Setting up newsyslog-eyrie (instead of logrotate)

tested on Slackware current (Jan 2021)

Notice

That’s not the one you find on BSDs but it’s pretty nice anyhow.

Build & install

https://github.com/pbraun9/rrr/blob/master/newsyslog

Setup

vi /etc/newsyslog.conf

# Copies are saved on local disk.
set oldlogs = /var/log/OLD/%n

# Save the five most recent copies on local disk.
# /var/log/wtmp and /var/log/btmp are left alone
syslog {
    restart: hup /var/run/syslogd.pid

    log: cron   /var/log/cron       root 0 640
    log: debug  /var/log/debug      root 0 640
    log: mail   /var/log/maillog    root 0 640
    log: messages   /var/log/messages   root 0 640
    log: auth   /var/log/secure     root 0 640
    log: syslog /var/log/syslog     root 0 640
    log: procmail   /var/log/procmail.log   vmail vmail 640

    archive: cron       oldlogs 5
    archive: debug      oldlogs 5
    archive: mail       oldlogs 5
    archive: messages   oldlogs 5
    archive: auth       oldlogs 5
    archive: syslog     oldlogs 5
    archive: procmail       oldlogs 5
}

and in case you want to handle additional daemons e.g. MariaDB

untested - hopefully the GID can be supplied by name also

mysql {
    restart: hup /var/run/...
    log: mysql /var/lib/mysql/mysqld.log mysql mysql 600
    archive: mysql oldlogs 5
}

and here’s for NGINX

nginx {
    restart: hup /var/run/nginx.pid
    log: access     /var/log/nginx/access.log       www www 640
    log: error      /var/log/nginx/error.log        www www 640
    archive: access oldlogs 5
    archive: error  oldlogs 5
}

check

newsyslog -c

First shot acceptance

ls -lhF /var/log/maillog \
    /var/log/messages \
    /var/log/secure \
    /var/log/syslog

mkdir /var/log/OLD/
tail -n0 -F /var/log/*

Notice the syslog daemon gets restarted by our log handler

newsyslog

Compressed log archives appeared

ls -ltrhF /var/log/OLD/

Ready to go

get rid of Logrotate altogether

chmod -x /etc/cron.daily/logrotate
removepkg logrotate
rm -f /etc/logrotate.conf
rm -f /etc/logrotate.d/syslog

keep this folder to track what’s going on while installing logrotate-enabled packages

ls -lF /etc/logrotate.d/

and finally enable the orphaned shit!

crontab -e

# newsyslog-eyrie instead of logrotate
00 0 * * * /usr/local/sbin/newsyslog 2>&1

and in case this is quite an idling server, once a week might be enough (Sunday night instead of Saturday night for once)

# newsyslog-eyrie instead of logrotate
00 0 * * 1 /usr/local/sbin/newsyslog 2>&1

TODO

Resources

Log rotation https://en.wikipedia.org/wiki/Log_rotation

newsyslog https://www.eyrie.org/~eagle/software/newsyslog/

newsyslog manual page https://www.eyrie.org/~eagle/software/newsyslog/docs.html

7.3. Log rotation https://www.cl.cam.ac.uk/~jw35/courses/apache/html/x1670.htm


GUIDES | LECTURES | BENCHMARKS | SMTP HEALTH