Maintaining Syslog Files on the Server

Problem

You want to automatically rotate and archive router logfiles on a Unix server.

Solution

The Bourne shell script in Example 18-1 automatically rotates router logfiles to ensure that these files don't become too big and cumbersome to navigate. The script is intended to be invoked via a cron job on a daily basis, but you can also run it manually. By default, the script retains seven days worth of archived logfiles and compresses files older than two days. No arguments are required or expected.

Example 18-1. rotatelog.sh

#!/bin/sh
#
# rotatelog.sh -- a script to rotate logfiles and
# compress archived files 
#
# Set behavior 
SYSLOGPID=/etc/syslog.pid 
LOGDIR=/var/log
LOG=rtrlog
DAYS=7
COMPRESS="/usr/bin/compress -f"
#
# Program body
[ -f $SYSLOGPID ] || echo "Syslog PID file doesn't exist"
if [ -d $LOGDIR ]; then
 cd $LOGDIR
 [ -f $LOG.1 ] && Q$COMPRESS $LOG.1Q && sleep 1
 while [ $DAYS -gt 1 ]
 do
 LOW=Qexpr $DAYS - 1Q
 [ -f $LOG.$LOW.Z ] && mv $LOG.$LOW.Z $LOG.$DAYS.Z
 DAYS=$LOW
 done
[ -f $LOG ] || echo "Log file $LOG doesn't exist"
[ -f $LOG ] && mv $LOG $LOG.1
touch $LOG
chmod 644 $LOG
sleep 10
kill -HUP Qcat $SYSLOGPIDQ
#
else
echo "Log directory $LOGDIR is not valid"
fi

Discussion

If left unchecked, the router logfiles grow until your disk space runs out. This script is designed to rotate router logfiles on a daily basis to ensure they don't grow too large.

This script will rotate logs on a daily basis and retain seven days worth of archived logfiles, and overwrite files that are older than this. To reduce the required disk space of the archived logfiles, the script will retain the previous day's log, in a normal format, and compress the remaining days. The number of archived days stored by the script is completely configurable. For instance, to change the number of archived days to 30, change the DAYS variable:

DAYS=30

The script is initially configured to rotate a file called /var/log/rtrlog, but it can easily be configured to rotate any logfile by changing the two variables, LOGDIR and LOG. The variable named LOGDIR contains the directory that the logfiles reside in, and the variable LOG contains the name of the logfile itself. For instance, if you want to change the script to rotate a file called /var/adm/nmslog, then you would modify the following lines in the script:

LOGDIR=/var/adm
LOG=nmslog

The final variable that may require modification is the SYSLOGPID variable. This variable contains the location of your system's syslog.pid file. The script assumes that the process ID number (PID), which is carried by the SYSLOGPID variable, can be found in the file /etc/syslog.pid, which is a common location for Solaris-based machines (another common location is /var/run/syslog.pid). Configuring the script with the correct syslog.pid location is vitally important; otherwise, your logfiles will not rotate correctly. To find the location of your syslog.pid file on your system, use the following command, which can take several minutes to run:

server% find / -name syslog.pid print
/etc/syslog.pid
server%

As mentioned earlier, the script is intended to be launched from cron on a nightly basis. Since it will likely require root privileges to create the necessary files, launch the script from root's crontab. Below is an example of the crontab entry required to launch the script each day at midnight (assuming it is located in /usr/local/bin):

0 0 * * * /usr/local/bin/rotatelog.sh 

Finally, since archived files older then one day, are compressed, we should mention some methods of working with compressed files. First, to view a compressed file, use the zcat command or uncompress c command. To permanently uncompress a compressed file, use the uncompress command (without any switches).

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net