chklogs

Section: Maintenance Commands (8)
Updated: v2.0 - 31 August 1997
Index
 

NAME

chklogs - Check and archive system log files  

SYNOPSIS

chklogs [ -amwctv ]

 

DESCRIPTION

chklogs Will check the system logs that are registered in the Configuration file and take appropriate user-specified action. The reason for this is to keep the system log sizes in check so that they don't grow too large. These system logs need to be trimmed from time to time. Additionaly it is also possible to limit the number of archived logs.

As of version 1.8 chklogs has an administrative program in addition to the main script and supports time-oriented logs rather than only size-oriented logs as well as several other nice features.

The main actions taken by the script are: to truncate overgrown logs to zero size ( truncate ), to compress (GNU zip) and archive overgrown logs ( archive ) while performing archive shuffling, to execute ( execute ) a user-specified handler/program/script and to warn the user/administrator that certain actions (the first three) need to be taken for some logs. Additionally it is possible to mail the report instead of displaying the results in the console. Chklogs can also check the presence of (possibly archived) logs and test the integrity of the Configuration File. Other administrative stuff is done with the chklogsadm program.

 

The Configuration File chklogs.conf

First you need to know the location of the system logs that are active in your system/distribution. For each logfile that is to be controlled under chklogs you must provide the full path name of the logfile, the maximum allowed size, the default action archive , truncate or execute and the maximum number of archived logs before automatically deleting the oldest archive ( shuffling ). This information is kept in a plain ASCII file in columnar fashion. For the archive action you must also specify the maximum number of archivals before shuffling. Truncate needs no further parameter while Execute needs a parameter (the 4th column) indicating which external program is to be executed whe the log grows too big. Do note that the truncate action cuts your log down to zero byte size!. The format of the configuration file is described in chklogs.conf (5).

The location of the configuration file is usually /etc/chklogs.conf but chklogs can be configured to look for it somewhere else.

The configuration file contains a series of records for each of the logs to be controlled. A comment line starts with a # character in the first column.

A sample configuration file would look like this:

       ###################################################################
       # ChkLogs v1.9 configuration file for host panama
       #
       # Copyright (C)1995,1996,1997 D. Emilio Grimaldo T.
       #
       #:options  global
       #:global   /var/log/chklogs
       /var/spool/uucp/Log            8000  truncate  

       # The Syslogd daemon follows
       #:group  syslog
       #:pre    /usr/local/sbin/tidy -m
       #:post   /root/perl/cdk_stub stop
       /var/spool/syslog/syslog     10000   archive   5
       /var/log/news/nntpsend.log    5000   archive   8

       # Prepare PPP statistics on the fly
       /var/spool/syslog/ppp.log     9999   execute   /usr/bin/ppp-report %L

 

CONFIGURATION

If you are installing the Chklogs package, libraries and helpers in a directory other than /usr/local/lib/chklogs/ you will need to modify the default library search path in the chklogs and chklogsadm scripts by modifying the line reading:


               use lib     "/usr/local/lib/chklogs";

to whatever you chose. However keeping this default will make your future upgrade procedures easier. Some of the Perl helper scripts might also need adjusting. In any case the configuration variables section is clearly marked.

You may need to adjust some variables and paths in the module file Chklogs.pm and the main script chklogs.

In the library file there is a clearly marked configuration section that contains some important variables used by the library, the administrative program and the main script.

Additionally you might need to modify some of the defaults given in some of the configuration variables of the chklogs script, though the defaults should work in most Unix flavours. These are:

$zipper
The command used to invoke the program that will compress the offending log. Defaults to `/bin/gzip'. You may also use '/bin/compress'.

$zipext
The extension given to the compressed file by the $zipper. Defaults to `gz'. But if you chose `compress' above, you should use 'Z' here instead.

$mailer
The actual mailer program and any options. Defaults to `/usr/sbin/sendmail -ep -i '.

