Thanks for the tips. I'll try these out. I do have another general question. I read up about logrotate.d and I understand that the "postrotate" section runs after the logs are rotated. Well, my question is, why would you kill syslogd AFTER the logs have been rotated? Shouldn't you have to kill it first, then rotate the logs? -----Original Message----- From: yehuda [mailto:yehudaat_private] Sent: Thursday, August 29, 2002 12:10 PM To: Allen Crawford Cc: Log Analysis List (E-mail) Subject: RE: [logs] PIX logging to prevent your local4 logs from going to /var/log/messages, add the following to your syslog.conf: local4.none /var/log/messages you can just tack it on the end of the line for /var/log/messages - for example: *.info;mail.none;authpriv.none;local5.none;local4.none /var/log/messages if you want to rename your log file each night, you can call a script from your logrotate.conf ( or for redhat, /etc/logrotate.d/syslog) for example: /var/log/messages { daily postrotate /usr/bin/killall -HUP syslogd; mv /var/log/messages.1 /var/log/messages$(date +%Y%m%d) endscript } here's a quick n dirty script for deleting old log files: ------------- begin script #!/bin/bash oldstuff=$(date +%m|sed 's/^0//') case $oldstuff in 1) oldstuff=10;; 2) oldstuff=11;; 3) oldstuff=12;; *) oldstuff=$[$oldstuff-3];; esac rm /var/log/messages$[$(date +%Y)-1]$oldstuff* rm /var/log/messages$(date +%Y)$oldstuff* ---------- end script I haven't tested this script, so make sure to test it before putting it into production. > -----Original Message----- > From: Allen Crawford [SMTP:AllenCat_private] > Sent: Thursday, August 29, 2002 11:17 AM > To: Log Analysis List (E-mail) > Subject: [logs] PIX logging > > I hope this is the proper forum for this sort of question. Please let me > know if it is not. > > I have read up on the basics of using syslog and logrotate to log and > rotate > my system logs. I have also read the basics of how to make the Cisco PIX > send logging information to my syslog server. When turning this on from > the > PIX, it immediately starts logging to the syslog server (I've already > enabled the remote logging ability for syslog) but it logs everything to > /var/log/messages. I had entered the following line to my > /etc/syslog.conf > file as well. > > local4.* /var/log/pix > > Eventually I found out that things were now being logged twice, once to my > pix file above and once to /var/log/messages. > > My problem/question is that I'd like to have the PIX logs in a separate > file, one that gets rotated daily at midnight. In addition to that, I'd > like > it to append the date as the suffix of the log's filename, such as > pix20020815. I would also prefer that the logs were automatically deleted > after say, 3 months, but that is the least of my worries right now. We > may > just stick with a manual deletion anyway. > > If anyone can give me details on this, or if anyone else has already set > this up for their PIX, I'd greatly appreciate some examples, either online > or offline. > > By the way, I'm running Red Hat 7.3 for this. > _______________________________________________ > LogAnalysis mailing list > LogAnalysisat_private > http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 07:46:38 PDT