[clug] rotating log files

Robert Edwards bob at cs.anu.edu.au
Fri Mar 23 02:23:14 GMT 2007 

Matthew Oliver wrote:
> One advantage of logrotate is you can rotate at a certain size rather 
> then date, or both.
> You can tell it to rotate when a log gets to a certain size, and then 
> even compress each of the old rotated logs.

This could also be done with time/date stamping, or with a simple
increasing serial number. I still can't see the sense in renaming all
the previous log files.

Cheers,

Bob Edwards.

> 
> The advantage of this is it means you can calculate the maximum size of 
> logs, but you only keep a moving window of time, based upon the amount 
> of logs rather then time.
> I guess that's when backups come in handy.
> 
> I guess another advantage of this is it means if someone decided to 
> attempt to do a possible DOS by filling your /var partition (tho this 
> could take a while with disk sizes they are now) it wouldn't work cause 
> logrotate is only keeping so much. Tho again this could be bad as you'd 
> lose your older logs that could be important.
> 
> Maybe that's why rotating could be beneficial. If named correctly :)
> 
> Anyway, there my 2 cents.
> 
> Matt
> 
> Robert Edwards wrote:
>>
>> Can anyone suggest to me why rotating log files would ever be
>> considered a "Good Idea"?
>>
>> Most distros come with a utility "logrotate" configured to
>> rename a whole bunch of log files each day/week/month (configurable).
>>
>> To me, a much better approach would be to date-stamp each of the
>> log files each day/week/month (configurable) and not to rotate the
>> file names.
>>
>> Does such an alternative exist (before we write our own)? What should
>> I search for?
>>
>> Why do I care? Our backup server makes archive copies of each file
>> that is deleted or modified. In the case of rotating log files, each
>> log file gets archived each day/week/month as its name is changed.
>> We really only need/want one copy of the log file in the archive.
>>
>> Also, determining which log file is relevant for, say, last Tuesday
>> means counting backwards in the case of rotating log files, but in
>> the case of date-stamped log files, is simply a matter of looking in
>> the file with the relevant date stamp (maybe the date stamp for the
>> day after).
>>
>> Just wondering out loud, before sitting down to some coding.
>>
>> Bob Edwards.

More information about the linux mailing list