HostOnNet Blog

FreeBSD Log File Rotation with NewSysLog

FreeBSD uses NewSysLog to rotate log files.

NewSysLog is installed and running by default on FreeBSD servers, so what you need to do is add your log files (Eg: Apache log files) to /etc/newsyslog.conf

To rotate Apache log, i have added following files to end of /etc/newsyslog.conf

/home/backup/httpd-access.log 644 4 * @T00 B /var/run/httpd.pid 30
/home/backup/httpd-error.log 644 4 * @T00 B /var/run/httpd.pid 30

/home/backup/ is the location of apache log files in my server. By default, it will be in /var/log folder.

644 – mode- this is the permission (chmod) of the log files

4 – count- newsyslog will keep 4 previous copies of the log files

* – size – Don’t rotate log file on size of of log.

@T00 – when – rotate log file everyday at 0 Hours.

$D0 rotate every night at midnight (same as @T00)
$D23 rotate every day at 23:00 (same as @T23)
$W0D23 rotate every week on Sunday at 23:00
$W5D16 rotate every week on Friday at 16:00
$M1D0 rotate at the first day of every month at midnight
(i.e., the start of the day; same as @01T00)
$M5D6 rotate on every 5th day of month at 6:00 (same as
@05T06)

/var/run/httpd.pid – is pid file, is used if newsyslog need to restart service. In this case apache need to be restarted for log rotation.

You can find path to httpd.pid from httpd.conf

# grep PidFile /usr/local/etc/apache/httpd.conf
# PidFile: The file in which the server should record its process
PidFile /var/run/httpd.pid

30 – Is signal number of gracefull restart of apache

server16# cat /etc/newsyslog.conf
# configuration file for newsyslog
# $FreeBSD: src/etc/newsyslog.conf,v 1.49 2004/04/03 17:52:29 mlaier Exp $
#
# Entries which do not specify the ‘/pid_file’ field will cause the
# syslogd process to be signalled when that log file is rotated. This
# action is only appropriate for log files which are written to by the
# syslogd process (ie, files listed in /etc/syslog.conf). If there
# is no process which needs to be signalled when a given log file is
# rotated, then the entry for that file should include the ‘N’ flag.
#
# The ‘flags’ field is one or more of the letters: BCGJNUWZ or a ‘-‘.
#
# Note: some sites will want to select more restrictive protections than the
# defaults. In particular, it may be desirable to switch many of the 644
# entries to 640 or 600. For example, some sites will consider the
# contents of maillog, messages, and lpd-errs to be confidential. In the
# future, these defaults may change to more conservative ones.
#
# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
/var/log/all.log 600 7 * @T00 J
/var/log/amd.log 644 7 100 * J
/var/log/auth.log 600 7 100 * J
/var/log/console.log 600 5 100 * J
/var/log/cron 600 3 100 * J
/var/log/daily.log 640 7 * @T00 JN
/var/log/debug.log 600 7 100 * J
/var/log/kerberos.log 600 7 100 * J
/var/log/lpd-errs 644 7 100 * J
/var/log/maillog 640 7 * @T00 J
/var/log/messages 644 5 100 * J
/var/log/monthly.log 640 12 * $M1D0 JN
/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid
/var/log/ppp.log root:network 640 3 100 * J
/var/log/security 600 10 100 * J
/var/log/sendmail.st 640 10 * 168 B
/var/log/slip.log root:network 640 3 100 * J
/var/log/weekly.log 640 5 1 $W6D0 JN
/var/log/wtmp 644 3 * @01T05 B
/var/log/xferlog 600 7 100 * J
/home/backup/httpd-access.log 644 4 * @T00 B /var/run/httpd.pid 30
/home/backup/httpd-error.log 644 4 * @T00 B /var/run/httpd.pid 30

server16#


Posted in FreeBSD. Bookmark the permalink.