terriyaki said:
What do you mean by archive and rotate the logs? Does that mean the log files are "pruned" (so to speak) from time to time... like deleting events that have happened more than 30 days ago?
I agree with you, though.. in the event of an unknown problem or problems logs would be very useful.
Thanks for your help, mrichmon.
Rotating and archiving the logs means that periodically the current log is compressed and moved with only a set number of previous logs being stored. This is easier to explain with an example.
Say you have the log file "system.log".
When the periodic log rotation is run, the current "system.log" file is renamed to "system.log.0" and compressed using gzip which results in a file named "system.log.0.gz".
Then your system runs for a while producing more information in the system.log file so you end up with two files:
Code:
system.log
system.log.0.gz
The next time the rotation runs, "system.log.0.gz" is renamed to "system.log.1.gz", then the current system.log is renamed and compressed as described above. The result will be two compressed log files then after the system runs for a little and produces some log data you will have three files: (The system.log file is only recreated when there is log data to record.)
Code:
system.log
system.log.0.gz
system.log.1.gz
Eventually you will get to the point where you have 'n' logs... for the system.log file n=9, for other log files such as secure.log and install.log n=5. So, you have the following files:
Code:
system.log
system.log.0.gz
system.log.1.gz
system.log.2.gz
system.log.3.gz
system.log.4.gz
system.log.5.gz
system.log.6.gz
system.log.7.gz
system.log.8.gz
Where system.log is the current system log file and system.log.8.gz is oldest system.log file still on the system. system.log.8.gz is the log file that was archived 8 log rotations ago.
So at this point when the logs are rotated, system.log.8.gz is deleted. system.log.7.gz is renamed to system.log.8.gz, system.log.6.gz is renamed to system.log.7.gz and so on until system.log.0.gz is renamed to system.log.1.gz and then the system.log file is renamed to system.log.0 and compressed to system.log.0.gz.
The net result is that you always have the current log, and the last n backup logs. You can see these files on your system by opening a terminal and entering the command: (pay attention to the modification dates on the files to get an idea of what is going on with the files.)
So, yes they are pruned, but it is not pruning based on so many days but rather on when the cron tasks are run. The system.log file is rotated daily by the default cron jobs in 10.4. secure.log is rotated every couple of days install.log looks like the rotation schedule is determined by the a period of time or the size of the current log file.
Hope this helps.