newsyslog - trim log files to manageable sizes
newsyslog [-Fmnrv] [-a directory] [-f config_file] [log ...]
newsyslog is a program that should be scheduled to run periodically by
cron(8). When it is executed it archives log files if necessary. If a
log file is determined to require archiving, newsyslog rearranges the
files so that logfile is empty, logfile.0 has the last period's logs in
it, logfile.1 has the next to last period's logs in it, and
so on, up to
a user-specified number of archived logs. The archived logs
may be optionally
compressed to save space.
The options are as follows:
-F Force newsyslog to trim logs regardless of the size
and/or age
requirements specified in /etc/newsyslog.conf. This
option may
be combined with the -n or -v flags to aid in debugging problems
with /etc/newsyslog.conf.
-m Monitoring mode; only entries marked with an `M' in
flags are
processed. For each log file being monitored, any
log output
since the last time newsyslog was run with the -m
flag is mailed
to the user listed in the monitor notification section.
-n Do not trim the logs, but instead print out what
would be done if
this option were not specified.
-r Removes the restriction that newsyslog must be running as root.
Note that in this mode newsyslog will not be able to
send a
SIGHUP signal to syslogd(8).
-v Place newsyslog in verbose mode. In this mode it
will print out
each log and its reasons for either trimming that
log or skipping
it.
-a directory
Specify a directory into which archived log files
will be written.
If directory is a relative path, it is appended to the parent
directory of each log and the archived log is
stored in the
result. If an absolute path is given, all archived
logs are
stored in the given directory. If directory does
not exist for a
specified log, it is ignored for that entry and the
log is rotated
as if the -a option was not specified.
-f config_file
Use config_file instead of /etc/newsyslog.conf for
the configuration
file.
If one or more log files are specified on the command line,
only the
specified logs will be rotated. Note that each log specified must have
an entry in /etc/newsyslog.conf.
A log can be archived because of two reasons: The log file
can have grown
bigger than a preset size in kilobytes, or a preset number
of hours may
have elapsed since the last log archive. The granularity of
newsyslog is
dependent on how often it is scheduled to run in cron(8).
Since the program
is quite fast, it may be scheduled to run every hour
without any ill
effects.
When starting up, newsyslog reads in a configuration file to
determine
which logs should be looked at. By default, this configuration file is
/etc/newsyslog.conf. Each line of the file contains information about a
particular log file that should be handled by newsyslog.
Each line has
five mandatory fields and up to three optional fields, with
whitespace
separating each field. Blank lines or lines beginning with
a hash mark
(`#') are ignored. The fields of the configuration file are
as follows:
logfile_name The full pathname of the system log file
to be
archived.
owner:group This optional field specifies the owner
and group for
the archive file. The `:' is essential,
even if the
owner or group field is left blank. The
fields may be
numeric, or a name which is looked up in
the system
password and group databases. For backwards compatibility,
a `.' may be used instead of a
`:'. If either
owner or group is not specified, the owner
and/or group
of the existing log file is used.
mode File mode (in octal) to use for created
log files and
archives.
count The number of archives to be kept besides
the log file
itself.
size When the size of the log file (in kilobytes) reaches
this point, the log file is trimmed as described above.
If this field is replaced by an `*', then
the size of
the log file is not taken into account
when determining
when to trim the log file. By default,
files smaller
than 512 bytes are not rotated unless the
`B' (binary)
flag is set. This prevents newsyslog from
rotating
files consisting solely of a message indicating that
the log file has been turned over.
when The when field can consist of an interval,
a specific
time, or both. If the when field consists
of an asterisk
(`*'), log rotation will depend only
on the contents
of the size field. Otherwise, the
when field
consists of an optional interval in hours,
possibly
followed by an `@'-sign and a time in a
restricted ISO
8601 format or by a `$'-sign and a time
specification
for logfile rotation at a fixed time once
per day, per
week or per month.
If a time is specified, the log file will
only be
trimmed if newsyslog is run within one
hour of the
specified time. If an interval is specified, the log
file will be trimmed if that many hours
have passed
since the last rotation. When both a time
and an interval
are specified, both conditions must
be satisfied
for the rotation to take place.
There is no provision for the specification of a timezone.
There is little point in specifying
an explicit
minutes or seconds component in the current implementation,
since the only comparison is `within
the hour'.
ISO 8601 restricted time format [Toc] [Back]
The lead-in character for a restricted ISO
8601 time is
an `@'-sign. The particular format of the
time in restricted
ISO 8601 is:
[[[[[cc]yy]mm]dd][T[hh[mm[ss]]]]]. Optional date
fields default to the appropriate component of the current
date; optional time fields default to
midnight For
example, if today is January 22, 1999, the
following
date specifications are all equivalent:
`19990122T000000'
`990122T000000'
`0122T000000'
`22T000000'
`T000000'
`T0000'
`T00'
`22T'
`T'
`'
Day, week and month time format
The lead-in character for day, week and
month specification
is a `$'-sign. The particular format of day,
week and month specification is: [Dhh],
[Ww[Dhh]] and
[Mdd[Dhh]], respectively. Optional time
fields default
to midnight. The ranges for day and hour
specifications
are:
hh hours, range 0 ... 23
w day of week, range 0 ... 6,
0 = Sunday
dd day of month, range 1 ...
31, or the letter
L or l to specify the
last day of the
month.
Some examples:
$D0 rotate every night at midnight (same as
@T00)
$D23 rotate every day at 23:00 hr
(same as
@T23)
$W0D23 rotate every week on Sunday
at 23:00 hr
$W5D16 rotate every week on Friday
at 16:00 hr
$M1D0 rotate on the first day of
every month at
midnight (i.e., the start of
the day;
same as @01T00)
$M5D6 rotate on every 5th day of
the month at
6:00 hr (same as @05T06)
flags The optional flags field specifies if the
archives
should have any special processing done to
the archived
log files. The `Z' flag will make the
archive files
compressed to save space using gzip(1) or
compress(1),
depending on compilation options. The `B'
flag means
that the file is a binary file, and so the
ASCII message
which newsyslog inserts to indicate
the fact that
the logs have been turned over should not
be included.
The `M' flag marks this entry as a monitored log file.
The `F' flag specifies that symbolic links
should be
followed.
monitor Specify the username (or email address)
that should receive
notification messages if this is a
monitored log
file. Notification messages are sent as
email; the operator
deserves what they get if they mark
the
sendmail(8) log file as monitored. This
field is only
valid when the `M' flag is set.
pid_file This optional field specifies a file containing the PID
of a process to send a signal (usually
SIGHUP) to instead
of /var/run/syslog.pid.
signal Specify the signal to send to the process
instead of
SIGHUP. Signal names must start with
``SIG'' and be
the signal name, not the number, e.g., SIGUSR1.
command This optional field specifies a command to
run instead
of sending a signal to the process. The
command must
be enclosed in double quotes (`"'). The
empty string,
`""', can use used to prevent newsyslog
from sending a
signal or running a command. You cannot
specify both a
command and a PID file. NOTE: If you
specify a command
to be run, newsyslog will not send a
SIGHUP to
syslogd(8).
/etc/newsyslog.conf default configuration file
compress(1), gzip(1), syslog(3), syslogd(8)
Theodore Ts'o, MIT Project Athena
Copyright 1987, Massachusetts Institute of Technology
OpenBSD 3.6 January 24, 2003
[ Back ] |