BSD DevCenter

oreilly.comSafari Books Online.Conferences.

We've expanded our LAMP news coverage and improved our search! Search for all things LAMP across O'Reilly!

Search
Search Tips

advertisement

Listen Print Subscribe to BSD Subscribe to Newsletters

Where the Log Files Live
Pages: 1, 2, 3

The last thing I want to cover today is the newsyslog utility. When you originally looked in your /var/log directory, you may have received a listing of a lot of files that ended in .0, .1, etc., and some of these files may have also been compressed (they had a .gz extension). This is a result of the workings of newsyslog, which we mentioned briefly in the Getting Cron to Do Our Bidding article. Let's take a quick look in this utility's manpage:



man newsyslog

NAME

newsyslog - maintain system log files to manageable sizes

Newsyslog is a program that should be scheduled to run periodically by cron(8). When it is executed it archives log files if necessary. If a log file is determined to require archiving, newsyslog rearranges the files so that "logfile" is empty, "logfile.0" has the last period's logs in it, "logfile.1" has the next to last period's logs in it, and so on, up to a user-specified number of archived logs. Optionally, the archived logs can be compressed to save space.

In other words, if a logfile becomes too large, newsyslog will rename it with a .0 extension, possibly zip it, and create a new file with the original log name. For example:

  • maillog.1.gz is the oldest maillog file; it has been compressed
  • maillog.0.gz is the second oldest maillog file; it is also compressed
  • maillog is the current maillog that is being written to by syslogd

If you continue to read through the manpage for newsyslog, you'll learn how to tweak its configuration file (/etc/newsyslog.conf) so you can schedule when files will be renamed and compressed.

If you ever need to view the contents of a log that has already been compressed by newsyslog, you can use the zmore utility like so:

zmore maillog.0.gz
If you need to remove old log files to save space, it is safe to delete a log that ends with a either a number or a .gz from the /var/log directory. If you need to do this often, there is no need to create a cronjob; newsyslog will do this automatically. It will keep as many or as few backlogs as you desire and rotate through them when they reach a specified size. I would not recommend deleting the other logs, though, as syslogd expects to be able to find the logfiles in the paths that you've specified in /etc/syslog.conf. So, in the above example, it is safe to delete maillog.0.gz and maillog.1.gz, but don't delete maillog.

If you ever inadvertently delete an original logfile, you can create it using the touch utility:

cd /var/log
rm maillog	(oops)
touch maillog

This will create an empty maillog file that syslogd can write to.

This should get you started working with logs on your FreeBSD system. In next week's article we'll dig a little deeper and take a look at processes, PIDs, and the ps utility.

Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular FreeBSD Basics column for O'Reilly and is author of BSD Hacks and The Best of FreeBSD Basics.

Read more FreeBSD Basics columns.

Discuss this article in the Operating Systems Forum.

Return to the BSD DevCenter.

 




Sponsored Resources

  • Inside Lightroom
Advertisement

Sponsored by:

O'Reilly Media

©2009, O'Reilly Media, Inc.
(707) 827-7000 / (800) 998-9938
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. 		About O'Reilly
Academic Solutions
Authors
Contacts
Customer Service
Jobs
Newsletters
O'Reilly Labs
Press Room
Privacy Policy
RSS Feeds
Terms of Service
User Groups
Writing for O'Reilly
Content Archive
Business Technology
Computer Technology
Google
Microsoft
Mobile
Network
Operating System
Digital Photography
Programming
Software
Web
Web Design
 More O'Reilly Sites
O'Reilly Radar
Ignite
Tools of Change for Publishing
Digital Media
Inside iPhone
O'Reilly FYI
makezine.com
craftzine.com
hackszine.com
perl.com
xml.com

Partner Sites
InsideRIA
java.net
O'Reilly Insights on Forbes.com