number at specified value


• -P -- period  Rotate a log file after the specified time period (period)
  .This option is used to specify a timestamp
  for the particular log last rotation. Specify period as a number followed by d for days, w
  for weeks, m for months (really 30 days) or y for years.
  There are also two special values for period: now and never.
  -p now forces log rotation. -p
  never forces no log rotation.



• -a -- This option is used to specify a post
  command that is run once after all logs have been rotated. The command can send
  HUP signal to a daemon or restart it. It also can be used to compress the
  rotated log with non standard compressor (-z option can be used for standard
  compressor) and or send message to sysadmin


• -s size Rotate the log file only if its size is greater than or equal to
  size. Specify size as a number followed by the letter
  b for
  bytes, k for kilobytes, m for megabytes, or g for
  gigabytes.

Like with cron, the -w option to logadm(1M) is the preferred way to modify
the configuration file, but if you do edit it by hand. In this case use "logadm -V" to
check it for errors and to activate changes.

For example, one entry in the /etc/logadm.conf file
specifies that the /var/log/syslog file is rotated weekly unless the
file is empty. The most recent syslog file becomes syslog.0,
the next most recent becomes syslog.1, and so on. Eight previous

syslog log files are kept. The /etc/logadm.conf file also contains time stamps of when the last
log rotation occurred. It is written in the field defined by -P flag.

You can use the logadm command to customize system logging and to
add additional logging in the /etc/logadm.conf file as needed.

For example, to rotate the Apache access and error logs, use the following
commands:

# logadm -w /var/apache/logs/access_log -s 100m

# logadm -w /var/apache/logs/error_log -s 10m

In this example, the Apache access_log file is rotated when it
reaches 100 Mbytes in size, with a .0, .1, (and so on) suffix,
keeping 10 copies of the old access_log file. The error_log is rotated
when it reaches 10 Mbytes in size with the same suffixes and number of copies as
the access_log file.

The /etc/logadm.conf entries for the preceding Apache log rotation
examples look similar to the following:

# cat /etc/logadm.conf

...

/var/apache/logs/error_log -s 10m

/var/apache/logs/access_log -s 100m

For more information, see logadm(1M).

You can use the logadm command as superuser or by assuming an
equivalent role (with Log Management rights). With role-based access control (RBAC),
you can grant non-root users the privilege of maintaining log files by providing
access to the logadm command. For example, add the following entry to the /etc/user_attr file to
grant user andy the ability to use the logadm command:

andy::::profiles=Log Management

Or, you can set up a role for log management by using the Solaris Management
Console. For more information about setting up a role, see "Role-Based Access
Control (Overview)" in System Administration Guide: Security Services.

The log rotation problem exists on any server but it is the most acute on log
consolidation servers (LOGHOST servers) that collect logs from other servers. 
The volume of logs on a busy Solaris loghost system grow over 50G in a week. On
a typical loghost just log for /var/adm/messages
can easily be large then 1G in one day. 

Among log files which should be rotated on a typical Solaris box: :

• /var/adm/syslog -- Logs common system events
  



• /var/adm/messages -- Miscellaneous log file for
  most events on a system


• /var/cron/log -- Logs all jobs run in crontab
  


• /var/lp/logs/lpsched -- Logs information
  related to the print services


• /var/adm/pacct -- Used for process accounting
  

Feedback: If you want to leave feedback about the page click Feedback If you like the content and  want just to leave positive feedback/to vote for the further development of the page please click on the top advertisement banner (please note that this is a Spartan site with large number of pages and it develops like a living tree: some branches are dead/obsolete and were not updated for a year or more, some are  stable and more or less up-to date/periodically updated and some are growing fast) If you want to leave negative feedback/ vote against the content of the page because of errors or wrong views expressed on the page please click on the bottom advertisement but it would be better to provide explicit feedback Note about disappearing sites: after dot-com fallout, many interesting Web sites are gone. That means that some links in the page can be broken. Please try to use Google, Open directory, etc. to find a replacement link (see HOWTO search the WEB for details).  If you are successful please mail us a correct link. window">   Web www.softpanorama.org Open directory Research Index This is a Spartan WHYFF (We Help You For Free) site. It cannot replace the best teachers and the best books.  Note: Spelling is far from perfect, readers with allergy to spelling and grammar errors beware !

