As of version 1.8 chklogs has an administrative program in addition to the main script and supports time-oriented logs rather than only size-oriented logs as well as several other nice features.
The main actions taken by the script are: to truncate overgrown logs to zero size ( truncate ), to compress (GNU zip) and archive overgrown logs ( archive ) while performing archive shuffling, to execute ( execute ) a user-specified handler/program/script and to warn the user/administrator that certain actions (the first three) need to be taken for some logs. Additionally it is possible to mail the report instead of displaying the results in the console. Chklogs can also check the presence of (possibly archived) logs and test the integrity of the Configuration File. Other administrative stuff is done with the chklogsadm program.
First you need to know the location of the system logs that are active in your system/distribution. For each logfile that is to be controlled under chklogs you must provide the full path name of the logfile, the maximum allowed size, the default action archive , truncate or execute and the maximum number of archived logs before automatically deleting the oldest archive ( shuffling ). This information is kept in a plain ASCII file in columnar fashion. For the archive action you must also specify the maximum number of archivals before shuffling. Truncate needs no further parameter while Execute needs a parameter (the 4th column) indicating which external program is to be executed whe the log grows too big. Do note that the truncate action cuts your log down to zero byte size!. The format of the configuration file is described in chklogs.conf (5).
The location of the configuration file is usually /etc/chklogs.conf but chklogs can be configured to look for it somewhere else.
The configuration file contains a series of records for each of the logs to be controlled. A comment line starts with a # character in the first column.
A sample configuration file would look like this:
################################################################### # ChkLogs v1.9 configuration file for host panama # # Copyright (C)1995,1996,1997 D. Emilio Grimaldo T. # #:options global #:global /var/log/chklogs /var/spool/uucp/Log 8000 truncate # The Syslogd daemon follows #:group syslog #:pre /usr/local/sbin/tidy -m #:post /root/perl/cdk_stub stop /var/spool/syslog/syslog 10000 archive 5 /var/log/news/nntpsend.log 5000 archive 8 # Prepare PPP statistics on the fly /var/spool/syslog/ppp.log 9999 execute /usr/bin/ppp-report %L
If you are installing the Chklogs package, libraries and helpers in a directory other than /usr/local/lib/chklogs/ you will need to modify the default library search path in the chklogs and chklogsadm scripts by modifying the line reading:
use lib "/usr/local/lib/chklogs";
to whatever you chose. However keeping this default will make your future upgrade procedures easier. Some of the Perl helper scripts might also need adjusting. In any case the configuration variables section is clearly marked.
You may need to adjust some variables and paths in the module file Chklogs.pm and the main script chklogs.
In the library file there is a clearly marked configuration section that contains some important variables used by the library, the administrative program and the main script.
Additionally you might need to modify some of the defaults given in some of the configuration variables of the chklogs script, though the defaults should work in most Unix flavours. These are:
There are other built-in defaults which you will find in the library/ module file Chklogs.pm which are described in the Chklogs Resource File manual page chklogsrc(5).
Chklogs could be used at the system administrator's discretion, or by creating a cron entry or by having it execute at boot time. The first two seem more appropriate.
Chklogs will compare the maximum allowable sizes/age for each log -as given in the configuration - against the actual size of the log file being examined. Then a report is produced that will include as part of the header:
-
The location of the Configuration file
-
The hostname of the machine in which chklogs was run.
-
The date when the script was run
-
Column headings for the contents of the report
-
The generic name of archived logs if archiving is enabled
The report produced by chklogs, whether sent to the standard output device or by mail will include the following information for each of the examined system logs:
-
The fully qualified filename of the system logfile
-
The current size/age of the log
-
The maximum allowed size/age as specified in the Configuration file
-
Action (to be) taken. When warning this will become
ok
,
truncate!
or
archive!
but when an action has been taken then it is either
truncated
,
archived
or
execute
# crontab file for root
00 21 * * sun /home/root/bin/chklogs -m
Thus running every Sunday at 21:00 hours.
When no option is specified chklogs will process the logs and take the appropiate action. If several options are specified then each must be preceeded by a dash, with at least a space within options.