On a very busy server, you may fi nd that entries get added to your log fi les really fast. This poses a risk—your server may quickly become fi lled with log messages, leaving little space for regular fi les. There are two solutions to this problem. First, the directory /var/log should be on a dedicated partition or logical volume. In Chapter 1, you read about how to install a server with multiple volumes. If the directory /var/log is on a dedicated partition or logical volume, your server’s fi le system will never be completely fi lled, even if too much information is written to the log fi les.
Another solution that you can use to prevent your server from being completely fi lled by log fi les is using logrotate. By default, the logrotate command runs as a cron job once a day from /etc/cron.daily, and it helps you defi ne a policy where log fi les that grow beyond a certain age or size are rotated.
Rotating a log fi le basically means that the old log fi le is closed and a new log fi le is opened. In most cases, logrotate keeps a certain number of the old logged fi les, often stored as compressed fi les on disk. In the logrotate confi guration, you can defi ne exactly how you want to handle the rotation of log fi les. When the maximum amount of old log fi les is reached, logrotate removes them automatically.
The confi guration of logrotate is spread out between two different locations. The main logrotate fi le is /etc/logrotate.conf. In this fi le, some generic parameters are stored in addition to specifi c parameters that defi ne how particular fi les should be handled.
The logrotate confi guration for specifi c services is stored in the directory /etc/
logrotate.d. These scripts are typically put there when you install the service, but you can modify them as you like. The logrotate fi le for the sssd services provides a good example that you can use if you want to create your own logrotate fi le. Listing 3.7 shows the con-tents of this logrotate fi le.
Listing 3.7: Sample logrotate configuration file
[root@hnl ~]# cat /etc/logrotate.d/sssd
/bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true endscript
}
[root@hnl ~]#
To start, the sample fi le tells logrotate which fi les to rotate. In this example, it applies to all fi les in /var/log/sssd where the name ends in log. The interesting parameters in this fi le are weekly, rotate 2, and compress. The parameter weekly tells logrotate to rotate the fi les once every week. Next rotate 2 tells logrotate to keep the two last versions of the fi le and remove everything that is older. The compress parameter tells logrotate to compress the old fi les so that they take up less disk space. Exercise 3.8 shows how to con-fi gure logging.
You don’t have to decompress a log file that is compressed. Just use the zcat or zless command to view the contents of a compressed file immediately.
E X E R C I S E 3 . 8
Configuring Logging
In this exercise, you’ll learn how to confi gure logging on your server. First you’ll set up rsyslogd to send all messages that relate to authentication to the /var/log/auth fi le.
Next you’ll set up logrotate to rotate this fi le on a daily basis and keep just one old version of the fi le.
1. Open a terminal, and make sure you have root permissions by opening a root shell using su -.
2. Open the /etc/rsyslog.conf fi le in an editor, and scroll down to the RULES section.
Under the line that starts with authpriv, add the following line:
authpriv.* /var/log/auth
3. Close the log fi le, and make sure to save the changes. Now use the command service rsyslog restart to ensure that rsyslog uses the new confi guration.
4. Use the Ctrl+Alt+F4 key sequence to log in as a user. It doesn’t really matter which user account you’re using for this.
5. Switch back to the graphical user interface using Ctrl+Alt+F1. From here, use tail -f /var/log/auth. This should show the contents of the newly created fi le that con-tains authentication messages. Use Ctrl+C to close tail -f.
c03.indd 97
c03.indd 97 1/8/2013 10:43:16 AM1/8/2013 10:43:16 AM
6. Create a fi le with the name /etc/logrotate.d/auth, and make sure it has the following contents:
/var/log/auth daily rotate 1 compress
7. Normally, you would have to wait a day until logrotate is started from /etc/cron .daily. As an alternative, you can run it from the command line using the following command:
/usr/sbin/logrotate /etc/logrotate.conf.
8. Now check the contents of the /var/log directory. You should see the rotated /var/
log/auth fi le.
Summary
In this chapter, you read about some of the most common administrative tasks. You learned how to manage jobs and processes, mount disk devices, set up printers, and handle log fi les. In the next chapter, you’ll learn how to manage software on your Red Hat Enterprise Server.
c03.indd 98
c03.indd 98 1/8/2013 10:43:16 AM1/8/2013 10:43:16 AM