Old News ;-)

BigAdmin - Submitted Tech Tip System Log Rotation Utilizing logadm (for Solaris
9, Solaris 10) by Kristopher March

Today, most system administrators are looking for ways to maximize
their time at work and are always finding new and efficient ways of
carrying out their daily tasks: The built-in Solaris tool,
logadm, is one way to do so. New in the
Solaris 9 Operating System, logadm is found
in /usr/sbin.

Monitoring logs of all types found on a Solaris OS-based machine is a
role most system administrators assume on a daily basis. The most
typical system log of interest would be /var/adm/messages.
On a busy system, this log file tends to grow rather quickly, thus
making log examination a burdensome task. Numerous other log files could
exist on a Sun server running the Solaris OS, all depending on the
configuration. Other applications send information to a log file.
Whether it is informational or critical, the text notices contained
within these log files often provide pertinent data that should be
viewed frequently.

Other log files to note:

• /var/adm/syslog -- Logs common system
  events
  


• /var/adm/messages -- Miscellaneous
  log file for most events on a system
  



• /var/cron/log -- Logs all jobs run in
  crontab


• /var/lp/logs/lpsched -- Logs
  information related to the print services
  


• /var/adm/pacct -- Used for process
  accounting
  

In this Tech Tip, we will discuss the appropriate steps needed to set
up and utilize logadm. In the default
configuration, the /var/adm/messages file is
already configured to be rotated. Therefore, we will use the
sshdlog as our example. For most
environments, running SSH is a critical component to secure machines.
With the combination of Secure FTP and many users logging in, there is
the potential for this file to grow rather quickly over a 24-hour
period. Also, the policies of some computer centers require these files
to be archived for a certain amount of time.

Configuration

logadm is an ideal tool to be run from
cron. logadm uses a configuration file found
in the /etc directory. It is called
logadm.conf, and there are a couple of ways
to customize this file to best suit your needs.

In this example, we will edit the file directly using the VI editor.
Following the completion of any modification to the /etc/logadm.conf file, we run the
logadm -V
file to check for any errors and to validate the file before going
further in our process.

Follow these steps to get started.

*must be completed as uid: root

1. Verify you are running the correct version of the Solaris OS. It
should be version 9.

% /usr/bin/uname -r      # this will show the version number 5.9

2. Determine which files need to be rotated on a daily basis. Again,
we use the sshdlog found under
/var/adm/ in this example. Most other files
will work.

3. Make a copy of the logadm in case you
need to revert back to the default file.

% cp /etc/logadm.conf  /etc/logadm.conf.orig

4. Edit the file using VI.

% vi /etc/logadm.conf            	

5. The syntax for log rotating is as follows:

logname  <space> options

Here we use a very simple configuration to rotate these files. Insert
the following line:

/var/adm/sshdlog -C 8 -P 'Sat Dec  6 08:10:00 2003' -a 'kill -HUP `cat \

	/var/run/sshd2_22.pid`'

As you can see from the line above, we specified
/var/adm/sshdlog as our log to rotate.

The options I choose to use are explained here:

-C -- This option specifies the maximum
number of log files to keep. If exceeded, the oldest file will be
deleted to keep the number at 8. If you need to keep these files longer,
change the number to a larger value.

-P -- This option is used to specify a
timestamp for the log?s last rotation.

-a -- This option is used to specify a
post command that is run once after all logs have been rotated. Although
not entirely necessary, I send a kill signal to the SSH parent PID to
reread any configuration files and send a message to the
sshdlog.

6. Once finished editing your file, save it and validate the
sshdloglogadm.conf as specified above.

Many other useful options can be used with the
logadm tool. The best reference available is the man pages on
this subject, which are available in the standard man files location:
/usr/bin/man logadm.

Setting Up logadm to Run from cron

Now that you have your logadm
configuration file updated and validated, it's time to set up cron to
automatically run logadm so that your log
file will be rotated.

As root, open the crontab file and start a new line. Note: I chose to
run logadm every night at 11:58 pm.

/usr/bin/crontab -e    - Insert the following line. 

58 23 * * * /usr/sbin/logadm 	

Specified in cron without any options, logadm
will use the default configuration file found in /etc/.

Congratulations! You have successfully set up log rotating and are on
your way to adding other log files that you see fit. Any logs now
specified will automatically rotate without any user intervention.