$maxlogs        
Specifies the maximum numbers of archived logs for a given
log type to prevent an excess of archived logs if you abandon your system for some time. If the maximum is reached shuffling is done, the oldest archived log is removed to make space for the newest one. Defaults to 5. Notice that this default is only used if the value specified in the Configuration file is invalid or zero.

$syslogF
The full pathname (including basename!) of the syslog.pid file. This is used to send SIGSTOP and SIGCONT to syslogd while chklogs works on the logs. Default is /var/run/syslog.pid $VarRun configuration variable. However, for backwards compatibility syslogF can be a fully qualified name in which case VarRun is ignored for the purpose of finding the Syslog Daemon configuration file.

There are other built-in defaults which you will find in the library/ module file Chklogs.pm which are described in the Chklogs Resource File manual page chklogsrc(5).

 

OPTIONS

Chklogs could be used at the system administrator's discretion, or by creating a cron entry or by having it execute at boot time. The first two seem more appropriate.

Chklogs will compare the maximum allowable sizes/age for each log -as given in the configuration - against the actual size of the log file being examined. Then a report is produced that will include as part of the header:

- The location of the Configuration file
- The hostname of the machine in which chklogs was run.
- The date when the script was run
- Column headings for the contents of the report
- The generic name of archived logs if archiving is enabled

The report produced by chklogs, whether sent to the standard output device or by mail will include the following information for each of the examined system logs:

- The fully qualified filename of the system logfile
- The current size/age of the log
- The maximum allowed size/age as specified in the Configuration file
- Action (to be) taken. When warning this will become ok , truncate! or archive! but when an action has been taken then it is either truncated , archived or execute

-m
Mail report. This option can be used with -a and -w. No report will be produced on standard output device. The report will be mailed if and only if any action has been taken or needs to be taken. So if at least one log has grown past its allowed size a mail will be sent to the $admin user. This report contains the same header as described above. This is a good option if the script is run on a crontab. My crontab looks like this:


# crontab file for root
00 21 * * sun /home/root/bin/chklogs -m

Thus running every Sunday at 21:00 hours.

-a
Archive override. Can be used with -m. The overgrown logs will be processed as usual and a report will be produced. The difference lies in the override attribute, that is if the Configuration specified truncate for action, it will be overriden and an archive will be made instead. This is useful when used manually to force archivals for later perusal. When a log is archived (not necessarily with override) it is compressed, a time stamp of the form YYMMDD is present in the logname and a new log with the same permissions and ownerships is created (some programs do not re-create logs). Also if the maximum number of archived logs has been reached, the oldest one is removed so as to save your disk space.

-w
Warn. Can be used with -m. A report will be produced but no action will be taken by chklogs. For example if you want to mail a reminder to the admin user that some logs need maintenace, use the -m and -w options combined as in chklogs -m -w

-t
Test Configuration File. This will only check the sanity of the config file and produce a formatted listing of the index on stdout.

-c
Only makes use of the Configuration File to give a listing (on stdout) of all log files (archived or not) that are present in the system. This option is useful to have a quick overview of what (archived) logs are in the filesystem.

-v
Displays the version identification of chklogs and its library version.

When no option is specified chklogs will process the logs and take the appropiate action. If several options are specified then each must be preceeded by a dash, with at least a space within options.

 

FILES

/etc/chklogs.conf
/var/log/.chklogsdb
/usr/local/lib/chklogs/chklogsrc
$HOME/chklogsrc
/var/run/syslog.pid

 

SEE ALSO

chklogs.conf(5), chklogsadm(8)

 

AUTHOR

chklogs Copyright (C) Didimo Emilio Grimaldo Tunon
grimaldo@panama.iaehv.nl


 

Index

NAME
SYNOPSIS
DESCRIPTION
The Configuration File chklogs.conf
CONFIGURATION
OPTIONS
FILES
SEE ALSO
AUTHOR

This document was created by man2html, using the manual pages.
Time: 08:32:21 GMT, August 28, 1997