Log File Administation

Log File Administration

As you roll your way through day-to-day Linux use, you’ll soon learn that there are many administrative tasks, both large and small, that should be carried out on a regular basis. One of those tasks is the administration of your system logs. Without regularly backing up and compressing these files, they’ll soon start to crowd storage space on your hard drive.

The best time to create these compressed backups is, of course, after you’ve reviewed the logs. You’ll remember that the front line to system security starts with a regular look at and analysis of your system logs. That’s a bit tougher to do if you’ve already compressed and archived them.

We all know, too, that geeks are lazy. Lazy as in, “Why re-invent the wheel or complete a task the computer can complete for me?” Efficient lazy, in other words. So, in order that you don’t have to re-invent the proverbial wheel, here’s a shell script that will regularly backup your /var/log/messages file:

#!/bin/bash

DATE=`date +”%Y%m%d”`

mv /var/log/messages /var/log/messages-archive
cp /dev/null /var/log/messages

tar czf /var/log/$DATE_messages.tgz /var/log/messages-archive

rm -f /var/log/messages-archive

As always, let’s walk through what this script accomplishes. First, we create a variable named DATE that we’ll use later to name the archive according to the date it was created. In this case, we call the date program, formatting the output as Y (4-digit year), m (two-digit month), and d (two-digit date). The resulting variable prints “20020215″.

Next we rename the /var/log/messages file to /var/log/messages-archive. Remember that the mv command accomplishes this in Linux.

The third piece of this script is important and often overlooked. We need to recreate the /var/log/messages file that we’ve just renamed, setting it to a 0 byte size. We could do this with touch [touch /var/log/messages], but my preference is to copy the contents of /dev/null, creating the /var/log/messages file. This assures that we start the file with a 0 byte size.

Next, we’re on to the archiving, creating a file called $DATE-messages.tgz from the file messages-archive. And, finally, we do a little housecleaning, removing the original messages-archive file. That leaves only the active /var/log/messages file and the 20020215_messages.tgz file.

You can run this script as a standalone or insert the command to run it into your /etc/crontab file. More importantly, it works for any log file. Just substitute the log file name and path.

There’s really nothing quite like leveraging efficient laziness to keep your Linux system in top shape.