日志轮滚实战举例
[root@server123 ~]# cd /etc/logrotate.d/
[root@server123 logrotate.d]# vim secure
/usr/local/secure {
sharedscripts 开始
prerotate 轮滚之前做的事
/usr/bin/chattr -a /usr/local/secure 减掉a属性
endscript 结束
missingok 丢失无所谓,继续轮滚
notifempty 空日志文件,不轮滚
daily 一天一轮滚
create 轮滚之后创建空的日志文件
rotate 4 保留四个旧的日志文件
compress 压缩日志
sharedscripts 开始
postrotate 轮滚之后做的事
/bin/kill -HUP `cat /var/run/syslogd.pid` 重新读取rsyslogd的进程
/usr/bin/chattr +a /usr/local/secure 把a属性加上
endscript 结束
}
[root@server123 logrotate.d]# vim /etc/rsyslog.conf
authpriv.* /var/log/secure
authpriv.* /usr/local/secure
服务重启
[root@server123 logrotate.d]# /etc/init.d/rsyslog restart
[root@server123 logrotate.d]# ll /usr/local
secure
[root@server123 local]# chattr +a secure
[root@server123 local]# ll secure
-rw-------. 1 root root 814 Oct 21 15:35 secure
[root@server123 local]# lsattr secure
-----a-------e- secure
手动的轮滚
[root@server123 local]# logrotate -vf /etc/logrotate.d/secure
[root@server123local]# ll secure*
-rw-------. 1 root root 323 Oct 21 16:31 secure
-rw-------. 1 root root 258 Oct 21 16:30 secure.1.gz
[root@server254 local]# ll secure*
-rw-------. 1 root root 0 Oct 21 16:31 secure
-rw-------. 1 root root 188 Oct 21 16:31 secure.1.gz
-rw-------. 1 root root 258 Oct 21 16:30 secure.2.gz