1996-01-05 09:28:11 +00:00
|
|
|
.\" This file contains changes from the Open Software Foundation.
|
|
|
|
.\"
|
|
|
|
.\" from: @(#)newsyslog.8
|
1999-08-28 01:35:59 +00:00
|
|
|
.\" $FreeBSD$
|
1996-01-05 09:28:11 +00:00
|
|
|
.\"
|
|
|
|
.\" Copyright 1988, 1989 by the Massachusetts Institute of Technology
|
|
|
|
.\"
|
|
|
|
.\" Permission to use, copy, modify, and distribute this software
|
|
|
|
.\" and its documentation for any purpose and without fee is
|
|
|
|
.\" hereby granted, provided that the above copyright notice
|
|
|
|
.\" appear in all copies and that both that copyright notice and
|
|
|
|
.\" this permission notice appear in supporting documentation,
|
|
|
|
.\" and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
|
|
|
|
.\" used in advertising or publicity pertaining to distribution
|
|
|
|
.\" of the software without specific, written prior permission.
|
|
|
|
.\" M.I.T. and the M.I.T. S.I.P.B. make no representations about
|
|
|
|
.\" the suitability of this software for any purpose. It is
|
|
|
|
.\" provided "as is" without express or implied warranty.
|
|
|
|
.\"
|
1999-01-28 19:56:05 +00:00
|
|
|
.Dd January 27, 1999
|
1996-12-21 21:57:21 +00:00
|
|
|
.Dt NEWSYSLOG 8
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm newsyslog
|
|
|
|
.Nd maintain system log files to manageable sizes
|
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm newsyslog
|
1998-05-10 19:04:06 +00:00
|
|
|
.Op Fl Fnrv
|
1996-12-21 21:57:21 +00:00
|
|
|
.Op Fl f Ar config_file
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
.Nm Newsyslog
|
1996-01-05 09:28:11 +00:00
|
|
|
is a program that should be scheduled to run periodically by
|
1996-12-21 21:57:21 +00:00
|
|
|
.Xr cron 8 .
|
1996-01-05 09:28:11 +00:00
|
|
|
When it is executed it archives log files if necessary. If a log file
|
|
|
|
is determined to require archiving,
|
1997-10-06 07:46:08 +00:00
|
|
|
.Nm
|
1999-01-22 19:38:39 +00:00
|
|
|
rearranges the files so that
|
|
|
|
.Dq Va logfile
|
|
|
|
is empty,
|
|
|
|
.Dq Va logfile Ns Li \&.0
|
|
|
|
has
|
|
|
|
the last period's logs in it,
|
|
|
|
.Dq Va logfile Ns Li \&.1
|
|
|
|
has the next to last
|
1996-01-05 09:28:11 +00:00
|
|
|
period's logs in it, and so on, up to a user-specified number of
|
|
|
|
archived logs. Optionally the archived logs can be compressed to save
|
|
|
|
space.
|
1996-12-21 21:57:21 +00:00
|
|
|
.Pp
|
1999-01-22 19:38:39 +00:00
|
|
|
A log can be archived for three reasons:
|
|
|
|
.Bl -enum -offset indent
|
|
|
|
.It
|
|
|
|
It is larger than the configured size (in kilobytes).
|
|
|
|
.It
|
|
|
|
A configured number of hours have elapsed since the log was last
|
|
|
|
archived.
|
|
|
|
.It
|
|
|
|
This is the specific configured hour for rotation of the log.
|
|
|
|
.El
|
|
|
|
The granularity of
|
1997-10-06 07:46:08 +00:00
|
|
|
.Nm
|
1996-12-21 21:57:21 +00:00
|
|
|
is dependent on how often it is scheduled to run by
|
|
|
|
.Xr cron 8 .
|
|
|
|
Since the program is quite fast, it may be scheduled to run every hour
|
1999-01-22 19:38:39 +00:00
|
|
|
without any ill effects,
|
|
|
|
and mode three (above) assumes that this is so.
|
1996-12-21 21:57:21 +00:00
|
|
|
.Pp
|
1996-01-05 09:28:11 +00:00
|
|
|
When starting up,
|
1997-10-06 07:46:08 +00:00
|
|
|
.Nm
|
1999-01-22 19:38:39 +00:00
|
|
|
reads in a configuration file to determine which logs may potentially
|
|
|
|
be archived.
