In this POST we will see “Logrotate in Linux with examples”, so how we can capture or record the session of the Terminal.
Logrotate in Linux is mainly used to rotate, compress and mail the system logs.
When there is a large number of logs are generated into the system then It allows automatic rotation, compression and the removal of the old logs.
In other words, when any user logged in to the System at that time it will capture all the activity done by your side.
It will capture or record the activity like a command that you have used, which files you have edited and what changes made in that file.
How to capture or record the terminal
So, to record the terminal we have made the script and we will put that script in /etc/profile.
So when any user logged in to the System, it will automatically start recording the terminal of the users.
We have used a script command to record the terminal and it will keep that file in /var/log/session folder.
# vim /etc/profile
And at the end of the /etc/profile file insert the below script.
NOTE: Save the file and Don’t logout from this terminal and login with the same user from another terminal first and check whether you are able to log in and any file got generated in /var/log/session folder.
Now, Users will keep the logged in daily and our log files will be generated now we have to use logrotate to maintain the logs in the System.
Logrotate Configuration in Linux
Check the list of session logs file in /var/log/session file by ls -lrt
There is one configuration file and one folder in /etc folder for the logrotate.
So, first one is logrotate.conf file in this there is the configuration of btmp and wtmp files.
In the logrotate.d folder there are many configuration files which work on a daily basis to logrotate your applications.
The application like Nginx, MySQL, Apache, and etc log rotation policy will be in logrotate.d folder.
So, now we will make the policy for our session logs, which we are recorded into the folder /var/log/session.
We have used cat command to insert our policy into the session file.
# cat -n session
1 /var/log/session/*.log {
2 su root root
3 daily
4 rotate 10
5 missingok
6 notifempty
7 compress
8 dateext
9 dateformat -%Y-%m-%d-%s
10 }1. /var/log/session/*.log { This will check the *.log files into the /var/log/session folder.
2. su root root Rotate the log files set the user root and group to root instead of using its default user/group.
3. daily This log rotation policy will we on a daily basis, we can also set this in an hourly, weekly, and yearly basis.
4. rotate 10 Keep only 10 log files, and remove the old versions of the files.
5. missingok If the log file is missing, go on to the next one without issuing an error message.
6. notifempty If the log file is empty, then don’t rotate the log.
7. compress The log file is compressed with gzip command by default.
8. dateext Archive old versions of log files by adding a date extension like YYYYMMDD instead of adding a number to the log files.
9. dateformat -%Y-%m-%d-%s What the date format you want after rotating the logs.
We will also discuss some of the important options which are used in logrotate configuration files.
size 10k : When the size reached till 10 kb then rotate the logs.
copytruncate : Continue to write the logs into the new file and rotate the old log file.
maxage 100 : max age is used to remove the file after 100 days.
# logrotate -f session
So, we have used logrotate command with -f option and session file in which we have set our policy for the session logs.
Also, we can use cron to schedule this log rotation policy but before we have to use some command.
$ which logrotate
OUTPUT:
/usr/sbin/logrotateuse the command “which logrotate” to get the exact location of the logrotate command.
crontab
00 00 * * * /usr/sbin/logrotate -f /root/logrotate/sessionAfter that, we will schedule the crontab we have to run the logrotate at 00:00 AM every day.
Second, you can keep the session file in /etc/logrotate.d/ folder, and this will be rotate on daily basis.
4 Replies to “logrotate in Linux with example.”