User Tools
linux:syslog-ng
Differences
This shows you the differences between two versions of the page.
|
linux:syslog-ng [2013-02-12 12:26] kokkez |
linux:syslog-ng [2013-02-12 12:30] (current) kokkez |
||
|---|---|---|---|
| Line 120: | Line 120: | ||
| cat /etc/logrotate.d/syslog-ng | cat /etc/logrotate.d/syslog-ng | ||
| - | LOG ROTATION TROUBLE SHOOTING NOTE: | + | ===== LOG ROTATION TROUBLE SHOOTING NOTE: == |
| - | ``````````````````````````````````` | + | |
| - | Syslog-ng will install its own logrotation script. IF you have | + | Syslog-ng will install its own logrotation script. IF you have previously set up custom settings for any your standard Debian logs, check if syslog-ng has also created a setting for any of these logs here: |
| - | previously set up custom settings for any your standard Debian logs, check | + | cat /etc/logrotate.d/syslog-ng |
| - | if syslog-ng has also created a setting for any of these logs here: | + | |
| - | cat /etc/logrotate.d/syslog-ng | + | For example I had added my own settings for auth.log and then after installing syslog-ng I noticed root had received e-mails stating: |
| - | For example I had added my own settings for auth.log and then after | + | /etc/cron.daily/logrotate: |
| - | installing syslog-ng I noticed root had received e-mails stating: | + | error: /etc/logrotate.conf:41 duplicate log entry for /var/log/auth.log |
| - | /etc/cron.daily/logrotate: | + | run-parts: /etc/cron.daily/logrotate exited with return code 1 |
| - | error: /etc/logrotate.conf:41 duplicate log entry for /var/log/auth.log | + | |
| - | run-parts: /etc/cron.daily/logrotate exited with return code 1 | + | |
| To find the culprit of this error I did: | To find the culprit of this error I did: | ||
| - | grep -r auth.log /etc/* | + | grep -r auth.log /etc/* |
| - | Which then I discoverd syslog-ng had this file listed in its rotation. So | + | Which then I discoverd syslog-ng had this file listed in its rotation. So then I removed my custom settings (on /etc/logrotate.conf) and added them |
| - | then I removed my custom settings (on /etc/logrotate.conf) and added them | + | |
| to syslog-ng rotation settings like this: | to syslog-ng rotation settings like this: | ||
| - | pico /etc/logrotate.d/syslog-ng | + | pico /etc/logrotate.d/syslog-ng |
| Has this: | Has this: | ||
| - | /var/log/auth.log { | + | /var/log/auth.log { |
| - | rotate 4 | + | rotate 4 |
| - | missingok | + | missingok |
| - | notifempty | + | notifempty |
| - | weekly | + | weekly |
| - | compress | + | compress |
| - | } | + | } |
| I changed it to: | I changed it to: | ||
| - | /var/log/auth.log { | + | /var/log/auth.log { |
| - | rotate 3 | + | rotate 3 |
| - | notifempty | + | notifempty |
| - | daily | + | daily |
| - | delaycompress | + | delaycompress |
| - | compress | + | compress |
| - | create 640 root adm | + | create 640 root adm |
| - | mailfirst | + | mailfirst |
| - | mail my_email@gmail.com | + | mail my_email@gmail.com |
| - | } | + | } |
| Then you'll need to restart syslog-ng: | Then you'll need to restart syslog-ng: | ||
| - | /etc/init.d/syslog-ng restart | + | /etc/init.d/syslog-ng restart |
| If you want to test logrotation without actually rotating: | If you want to test logrotation without actually rotating: | ||
| - | logrotate --debug --force /etc/logrotate.d/syslog-ng | + | logrotate --debug --force /etc/logrotate.d/syslog-ng |
| You might see an error stating no such file: | You might see an error stating no such file: | ||
| - | [snip] | + | [snip] |
| - | error: failed to open /var/log/auth.log.1.gz for mailing: No such file or | + | error: failed to open /var/log/auth.log.1.gz for mailing: No such file or |
| - | directory | + | directory |
| - | [snip] | + | [snip] |
| Then to rotate manually: | Then to rotate manually: | ||
| - | logrotate --force -v /etc/logrotate.d/syslog-ng | + | logrotate --force -v /etc/logrotate.d/syslog-ng |
| - | Which might also produce an error IF auth.log has grown larger then your | + | |
| - | e-mail client is set up to send- that is IF you have it set up to be | + | |
| - | e-mailed out: | + | |
| - | [snip] | + | |
| - | Can't send mail: sendmail process failed with error code 1 | + | |
| - | [snip] | + | |
| - | So then I just ran the manual rotation one more time to make sure all | + | Which might also produce an error IF auth.log has grown larger then your e-mail client is set up to send- that is IF you have it set up to be e-mailed out: |
| - | worked now that size was down (rotation made a new file): | + | [snip] |
| - | logrotate --force -v /etc/logrotate.d/syslog-ng | + | Can't send mail: sendmail process failed with error code 1 |
| - | Received my e-mail again noticed that with the different settings it had, | + | [snip] |
| - | it left 2 stragglers from 10 days previous (when the error started): | + | |
| - | ls -al /var/log | + | So then I just ran the manual rotation one more time to make sure all worked now that size was down (rotation made a new file): |
| - | 1 root adm 5305 2010-07-28 11:00 auth.log | + | logrotate --force -v /etc/logrotate.d/syslog-ng |
| - | 1 root adm 36891 2010-07-18 06:47 auth.log.0 | + | |
| - | 1 root adm 4561 2010-07-28 10:59 auth.log.1 | + | Received my e-mail again noticed that with the different settings it had, it left 2 stragglers from 10 days previous (when the error started): |
| - | 1 root adm 1292972 2010-07-18 06:25 auth.log.2 | + | ls -al /var/log |
| - | 1 root adm 3775 2010-07-28 10:57 auth.log.2.gz | + | 1 root adm 5305 2010-07-28 11:00 auth.log |
| - | 1 root adm 508 2010-07-28 10:24 auth.log.3.gz | + | 1 root adm 36891 2010-07-18 06:47 auth.log.0 |
| + | 1 root adm 4561 2010-07-28 10:59 auth.log.1 | ||
| + | 1 root adm 1292972 2010-07-18 06:25 auth.log.2 | ||
| + | 1 root adm 3775 2010-07-28 10:57 auth.log.2.gz | ||
| + | 1 root adm 508 2010-07-28 10:24 auth.log.3.gz | ||
| Or you might have received the error: | Or you might have received the error: | ||
| - | old log /var/log/auth.log.0.gz does not exist | + | old log /var/log/auth.log.0.gz does not exist |
| So then I did: | So then I did: | ||
| - | gzip /var/log/auth.log.0 | + | gzip /var/log/auth.log.0 |
| - | gzip /var/log/auth.log.2 | + | gzip /var/log/auth.log.2 |
| - | y | + | y |
| + | |||
| + | logrotate --force -v /etc/logrotate.d/syslog-ng | ||
| - | logrotate --force -v /etc/logrotate.d/syslog-ng | ||
| And all is fine now: | And all is fine now: | ||
| - | ls -al /var/log/auth.* | + | ls -al /var/log/auth.* |
| - | Then download auth.log.2.gz if you need it for your records before it is | + | |
| - | rotated out. | + | Then download auth.log.2.gz if you need it for your records before it is rotated out. |
linux/syslog-ng.1360668418.txt.gz · Last modified: 2013-02-12 12:26 by kokkez
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