|
|
|
|
By default, this configuration file is
|
1996-12-21 21:57:21 +00:00
|
|
|
.Pa /etc/newsyslog.conf .
|
1996-01-05 09:28:11 +00:00
|
|
|
Each line of the file contains information about a particular log file
|
|
|
|
that should be handled by
|
1996-12-21 21:57:21 +00:00
|
|
|
.Nm newsyslog .
|
1999-01-27 04:27:49 +00:00
|
|
|
Each line has five mandatory fields and four optional fields, with a
|
1996-01-05 09:28:11 +00:00
|
|
|
whitespace separating each field. Blank lines or lines beginning with
|
|
|
|
``#'' are ignored. The fields of the configuration file are as
|
|
|
|
follows:
|
1996-12-21 21:57:21 +00:00
|
|
|
.Pp
|
1997-10-06 07:46:08 +00:00
|
|
|
.Bl -tag -width indent
|
1996-12-21 21:57:21 +00:00
|
|
|
.It Ar logfile_name
|
|
|
|
Name of the system log file to be archived.
|
1999-06-28 03:15:02 +00:00
|
|
|
.It Ar owner:group
|
1999-01-27 04:27:49 +00:00
|
|
|
This optional field specifies the owner and group for the archive file.
|
1999-06-28 03:15:02 +00:00
|
|
|
The ":" is essential, even if the
|
1996-12-21 21:57:21 +00:00
|
|
|
.Ar owner
|
1996-01-05 09:28:11 +00:00
|
|
|
or
|
1996-12-21 21:57:21 +00:00
|
|
|
.Ar group
|
|
|
|
field is left blank. The field may be numeric, or a name which is
|
|
|
|
present in
|
|
|
|
.Pa /etc/passwd
|
|
|
|
or
|
1997-10-06 07:46:08 +00:00
|
|
|
.Pa /etc/group .
|
1996-12-21 21:57:21 +00:00
|
|
|
.It Ar mode
|
1997-10-06 07:46:08 +00:00
|
|
|
Specify the mode of the log file and archives.
|
1996-12-21 21:57:21 +00:00
|
|
|
.It Ar count
|
1997-10-06 07:46:08 +00:00
|
|
|
Specify the number of archive files to be kept
|
1996-12-21 21:57:21 +00:00
|
|
|
besides the log file itself.
|
|
|
|
.It Ar size
|
|
|
|
When the size of the log file reaches
|
1999-04-10 15:09:07 +00:00
|
|
|
.Ar size
|
|
|
|
in kilobytes,
|
1996-12-21 21:57:21 +00:00
|
|
|
the log file will be trimmed as described above. If this field
|
1999-01-22 19:38:39 +00:00
|
|
|
is replaced by an asterisk
|
|
|
|
.Pq Ql \&* ,
|
1996-12-21 21:57:21 +00:00
|
|
|
then the size of the log file is not taken into account
|
|
|
|
when determining when to trim the log file.
|
1999-01-22 19:38:39 +00:00
|
|
|
.It Ar when
|
|
|
|
The
|
|
|
|
.Ar when
|
|
|
|
field can consist of an interval, a specific time, or both. If
|
|
|
|
the
|
|
|
|
.Ar when
|
|
|
|
field is an asterisk
|
|
|
|
.Pq Ql \&*
|
|
|
|
log rotation will depend only on the contents of the
|
|
|
|
.Ar size
|
|
|
|
field.
|
|
|
|
Otherwise, the
|
|
|
|
.Ar when
|
|
|
|
field consists of an optional interval in hours, optionally followed
|
|
|
|
by an
|
|
|
|
.So Li \&@ Sc Ns No -sign
|
|
|
|
and a time in a restricted
|
|
|
|
.Tn ISO 8601
|
|
|
|
format. If a time is specified, the log file will only be trimmed
|
|
|
|
if
|
|
|
|
.Nm newsyslog
|
|
|
|
is run within one hour of the specified time. If an
|
|
|
|
interval is specified, the log file will be trimmed if that many hours have
|
|
|
|
passed since the last rotation. When both a time and an interval are
|
|
|
|
specified, both conditions must be satisfied for the rotation to take
|
|
|
|
place.
