GNU/Linux

Friday, February 23. 2007

What the hell is rotating my mail.log?

I want to keep track of the spam scores that show up in my /var/log/mail.log on my Debian Etch machine. My idea was to run a shell script grep’ing the wanted info out of the mail.log right before that file is to be rotated. logrotate provides configuration options for how and when log files should be rotated. This includes a possibility to run a script right before and after the rotation is done. So, I created a configuration /etc/logrotate.d/mail like

/var/log/mail.log /var/log/mail.info { ... sharedscripts prerotate /usr/local/sbin/extract-spamscores endscript postrotate /etc/init.d/sysklogd reload-or-restart endscript }

sysklogd is Debian’s package containing syslogd and klogd. The syslog itself already cares for rotating the basic log files, and this includes /var/log/mail.{log,info,warn,err}. sysklogd contains the cron-jobs /etc/cron.daily/sysklogd and /etc/cron.weekly/sysklogd, both of which contain logic for rotating the system’s log files. To obtain the list of the log files, the command syslogd-listfiles is issued in both of the scripts—the weekly script uses the option --weekly. When I issue syslogd-listfiles, I only get /var/log/syslog as answer, whereas with --weekly I get:

# syslogd-listfiles --weekly /var/log/mail.warn /var/log/uucp.log /var/log/user.log /var/log/daemon.log /var/log/messages /var/log/debug /var/log/auth.log /var/log/mail.err /var/log/mail.log /var/log/kern.log /var/log/lpr.log /var/log/mail.info

So I have to use the -s switch to exclude mail.log and mail.info such that logrotate can take care of them. As I also have a separate config for /var/log/messages in /etc/logrotate.d/messages, I modified the call of syslogd-listfiles --weekly in /etc/cron.weekly/sysklogd to

syslogd-listfiles --weekly -s "(messages|mail.(log|info))"

Continue reading "What the hell is rotating my mail.log?"

Posted by Stephan Paukner in GNU/Linux at 17:06 | Comments (0) | Trackbacks (0)

Defined tags for this entry: debian