I spent some time yesterday cleaning up logfiles and configuring logrotate and journald and figured I'd write a howto on managing logfiles,
Two things we'll get to play with here - logrotate and journald.conf. Note that both logrotate and journald.conf have man pages available in case you get stuck. Let's get to it![:)]( "Smile")
logrotate
logrotate looks for its configuration in /etc/logrotate.conf and /etc/logrotate.conf.d and the format is pretty simple. Below is an unmolested copy of logrotate.conf - check it out -Pretty much self-explanatory, right? Now let's look at mine -I've made a couple of changes - I don't need four weeks worth of logs so I've cut that back to two weeks by changing the default "rotate 4" to "rotate 2". I've also told logrotate to create an empty logfile for any log it archives and to add a date to the archive's filename. I don't compress logs but you might want to take advantage of that option.
You can see the last line in the file says "include /etc/logrotate.d" and if you take a look in that directory you'll see configurations for a few other logs - check it out - this is /etc/lograte.d/aptNow apt by default rotates logs monthly and keeps a year's worth of logs so as you can see I've made a couple of changes so apt only maintains two weeks of logs. As mentioned logrotate's man page has a lot more information and is worth a look because there's a heck of a lot more stuff you can do with logrotate like run scripts, move archives to another directory and so on. You can create files in /etc/logrotate.d if you want to customize other logfiles.
journald.conf
journald maintains binary logs that can be accessed with journalctl. /etc/systemd/journald.conf is a little more complex than logrotate configs so I've linked to https://www.freedesktop.org/software/sy ... .conf.html so folks can get a better understanding of what goes on under the hood. Check this out -If you look closely you'll see the only change I made was restricting the journal to 1GB. By default SystemMaxUse limits the journal to 10% of the filesystem or 4GB, whichever is smaller. I don't need 4GB of journal so I restrict journald to 1GB but I don't restrict it during runtime. If someone is concerned about a runaway log filling up a root partition you could also adjust RuntimeMaxUse to help protect your system.
The changes I made above reduced the size of my logs from a little more than 3GB to 1.2GB. As mentioned logrotate and journald.conf are well-documented but I would recommend backing up the default files before hacking away at them.
Enjoy!
Two things we'll get to play with here - logrotate and journald.conf. Note that both logrotate and journald.conf have man pages available in case you get stuck. Let's get to it
logrotate
logrotate looks for its configuration in /etc/logrotate.conf and /etc/logrotate.conf.d and the format is pretty simple. Below is an unmolested copy of logrotate.conf - check it out -
Code:
# see "man logrotate" for details.# global options do not affect preceding include directives# rotate log files weekly#weekly# keep 4 weeks worth of backlogs#rotate 4# create new (empty) log files after rotating old ones#create# use date as a suffix of the rotated file#dateext# uncomment this if you want your log files compressed#compress# packages drop log rotation information into this directoryinclude /etc/logrotate.d# system-specific logs may also be configured here.Code:
# see "man logrotate" for details# global options do not affect preceding include directives# rotate log files weeklyweekly# keep 4 weeks worth of backlogsrotate 2# create new (empty) log files after rotating old onescreate# use date as a suffix of the rotated filedateext# uncomment this if you want your log files compressed#compress# packages drop log rotation information into this directoryinclude /etc/logrotate.dYou can see the last line in the file says "include /etc/logrotate.d" and if you take a look in that directory you'll see configurations for a few other logs - check it out - this is /etc/lograte.d/apt
Code:
/var/log/apt/term.log { rotate 2 weekly compress missingok notifempty}/var/log/apt/history.log { rotate 2 weekly compress missingok notifempty}journald.conf
journald maintains binary logs that can be accessed with journalctl. /etc/systemd/journald.conf is a little more complex than logrotate configs so I've linked to https://www.freedesktop.org/software/sy ... .conf.html so folks can get a better understanding of what goes on under the hood. Check this out -
Code:
[Journal]#Storage=auto#Compress=yes#Seal=yes#SplitMode=uid#SyncIntervalSec=5m#RateLimitIntervalSec=30s#RateLimitBurst=10000SystemMaxUse=1G#SystemKeepFree=#SystemMaxFileSize=#SystemMaxFiles=100#RuntimeMaxUse=#RuntimeKeepFree=#RuntimeMaxFileSize=#RuntimeMaxFiles=100#MaxRetentionSec=0#MaxFileSec=1month#ForwardToSyslog=no#ForwardToKMsg=no#ForwardToConsole=no#ForwardToWall=yes#TTYPath=/dev/console#MaxLevelStore=debug#MaxLevelSyslog=debug#MaxLevelKMsg=notice#MaxLevelConsole=info#MaxLevelWall=emerg#MaxLevelSocket=debug#LineMax=48K#ReadKMsg=yes#Audit=yesThe changes I made above reduced the size of my logs from a little more than 3GB to 1.2GB. As mentioned logrotate and journald.conf are well-documented but I would recommend backing up the default files before hacking away at them.
Enjoy!
Statistics: Posted by wizard10000 — 2024-10-23 11:39 — Replies 5 — Views 172