|
|
|
|
.Pp
|
|
|
|
The particular format of the time is
|
|
|
|
.Sm off
|
|
|
|
.Oo
|
|
|
|
.Oo
|
|
|
|
.Oo
|
|
|
|
.Oo
|
|
|
|
.Oo
|
|
|
|
.Va \&cc
|
|
|
|
.Oc
|
|
|
|
.Va \&yy
|
|
|
|
.Oc
|
|
|
|
.Va \&mm
|
|
|
|
.Oc
|
|
|
|
.Va \&dd
|
|
|
|
.Oc
|
|
|
|
.Oo
|
|
|
|
.Li \&T
|
|
|
|
.Oo
|
|
|
|
.Va \&hh
|
|
|
|
.Oo
|
|
|
|
.Va \&mm
|
|
|
|
.Oo
|
|
|
|
.Va \&ss
|
|
|
|
.Oc
|
|
|
|
.Oc
|
|
|
|
.Oc
|
|
|
|
.Oc
|
|
|
|
.Oc .
|
|
|
|
.Sm on
|
|
|
|
Optional date fields default to the appropriate component of the
|
|
|
|
current date; optional time fields default to midnight; hence if today
|
|
|
|
is January 22, 1999, the following date specifications are all
|
|
|
|
equivalent:
|
|
|
|
.Pp
|
|
|
|
.Bl -item -compact -offset indent
|
|
|
|
.It
|
|
|
|
.Sq Li 19990122T000000
|
|
|
|
.It
|
|
|
|
.Sq Li 990122T000000
|
|
|
|
.It
|
|
|
|
.Sq Li 0122T000000
|
|
|
|
.It
|
|
|
|
.Sq Li 22T000000
|
|
|
|
.It
|
|
|
|
.Sq Li T000000
|
|
|
|
.It
|
|
|
|
.Sq Li T0000
|
|
|
|
.It
|
|
|
|
.Sq Li T00
|
|
|
|
.It
|
|
|
|
.Sq Li 22T
|
|
|
|
.It
|
|
|
|
.Sq Li \&T
|
|
|
|
.It
|
|
|
|
.Sq Li \&
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
There is no provision for specification of a timezone. There is
|
|
|
|
little point in specifying an explicit minutes or seconds component in
|
|
|
|
the current implementation, since the only comparison is `within the
|
|
|
|
hour'.
|
1996-12-21 21:57:21 +00:00
|
|
|
.It Ar flags
|
|
|
|
This optional field specifies if the archive should have any
|
|
|
|
special processing done to the archived log files.
|
1996-01-05 09:28:11 +00:00
|
|
|
The
|
1996-12-21 21:57:21 +00:00
|
|
|
.Ar Z
|
|
|
|
flag will make the archive files compress to save space by
|
|
|
|
using
|
|
|
|
.Xr gzip 1 .
|
1996-01-05 09:28:11 +00:00
|
|
|
The
|
1996-12-21 21:57:21 +00:00
|
|
|
.Ar B
|
1997-10-06 07:46:08 +00:00
|
|
|
flag means that the file is a binary file, and so the
|
|
|
|
.Tn ASCII
|
1996-12-21 21:57:21 +00:00
|
|
|
message which
|
|
|
|
.Nm
|
|
|
|
inserts to indicate the fact that the logs have been
|
1997-05-06 23:11:06 +00:00
|
|
|
turned over should not be included. The
|
|
|
|
.Ar -
|
|
|
|
flag means nothing, but can be used as a placeholder when the
|
|
|
|
.Ar path_to_pid_file
|
|
|
|
field is specified.
|
1997-05-04 01:53:53 +00:00
|
|
|
.It Ar path_to_pid_file
|
|
|
|
This optional field specifies
|
|
|
|
the file name to read to find the daemon process id. If this
|
1998-06-09 18:24:04 +00:00
|
|
|
field is present, a
|
|
|
|
.Ar signal_number
|
|
|
|
is sent the process id contained in this
|
1997-05-04 01:53:53 +00:00
|
|
|
file. This field must start with "/" in order to be recognized
|
|
|
|
properly.
|
1998-06-09 18:24:04 +00:00
|
|
|
.It Ar signal_number
|
|
|
|
This optional field specifies
|
|
|
|
the signal number will be sent to the daemon process. By default
|
|
|
|
a SIGHUP will be sent.
