NAME

newsyslog — maintain system log files to manageable sizes

SYNOPSIS

newsyslog

[-nrsvF] [-f config_file] [file ...]

DESCRIPTION

newsyslog is a program that should be scheduled to run periodically by cron(8). When it is executed it archives log files if necessary. If a log file is determined to require archiving, newsyslog rearranges the files so that “logfile” is empty, “logfile.0” has the last period's logs in it, “logfile.1” has the next to last period's logs in it and so on, up to a user-specified number of archived logs. Optionally the archived logs can be compressed to save space.

A log can be archived for three reasons:

1. It is larger than the configured size (in kilobytes).
2. A configured number of hours have elapsed since the log was last archived.
3. The configured time for rotation of the log occurred within the last 60 minutes.

The granularity of newsyslog is dependent on how often it is scheduled to run by cron(8). It is recommended that newsyslog be run once hourly.

When starting up, newsyslog reads in a configuration file to determine which logs may potentially be archived. By default, this configuration file is /etc/newsyslog.conf. Each line of the file contains information about a particular log file that should be handled by newsyslog. Each line has six mandatory fields and three optional fields, with whitespace separating each field. Blank lines or lines beginning with “#” are ignored. The fields of the configuration file are as follows:

logfile_name

Name of the system log file to be archived.

owner:group

This optional field specifies the owner and group for the archive file. The “:” is essential, even if the owner or group field is left blank. The field may be numeric, or a name which is present in /etc/passwd or /etc/group. For backward compatibility, “.” is usable in lieu of “:”, however use of this feature is discouraged.

mode

Specify the mode of the log file and archives.

ngen

Specify the number of archive files to be kept besides the log file itself.

size

When the size of the log file reaches size kilobytes, the log file will be trimmed as described above. If this field is replaced by an asterisk (‘*’), then the size of the log file is not taken into account when determining when to trim the log file.

when

The when field can consist of an interval, a specific time, or both. If the when field is an asterisk (‘*’) log rotation will depend only on the contents of the size field. Otherwise, the when field consists of an optional interval in hours, optionally followed by an ‘@’-sign and a time in a restricted ISO 8601 format or by an ‘$’-sign and a time specification for logfile rotation at a fixed time once per day, per week or per month.

If a time is specified, the log file will only be trimmed if newsyslog is run within one hour of the specified time. If an interval is specified, the log file will be trimmed if that many hours have passed since the last rotation. When both a time and an interval are specified, the log will be trimmed if either condition is met.

There is no provision for specification of a timezone. There is little point in specifying an explicit minutes or seconds component in the current implementation, since the only comparison is `within the hour'.

ISO 8601 restricted time format

The lead-in character for a restricted ISO 8601 time is an ‘@’-sign. The particular format of the time in restricted ISO 8601 is: [[[[[cc]yy]mm]dd][T[hh[mm[ss]]]]]. Optional date fields default to the appropriate component of the current date; optional time fields default to midnight; hence if today is January 22, 1999, the following date specifications are all equivalent:

• ‘19990122T000000’
• ‘990122T000000’
• ‘0122T000000’
• ‘22T000000’
• ‘T000000’
• ‘T0000’
• ‘T00’
• ‘22T’
• ‘T’
• ‘’

Day, week and month time format

The lead-in character for day, week and month specification is a ‘$’-sign. The particular format of day, week and month specification is: [Dhh], [Ww[Dhh]] and [Mdd[Dhh]] respectively. Optional time fields default to midnight. The ranges for day and hour specifications are:

hh

hours, range 0 ... 23

w

day of week, range 0 ... 6, 0 = Sunday

dd

day of month, range 1 ... 31, or the letter L or l to specify the last day of the month.

Some examples:

$D0

rotate every night at midnight

$D23

rotate every day at 23:00 hr

$W0D23

rotate every week on Sunday at 23:00 hr

$W5D16

rotate every week on Friday at 16:00 hr

$MLD0

rotate at the last day of every month at midnight

$M5D6

rotate on every 5th day of month at 6:00 hr

flags

This field specifies any special processing that is required. These flags are parsed in a case insensitive manner. Individual flags and their meanings:

-

This flag means nothing - it is used as a spacer when no flags are set.

b

The file is a binary file or is not in syslogd(8) format: the ASCII message which newsyslog inserts to indicate that the logs have been trimmed should not be included.

c

Create an empty log file if none currently exists.

n

No signal should be sent when the log is trimmed.

p

The first historical log file (i.e. the historical log file with the suffix “.0”) should not be compressed.

j

Archived log files should be compressed with bzip2(1) to save space.

x

Archived log files should be compressed with xz(1) to save space.

z

Archived log files should be compressed with gzip(1) to save space.

path_to_pid_file

This optional field specifies the file name to read to find the daemon process id. If this field is missing, it defaults to the /var/run/syslogd.pid file. A signal of type sigtype is sent to the process id contained in this path_to_pid_file file. This field must start with ‘/’ in order to be recognized properly.

sigtype

This optional field specifies the type of signal to be sent to the daemon process. This may be a numeric or symbolic value. By default a SIGHUP (hang-up) will be sent.

OPTIONS

The following options can be used with newsyslog:

-f config_file

Use config_file instead of /etc/newsyslog.conf as the configuration file.

-n

Do not trim the logs, but print out what would be done if this option were not specified: -n implies -v.

-r

Remove the restriction that newsyslog must be running as root. When running as a regular user, newsyslog will not be able to send a HUP signal to syslogd(8), so this option should be used only when debugging or trimming user generated logs.

-s

Do not signal daemon processes.

-v

Run in verbose mode. In this mode each action that is taken will be printed.

-F

Force trimming of the logs, even if the trim conditions have not been met. This option is useful for diagnosing system problems by providing you with fresh logs.

If additional command line arguments are given, newsyslog will only examine log files that match those arguments; otherwise, it will examine all files listed in the configuration file.

FILES

/etc/newsyslog.conf

newsyslog configuration file.

SEE ALSO

bzip2(1), gzip(1), syslog(3), syslogd(8)