Blog O’ Matty » Compressing
Solaris logfiles

mail-archives.apache.org/mod_mbox/httpd-users/200305.mbox/%3COFCE658C9F.94C103D4-ON85256D2B.006D9A13-85256D2B.006F3113@wkamerica.notes.chrysler.com%3E">
[users@httpd] Piped Log Rotation

From: na11@daimlerchrysler.com

Subject: [users@httpd] Piped Log Rotation
Date: Mon, 19 May 2003 20:14:27 GMT

mail-archives.apache.org/mod_mbox/httpd-users/200305.mbox/prev?%3cOFCE658C9F.94C103D4-ON85256D2B.006D9A13-85256D2B.006F3113@wkamerica.notes.chrysler.com%3e">
Prev
mail-archives.apache.org/mod_mbox/httpd-users/200305.mbox/next?%3cOFCE658C9F.94C103D4-ON85256D2B.006D9A13-85256D2B.006F3113@wkamerica.notes.chrysler.com%3e">

Next
mail-archives.apache.org/mod_mbox/httpd-users/200305.mbox/prev-thread?%3cOFCE658C9F.94C103D4-ON85256D2B.006D9A13-85256D2B.006F3113@wkamerica.notes.chrysler.com%3e">
Prev by Thread
mail-archives.apache.org/mod_mbox/httpd-users/200305.mbox/next-thread?%3cOFCE658C9F.94C103D4-ON85256D2B.006D9A13-85256D2B.006F3113@wkamerica.notes.chrysler.com%3e">
Next by Thread

---

I've written a simple PERL program that I'm using to pipe the CustomLog=

s

that will split our logs into 24hour chunks:



CustomLog "| /usr/local/apache/bin/siphon.pl --file /tmp/access --time

12:00AM" common



=A0It functions very similar to the rotatelogs program that comes with =

Apache

but writes to our standard files names that we use for logs here

(access.15May-12AM). Couple of questions about the piped CustomLog. One=

, is

there anyway to have it pipe to my PERL script without spawning and

intermediate shell? Here's what the process table looks like right now,=

 it

spawns an sh process to run the perl process:



# ps -fj -g 25982

=A0 =A0 =A0UID =A0 PID =A0PPID =A0PGID =A0 SID =A0C =A0 =A0STIME TTY =A0=

 =A0 =A0TIME CMD

=A0 nobody 25985 25982 25982 25982 =A00 16:02:10 ? =A0 =A0 =A0 =A00:00

/usr/local/apache/bin/httpd

=A0 =A0 root 25983 25982 25982 25982 =A00 16:02:10 ? =A0 =A0 =A0 =A00:0=

0 /bin/sh

-c =A0/usr/local/apache/bin/siphon.pl --file /tmp/norm --time 11:41

=A0 nobody 25988 25982 25982 25982 =A00 16:02:10 ? =A0 =A0 =A0 =A00:00

/usr/local/apache/bin/httpd

=A0 =A0 root 25984 25983 25982 25982 =A01 16:02:10 ? =A0 =A0 =A0 =A00:0=

0 /usr/bin/perl

/usr/local/apache/bin/siphon.pl --file /tmp/norm --time 11:41

=A0 nobody 25987 25982 25982 25982 =A00 16:02:10 ? =A0 =A0 =A0 =A00:00

/usr/local/apache/bin/httpd

=A0 nobody 25989 25982 25982 25982 =A00 16:02:11 ? =A0 =A0 =A0 =A00:00

/usr/local/apache/bin/httpd

=A0 nobody 25986 25982 25982 25982 =A00 16:02:10 ? =A0 =A0 =A0 =A00:00

/usr/local/apache/bin/httpd

=A0 =A0 root 25982 =A0 =A0 1 25982 25982 =A00 16:02:10 ? =A0 =A0 =A0 =A0=

0:00

/usr/local/apache/bin/httpd







Second question is this. If the web admin botches the args for this PER=

L

program, I'd like to kill the HTTPD process so that they know right awa=

y

that there's a problem (rather then just sending a message to STDERR wh=

ich

is going to go unnoticed into the error log unless they check right awa=

y).

Since there is an intermediate shell process in between my program and =

the

parent httpd process, I can't simply kill my parent to kill the web ser=

ver.

Is it safe instead to get the Process Group ID and send a kill to it?

(getpgrp()) This is written specifically for UNIX environments (solaris=

 and

aix), not Wintel.



Thanks for the help.



-Norm Ackroyd=

Re Solaris log files