NAME
newsyslog,
newsyslog.conf —
rotate log files
SYNOPSIS
newsyslog |
[-Fmnrv] [-a
directory] [-f
config_file] [log ...] |
DESCRIPTION
The newsyslog utility rotates log files
when they exceed a configurable size or age. The log
file is renamed to log.0 and an empty file is
created in its place. An archive of older logs may be kept: in order of
increasing age, these files are named log.1,
log.2, and so on. When their number exceeds a given
limit, the oldest is removed. The archived logs may also be compressed.
The options are as follows:
-adirectory- Specify a directory into which archived log files
will be written. If directory is a relative path, it
is appended to the parent directory of each log and the archived log is
stored in the result. If an absolute path is given, all archived logs are
stored in the given directory. If
directory does not exist for a specified log, it is
ignored for that entry and the log is rotated as if the
-aoption was not specified. -F- Force
newsyslogto trim logs regardless of the size and/or age requirements specified in /etc/newsyslog.conf. This option may be combined with the-nor-vflags to aid in debugging problems with /etc/newsyslog.conf. -fconfig_file- Use config_file instead of /etc/newsyslog.conf for the configuration file.
-m- Monitoring mode; only entries marked with an ‘M’ in flags
are processed. For each log file being monitored, any log output since the
last time
newsyslogwas run with the-mflag is mailed to the user listed in the monitor notification section. -n- Do not trim the logs, but instead print out what would be done if this option were not specified.
-r- Removes the restriction that
newsyslogmust be running as root. Note that in this modenewsyslogwill not be able to send aSIGHUPsignal to syslogd(8). -v- Place
newsyslogin verbose mode. In this mode it will print out each log and its reasons for either trimming that log or skipping it.
In the default system configuration,
newsyslog is run by
cron(8), but it may also be run manually. If one or more
log files are specified on the command line, only the
specified files are rotated. Note that each log
specified must have an entry in
/etc/newsyslog.conf.
A log can be archived because of two reasons: The log file can
have grown bigger than a preset size in kilobytes, or a preset number of
hours may have elapsed since the last log archive. The granularity of
newsyslog is dependent on how often it is scheduled
to run in cron(8). Since the program is quite fast, it may be scheduled to run
every hour without any ill effects.
When starting up, newsyslog reads in a
configuration file to determine which logs should be looked at. By default,
this configuration file is /etc/newsyslog.conf. Each
line of the file contains information about a particular log file that
should be handled by newsyslog. Each line has five
mandatory fields and up to three optional fields, with whitespace separating
each field. Blank lines or lines beginning with a hash mark
(‘#’) are ignored. The fields of the
configuration file are as follows:
- logfile_name
- The full pathname of the system log file to be archived.
- owner:group
- This optional field specifies the owner and group for the archive file.
The ‘
:’ is essential, even if the owner or group field is left blank. The fields may be numeric, or a name which is looked up in the system password and group databases. For backwards compatibility, a ‘.’ may be used instead of a ‘:’. If either owner or group is not specified, the owner and/or group of the existing log file is used. - mode
- File mode (in octal) to use for created log files and archives.
- count
- The number of archives to be kept besides the log file itself.
- size
- When the size of the log file (in kilobytes) reaches this point, the log
file is trimmed as described above. If this field is replaced by an
‘
*’, or set to ‘0’, then the size of the log file is not taken into account when determining when to trim the log file. By default, files smaller than 256 bytes are not rotated unless the ‘B’ (binary) flag is set or the-Foption is specified. This preventsnewsyslogfrom rotating files consisting solely of a message indicating that the log file has been turned over. - when
- The when field can consist of an interval, a
specific time, or both. If the when field consists
of an asterisk (‘
*’), log rotation will depend only on the contents of the size field. Otherwise, the when field consists of an optional interval in hours, possibly followed by an ‘@’-sign and a time in a restricted ISO 8601 format or by a ‘$’-sign and a time specification for logfile rotation at a fixed time once per day, per week or per month.If a time is specified, the log file will only be trimmed if
newsyslogis run within one hour of the specified time. If an interval is specified, the log file will be trimmed if that many hours have passed since the last rotation. When both a time and an interval are specified, both conditions must be satisfied for the rotation to take place.There is no provision for the specification of a time zone. There is little point in specifying an explicit minutes or seconds component in the current implementation, since the only comparison is ‘within the hour’.
ISO 8601 restricted time format: The lead-in character for a restricted ISO 8601 time is an ‘
@’-sign. The particular format of the time in restricted ISO 8601 is: [[[[[cc]yy]mm]dd][T[HH[MM[SS]]]]]. Optional date fields default to the appropriate component of the current date; optional time fields default to midnight. For example, if today is January 22, 1999, the following date specifications are all equivalent:- ‘
19990122T000000’ - ‘
990122T000000’ - ‘
0122T000000’ - ‘
22T000000’ - ‘
T000000’ - ‘
T0000’ - ‘
T00’ - ‘
22T’ - ‘
T’ - ‘
’
Day, week and month time format: The lead-in character for day, week and month specification is a dollar sign ($). The particular format of day, week and month specification is: [
DHH], [Ww[DHH]], and [Mdd[DHH]], respectively. Optional time fields default to midnight. The ranges for day and hour specifications are:$D0- rotate every night at midnight (same as
@T00) $D23- rotate every day at 23:00 hr (same as
@T23) $W0D23- rotate every week on Sunday at 23:00 hr
$W5D16- rotate every week on Friday at 16:00 hr
$M1D0- rotate on the first day of every month at midnight (i.e., the start of
the day; same as
@01T00) $M5D6- rotate on every 5th day of the month at 6:00 hr (same as
@05T06)
- ‘
- flags
- The optional flags field specifies if the archives
should have any special processing done to the archived log files. The
‘Z’ flag will make the archive files compressed to save
space using gzip(1) or
compress(1), depending on compilation options. The
‘B’ flag means that the file is a binary file, and so the
ASCII message which
newsysloginserts to indicate the fact that the logs have been turned over should not be included. The ‘M’ flag marks this entry as a monitored log file. The ‘F’ flag specifies that symbolic links should be followed. - monitor
- Specify the username (or email address) that should receive notification messages if this is a monitored log file. Notification messages are sent as email; the operator deserves what they get if they mark the mail log file as monitored. This field is only valid when the ‘M’ flag is set.
- pid_file
- This optional field specifies a file containing the PID of a process to
send a signal (usually
SIGHUP) to instead of /var/run/syslog.pid. - signal
- Specify the signal to send to the process instead of
SIGHUP. Signal names must start with “SIG” and be the signal name, not the number, e.g.,SIGUSR1. - command
- This optional field specifies a command to run instead of sending a signal
to the process. The command must be enclosed in double quotes
(‘
"’). The empty string, ‘""’, can be used to preventnewsyslogfrom sending a signal or running a command. You cannot specify both a command and a PID file. NOTE: If you specify a command to be run,newsyslogwill not send aSIGHUP tosyslogd(8).
FILES
- /etc/newsyslog.conf
- default configuration file
EXIT STATUS
The newsyslog utility exits 0 on
success, and >0 if an error occurs.
SEE ALSO
AUTHORS
Theodore Ts'o, MIT Project Athena
Copyright 1987, Massachusetts Institute of Technology