Article Directory
Preface
-
If a log is only recorded in one file, what will be the consequences? ?
For example, our apache service is also a web service. If you open a website and the page is refreshed, a log of apache will be recorded on the background server. Some more complex operations will record several logs. If the amount of visits is large, the amount of logs that will be recorded is very large, and this log will fill up your hard disk if it is not processed. Can a few G plain text documents be able to read the data correctly? For example, reading a novel in Windows is only a few dozen megabytes, and it will be very slow to open. Linux is better than Windows. -
In order to solve the aforementioned problems, the log needs to be processed, and two functions are provided. Rotation includes these two functions.
(1) Cut: Divide the large log into small logs according to fixed rules, generally by day, write one log on the first day, write another log on the second day, and so on. The amount is not large. When processing, This day can be found soon, and that day can be found immediately, without the need for other logs to interfere.
(2) Delete rotation: For example , delete logs older than 30 days. Free up space for new logs. -
The configuration file that comes with apache supports log cutting, but does not support log rotation. Only one method is still not convenient. If you master the log rotation tool that comes with Linux (the one that comes with these two methods), there is no need to use the log cutting function that comes with services such as apache and mail, because they are not perfect.
1. Naming rules for log files
- If there is a "dateext" parameter in the configuration file, the log will use the date as the suffix of the qualification file, such as "secure-20200815". In this case, the log file names will not overlap, so there is no need to rename the log files, just save the specified number of logs and delete the redundant log files.
- If there is no "dateext" parameter in the log file, the log file needs to be renamed. When the log rotation is performed for the first time, the current "secure" log will be automatically renamed "secure.1", and then a new "secure" log will be created to save the new log. When the log rotation is performed for the second time, "secure.1" will automatically be renamed to "secure.2", the current "secure" log will be automatically renamed to "secure.1", and then a new "secure" log will be created. Used to save new logs, and so on.
2. logrotate configuration file
location:/etc/logrotate.conf
- (1) Open this configuration file and take a look:
vim /etc/logrotate.conf
Tips: The ones outside the braces are the global configuration, as long as there is no overlap between the content inside the braces and the outside, the outside ones will take effect. It says that weekly takes effect every week, and it says monthly in braces, so monthly has a higher priority than weekly. Then weekly does not take effect. One is global configuration and the other is local configuration. Similar to global variables and local variables in c and java.
| parameter | Parameter Description |
|---|---|
| daily | The log rotation cycle is every day |
| weekly | The log rotation cycle is weekly |
| monthly | The log rotation cycle is monthly |
| rotate number | The number of log files kept. 0 means no backup |
| compress | When the log is rotated, the old log is compressed |
| creat mode owner group | Create a new log, and specify the permissions, owner, and group of the new log. For example, creat 0600 root utmp, if there is only creat, then the system will set file permissions according to the default rules. |
| mail address | When the log is rotated, the output content is sent to the specified email address by email. Such as [email protected] |
| missingok | If the log does not exist, ignore the warning message of the log |
| motifempty | If the log is an empty file, no log rotation will be performed |
| minsize size | The minimum log rotation value. That is, the log must reach this minimum value before it can be rotated, otherwise, even if the time is reached, it will not be rotated. |
| size | Log rotation will only be performed when the log is larger than the specified size, rather than by time. Such as size 100k |
| dateext | Use the date as the suffix of the log rotation file. Such as secure-20200815 |
3. Add the source package apache log to rotation
Reason: Because the two logs in the apached installed by the source package are not rotated, it will bring serious consequences, and the consequences will be very serious, because apache has the largest amount of logs, because it is the largest amount of webpage visits . So you need to add rotation manually.
As long as it is a service installed by the rpm package, it already supports rotation by default. No modification is required. Source code package installed apache, its log in / usr / local /, the log can not be absolutely identified by default. The path searched by logrotate by default is the directory of /var/log , so in general, only the log of the source package needs to be manually turned into rotation, and all other rpm packages installed are all rotated by default.These are only required for source package installation.
Start configuration:
Command: vi /etc/logrotate.conf
Add the following content to the configuration file /etc/logrotate.conf
/usr/local/apache2/logs/access_log{
daily #每天备份
create #备份时创建新的
rotate 30 #保留30天
}
The reason why this log is automatically rotated is that it is added to the timing tasks of the system. The user timing tasks that were learned manually in the timing tasks were previously learned , but there is also a type of timing tasks called system timing tasks . In the system timing task, this log written in all configuration files is added in it. The log rotation time is determined by the timing task. It is usually between 4 am and 6 am and the specific event is still uncertain. The solution is to force a rotation before the time is up.
4. logrotate command
The log rotation time is determined by the timing task. It is usually between 4 am and 6 am and the specific event is still uncertain. At this time, you can use logrotatecommands to force rotation.
Command: logrotate [选项] 配置文件名
Options:
-v Display the log rotation process. With the -v option, the log rotation process will be displayed.
-f Force log rotation. Regardless of whether the log rotation conditions are met, all logs in the configuration file are forced to rotate.
If this command has no option, the log rotation process will be performed according to the conditions in the configuration file.
For example: logrotate -v /etc/logrotate.conf show the log rotation process
Tips: If you don't need a command and want to see the result, you can use the date -s 20200815command to change the time.
5. Summary
(1) The logs of rpm package installation do not need to be manually rotated. All that needs to be done is the source package installation. Generally, all source package installation services need to be rotated. The emphasis is on apache because of the generated logs. The amount is very large.
(2) Rotate the source code package: open its configuration file and write the corresponding braces in your log. You can use the logratate –v /etc/logrotate.confcommand to check if it is added