Logrotate wildcard setting for sites?
and seems that i have that setup as there are files like
error.log.1
error.log.2.gz
error.log.3.gz
error.log.4.gz
…
How to make this for sites in srv/www/logs? if possible with some wildcard for all sites?
13 Replies
/var/log/apache2/*.log /srv/www/logs/*.log {
This will then match and act on all files matching *.log in /srv/www/logs/ in addition to /var/log/apache2/.
/var/log/apache2/.log /srv/www//logs/*.log
that will work with
/srv/www/site1.com/logs
/srv/www/site2.com/logs
etc
One more question, how does log rotate work. How to tell it to delete logs older than one month?
maxage <count>
Remove rotated logs older than <count> days. The age is only
checked if the logfile is to be rotated. The files are mailed to
the configured address if maillast and mail are configured.</count></count>
/var/log/apache2/.log /srv/www//logs/*.log{
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
}
tags when posting configuration files.)
What does "since then I have empty var/log/apache2 directory" mean? Were there existing logs in that directory which were deleted? How old were they?
What does "[i] in /srv/www/my-site/logs/ the same access.log and error.log" mean? Do these files have the same content?
Logrotate is generally run once per day by cron. Look in /etc/cron.daily/ and see if there is a logrotate script there. If so, then logrotate will be run at the same time other daily jobs are run. It is not a service which runs in the background, so does not need to be restarted.[/i]
```
1. Yes that was my apache2 file for logrotate made according to suggestions above. (full file, will use code next time)
2. Before I used root user, but since reading a post on forum I disabled a login for it and now i forget to type "sudo" everytime I need something "special" so I did "vi var/log/apache2" and it was empty. Now I see if i add SUDO before it there are log files, so this was the mistake I made. (is there a way I could remove a need for sudo writing for user other than root?)
3.By default logs are created from this I guess
<virtualhost *:80="">ServerAdmin webmaster@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /srv/www/example.com/public_html/
ErrorLog /srv/www/example.com/logs/error.log
CustomLog /srv/www/example.com/logs/access.log combined</virtualhost>
And when I added the code for logrotate /srv/www//logs/.log, there are still just those 2 files error.log and access.log, and no new ones that would be logrotate files like they are in var/log/*
The Apache config you posted will log activity to /srv/www/example.com/logs/access.log and errors to /srv/www/example.com/logs/error.log. These should be rotated by the apache2 logrotate configuration you posted (although you should make sure there's a space between "/srv/www//logs/.log" and the opening brace). The weekly option means that these logs will be rotated at the beginning of each week. The compress option will compress rotated logs, but delaycompress means that the first rotated log will not be compressed. So after a few weeks, your directory should have files like this:
access.log
access.log.1
access.log.2.gz
access.log.3.gz
error.log
error.log.1
error.log.2.gz
error.log.3.gz
The rotate 52 option will keep 52 old log files around. You can change this by reducing the number or by adding a maxage option as discussed before.
The locations where logs are written is controlled by your Apache configuration. You should look at the main configuration file and all the virtual host configuration files in /etc/apache2/sites-enabled/ to see where they are logging. This command should show you:
grep -RE 'CustomLog|ErrorLog|RewriteLog' /etc/apache2/apache2.conf /etc/apache2/sites-enabled/
Edit: If I need to run several commands as root, I usually do sudo su - to get a root shell. You need to be careful while doing this, and very aware of what you're doing while root. Type exit as soon as you are finished the task and you will revert to a normal user.
Also why is it so "dangerous" to be loggged in as root, mostly when i login to VPS is to make some edits as user with all privileges?
@marko_roi:
Also why is it so "dangerous" to be loggged in as root
Mainly because root can write to (or delete) any file on the system*. Typos that would be harmless while you are an ordinary user (because you don't have rights to modify important files) can cause great damage if run while root.
Of course, this is yet another argument for having good backups.
@marko_roi:
Lograte now works, but I see that on my site with lots of traffic access.log is 300 mb, how to make this lower? Probably remove .css .jpg and similar from logged in access.log, any chance on helping on that and how to do it?
Try rotating your logs every day, ie
/var/log/apache2/*.log /srv/www/*/logs/*.log {
daily
missingok
rotate 365
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
}
I changed weekly to daily, and rotate 52 to rotate 365
Others may froth at the mouth and hurl abuse, but I do all my sysadmin as root, and everything else as an unprivileged normal user.
I use screen (well, byobu now), and leave one window logged in as root for sysadmin, and all other windows are my normal user, which I use to do everything I can in, only switching to the root window when I have to, then switch back when I've finished.
Others will only ever log in as a normal user, and use "sudo command" when they need root. This is definitely more secure, but not necessarily less prone to mistakes, as some will argue. As you get in the habit of sudo blah, it's all muscle memory, after you do it for a few days, you don't even need to think about it. It's just as easy to type sudo rm -rf / as it is to type rm -rf / in a root shell.