|
1996-12-21 21:57:21 +00:00
|
|
|
.El
|
|
|
|
.Sh OPTIONS
|
1996-01-05 09:28:11 +00:00
|
|
|
The following options can be used with newsyslog:
|
1996-12-21 21:57:21 +00:00
|
|
|
.Bl -tag -width indent
|
|
|
|
.It Fl f Ar config_file
|
1997-10-06 07:46:08 +00:00
|
|
|
Instruct newsyslog to use
|
1996-12-21 21:57:21 +00:00
|
|
|
.Ar config_file
|
|
|
|
instead of
|
|
|
|
.Pa /etc/newsyslog.conf
|
|
|
|
for its configuration file.
|
|
|
|
.It Fl v
|
1997-10-06 07:46:08 +00:00
|
|
|
Place
|
|
|
|
.Nm
|
1996-01-05 09:28:11 +00:00
|
|
|
in verbose mode. In this mode it will print out each log and its
|
|
|
|
reasons for either trimming that log or skipping it.
|
1997-02-28 07:33:37 +00:00
|
|
|
.It Fl n
|
1997-10-06 07:46:08 +00:00
|
|
|
Cause
|
|
|
|
.Nm
|
1996-01-05 09:28:11 +00:00
|
|
|
not to trim the logs, but to print out what it would do if this option
|
|
|
|
were not specified.
|
1996-12-21 21:57:21 +00:00
|
|
|
.It Fl r
|
1997-10-06 07:46:08 +00:00
|
|
|
Remove the restriction that
|
|
|
|
.Nm
|
1996-01-05 09:28:11 +00:00
|
|
|
must be running as root. Of course,
|
1997-10-06 07:46:08 +00:00
|
|
|
.Nm
|
1996-01-05 09:28:11 +00:00
|
|
|
will not be able to send a HUP signal to
|
1996-12-21 21:57:21 +00:00
|
|
|
.Xr syslogd 8
|
1996-01-05 09:28:11 +00:00
|
|
|
so this option should only be used in debugging.
|
1998-03-14 22:28:25 +00:00
|
|
|
.It Fl F
|
|
|
|
Force
|
|
|
|
.Nm
|
|
|
|
to trim the logs, even if the trim conditions have not been met. This
|
|
|
|
option is useful for diagnosing system problems by providing you with
|
|
|
|
fresh logs that contain only the problems.
|
1996-12-21 21:57:21 +00:00
|
|
|
.El
|
|
|
|
.Sh FILES
|
1997-10-06 07:46:08 +00:00
|
|
|
.Bl -tag -width /etc/newsyslog.confxxxx -compact
|
1996-12-21 21:57:21 +00:00
|
|
|
.It Pa /etc/newsyslog.conf
|
1997-10-06 07:46:08 +00:00
|
|
|
.Nm
|
1996-12-21 21:57:21 +00:00
|
|
|
configuration file.
|
|
|
|
.El
|
|
|
|
.Sh BUGS
|
1996-01-05 09:28:11 +00:00
|
|
|
Doesn't yet automatically read the logs to find security breaches.
|
1998-03-23 08:31:20 +00:00
|
|
|
.Sh AUTHORS
|
1997-10-06 07:46:08 +00:00
|
|
|
.An Theodore Ts'o ,
|
|
|
|
MIT Project Athena
|
1996-12-21 21:57:21 +00:00
|
|
|
.Pp
|
1996-01-05 09:28:11 +00:00
|
|
|
Copyright 1987, Massachusetts Institute of Technology
|
1999-06-28 03:15:02 +00:00
|
|
|
.Sh COMPATIBILITY
|
1999-07-28 04:28:05 +00:00
|
|
|
Previous versions of the
|
|
|
|
.Nm
|
|
|
|
utility used the dot (``.'') character to
|
1999-06-28 03:15:02 +00:00
|
|
|
distinguish the group name.
|
|
|
|
Begining with
|
1999-07-28 04:28:05 +00:00
|
|
|
.Fx 3.3 ,
|
|
|
|
this has been changed to a colon (``:'') character so that user and group
|
|
|
|
names may contain the dot character. The dot (``.'') character is still
|
|
|
|
accepted for backwards compatibility.
|
1996-12-21 21:57:21 +00:00
|
|
|
.Sh "SEE ALSO"
|
|
|
|
.Xr gzip 1 ,
|
|
|
|
.Xr syslog 3 ,
|
1999-06-28 03:15:02 +00:00
|
|
|
.Xr chown 8 ,
|
1996-12-21 21:57:21 +00:00
|
|
|
.Xr syslogd 8
|