日志轮滚实战举例

 

[root@server123 ~]# cd /etc/logrotate.d/
[root@server123 logrotate.d]# vim secure
/usr/local/secure {   
        sharedscripts  开始
        prerotate   轮滚之前做的事
                /usr/bin/chattr -a /usr/local/secure     减掉a属性
        endscript   结束
        missingok  丢失无所谓,继续轮滚
        notifempty  空日志文件,不轮滚
        daily   一天一轮滚
        create   轮滚之后创建空的日志文件
        rotate 4   保留四个旧的日志文件
        compress  压缩日志
        sharedscripts  开始
        postrotate  轮滚之后做的事
                /bin/kill -HUP `cat /var/run/syslogd.pid`   重新读取rsyslogd的进程
                /usr/bin/chattr +a /usr/local/secure       把a属性加上
        endscript   结束
}

[root@server123 logrotate.d]# vim /etc/rsyslog.conf
authpriv.*                                              /var/log/secure
authpriv.*                                              /usr/local/secure
服务重启
[root@server123 logrotate.d]# /etc/init.d/rsyslog restart
[root@server123 logrotate.d]#  ll /usr/local
  secure
[root@server123 local]# chattr +a secure
[root@server123 local]# ll secure
-rw-------. 1 root root 814 Oct 21 15:35 secure
[root@server123 local]# lsattr secure
-----a-------e- secure

手动的轮滚
[root@server123 local]# logrotate -vf /etc/logrotate.d/secure

[root@server123local]# ll secure*
-rw-------. 1 root root 323 Oct 21 16:31 secure
-rw-------. 1 root root 258 Oct 21 16:30 secure.1.gz
[root@server254 local]# ll secure*
-rw-------. 1 root root   0 Oct 21 16:31 secure
-rw-------. 1 root root 188 Oct 21 16:31 secure.1.gz
-rw-------. 1 root root 258 Oct 21 16:30 secure.2.gz