Traduisez - Übersetzen - Traduzca - Traduza - Tradurre - Translate

VanLUG Email Archive

Re: aha!

Ted Powell
Sat, 3 Oct 1998 13:07:37 -0700

On Fri, Oct 02, 1998 at 09:43:18PM -0700, Geoff Smith wrote:
> [...]
> found 400/480MB were in /log. My syslog, kern.log, and and debug are all
> over 100MB each! Can I just delete these files, or what should I do???

It sounds as if, for whatever reason, you aren't running logrotate.

On a Red Hat system this normally runs at 4am every night and takes care
of things for you. Several other things happen at this time too, for
example updating the database used by the 'locate' command.

The first thing you should check is whether your machine is actually
running at that hour. If it isn't, and can't be for some compelling
reason like building power cut off, then you will have to change the
computer's schedule so that all the daily tasks are scheduled for a time
when the computer _is_ able to run.

If that checks out OK, then see whether the file
/etc/cron.daily/logrotate exists, and contains something like:
#!/bin/sh
/usr/sbin/logrotate /etc/logrotate.conf
/usr/sbin/logrotate should exist and be an executable file.
/etc/logrotate.conf should look something like:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# send errors to root
errors root

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own lastlog or wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
rotate 1
}

/var/log/lastlog {
monthly
rotate 1
}

# system-specific logs may be configured here

Once you have logrotate functioning properly, /var/log should look
something like this (note that only a small portion is shown, for
brevity, and note that you will only have the full set of old files
after a few weeks):

$ ls -l /var/log/m*
-rw-r--r-- 1 root root 293976 Oct 3 12:40 /var/log/maillog
-rw-r--r-- 1 root root 244736 Sep 27 04:02 /var/log/maillog.1
-rw-r--r-- 1 root root 48727 Sep 20 04:02 /var/log/maillog.2
-rw-r--r-- 1 root root 354485 Sep 17 13:53 /var/log/maillog.3
-rw-r--r-- 1 root root 248983 Sep 6 18:20 /var/log/maillog.4
-rw-r--r-- 1 root root 99265 Oct 3 12:05 /var/log/messages
-rw-r--r-- 1 root root 105961 Sep 27 04:02 /var/log/messages.1
-rw-r--r-- 1 root root 110597 Sep 20 04:02 /var/log/messages.2
-rw-r--r-- 1 root root 111816 Sep 13 04:02 /var/log/messages.3
-rw-r--r-- 1 root root 107876 Sep 6 04:02 /var/log/messages.4

In a while, my maillog.4 will be deleted, and maillog.3 will be renamed
as maillog.4, maillog.2 will be renamed as maillog.3, etc.

It's not a good thing to delete log files that are still in use (with
some programs you can get away with it, with others not), but once
you've had a successful run of logrotate, /var/log/enormous will have
become /var/log/enormous.1 and the corresponding program will now be
writing log entries to a new /var/log/enormous that in fact is now very
small. At that point you can safely delete /var/log/enormous.1

Let us know how you make out.

-- 




  http://psg.com/~ted/  (Ted Powell)
If your hard drive crashes, perhaps you have a recent backup. If Earth
crashes, what then? We need off-site backup: Luna, L5, Mars, wherever.