[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: Conserver logfiles

Brad Arlt arlt@cpsc.ucalgary.ca
Fri, 28 Nov 2003 09:21:08 -0800 (PST)

On Thu, Nov 27, 2003 at 07:07:33PM -0800, Bryan Stansell wrote:
> yep, all versions just grow.  i usually set things up so that files are
> moved to a subdirectory then conserver is sent a SIGUSR2 (if 7.2.5 or
> above, otherwise a SIGHUP).  if anyone has a good methodology for
> trimming/rolling/size-restricting logfiles automatically, i'd love to

This is the way log rolling should happen within a server.  A couple
of log rolling scripts in the contrib/ directory should be used to
take care of the rest :)

> so, those are the kinds of things i worry about.  when it's controlled
> externally, folks can schedule things appropriately and just opening a
> bunch of files is (usually) very quick.

A program with similar restrictions as conserver, syslog-ng, tries to
address the needs of some folks who would like to not roll files.
Syslog-ng can use template filenames, one option in the template is
portions of the date and time. 

Thus a LogfileTemplate=/var/log/conserv/$YEAR/$MONTH/$DAY/$HOST is
possible.  It doesn't eliminate partions of rolling - removing old
data and compressing - but it does keep files smaller automatically.

To handle some blocking issues syslog-ng uses buffers and threads with
blocking I/O or asyncronous I/O.  Thus I/O calls that take time can be
used *and* you don't loose any data.  Yes, buffers can overflow, but
then you are accepting data faster than you can write to disk so you
would have lost data anyway, its just a matter of which portion of the


Samba has a log filesize limit you can set, if the log file exceeds
this size (perhaps just on start or when SIGHUP is received) the log
file is moved to <logfilename>.old and a new logfile is created.  The
logic is fuzzy, so the limit isn't a hard size, its more of a
suggestion of a limit that gets rolled when it makes sense to do so
(so not half way through a log message).

Apache gives you the ability to log to named pipes allowing for a
dedicated logging program to go nuts with compressing on the fly and
rolling at size, or line, or time limits.
   __o		Bradley Arlt			Security Team Lead
 _ \<_		arlt@cpsc.ucalgary.ca		University Of Calgary
(_)/(_) 	Joyously Canadian	 	Computer Science