Quick logrotate question for the group. To comply with a PHB mandate, I need to keep our apache logs for a minimum of 2 years, and will be periodically required to hand over chunks of the logs from specific dates/times. While extending the timeframe of logrotate is easy, I've found that there's no elegant solution in the RH/CentOS logrotate for appending dates to the filename. I'm curious to know what others with similar requirements are doing for this. I'd like to stay within the default system framework (no 3rd party apps as they have to be "approved"), so mostly I'm looking for suggestions for a more elegant postrotate script.
Thanks
On Tue, 2006-01-03 at 14:43, Jim Perrin wrote:
Quick logrotate question for the group. To comply with a PHB mandate, I need to keep our apache logs for a minimum of 2 years, and will be periodically required to hand over chunks of the logs from specific dates/times. While extending the timeframe of logrotate is easy, I've found that there's no elegant solution in the RH/CentOS logrotate for appending dates to the filename. I'm curious to know what others with similar requirements are doing for this. I'd like to stay within the default system framework (no 3rd party apps as they have to be "approved"), so mostly I'm looking for suggestions for a more elegant postrotate script.
One approach is to use the /usr/sbin/rotatelogs program that is supplied as part of apache. You specify the logfile(s) as pipes to rotatelogs in the httpd.conf file with parameters to specify the base filename and interval to create new ones. The files are created with the timestamp as part of the filename - as opposed to renaming them when rotating so it works well if you copy with rsync but other handling might need changes.
Jim Perrin jperrin@gmail.com wrote:
Quick logrotate question for the group. To comply with a PHB mandate, I need to keep our apache logs for a minimum of 2 years, and will be periodically required to hand over chunks of the logs from specific dates/times. While
extending
the timeframe of logrotate is easy, I've found that there's no elegant solution in the RH/CentOS logrotate for
appending
dates to the filename. I'm curious to know what others
with
similar requirements are doing for this. I'd like to stay within the default system framework (no 3rd party apps as they have to be "approved"), so mostly I'm looking for suggestions for a more elegant postrotate script.
I rotate logs daily using logrotate, gzip'd them and push them to an independent collection system. After 30 days, I delete the local copies for local storage consideration.
That independent system puts them to two (2) DVD-R weekly. I also do any daily, weekly, monthly, day of week, day of month, etc... log analysis on the independent system.
I use `date +%Y%m%d_%H%M%S` to add a date/timestamp to the files. You can do this directly in logrotate, or you can use an independent program to do such.
It's very easy to setup such log rotation scripts. My centralized log collection system is typically also my main backup server too.