Articles September 16, 2004 at 6:16 pm

Log Rolling made easy in 10.2.x-10.3.x

Log Rolling with periodic

How to get periodic to keep all of your logs tidy.by: Dale Walsh

The log roll routine is referenced by name so for this example I will use “clamav” for the log name. For other applications just swap in their log name.

These scripts have a priority in what they do with other curently running processes and reading up on periodic it is recommended that nothing above 600 be used to avoid shutting down the server if it should take more than a couple of seconds to execute your script.

“periodic” expects to find script links in /etc and script folders in /etc/periodic and the name of the scipt is {priority}.{scriptname}, 100 being minimum and 900 being maximum so my log roll script is /etc/periodic/clamav/500.clamav and in this example I will save the last 8 log files. All of these variables can be edited as you wish, but it’s probably best to get things working first before you start playing.

With your favorite editor create your log rolling script.

#!/bin/sh -
#
#	@(#)clamav	8.2 (Berkeley) 1/2/94
#

PATH=/bin:/sbin:/usr/sbin:/usr/bin:/usr/libexec:/usr/local/bin
export PATH

# periodic wants to know who we are for log output
host=`hostname -s`

echo ""

echo -n "Rotating clamav log files:"
cd /var/log/clamav
for i in clamd.log freshclam.log; do
    if [ -f "${i}" ]; then
	echo -n " ${i}"
	if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
	if [ -f "${i}.6${gzext}" ]; then mv -f "${i}.6${gzext}" "${i}.7${gzext}"; fi
	if [ -f "${i}.5${gzext}" ]; then mv -f "${i}.5${gzext}" "${i}.6${gzext}"; fi
	if [ -f "${i}.4${gzext}" ]; then mv -f "${i}.4${gzext}" "${i}.5${gzext}"; fi
	if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
	if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
	if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
	if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
	if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
	touch "${i}" && chmod 644 "${i}" && chown clamav:admin "${i}"
    fi
done

# clamav has 2 daemons running so we need to resync both log files.

if [ -f /var/clamav/clamd.pid ]; then kill -HUP $(cat /var/clamav/clamd.pid | head -1); fi

if [ -f /var/clamav/freshclam.pid ]; then kill -HUP $(cat /var/clamav/freshclam.pid | head -1); fi

# do we have any additional scripts we wish to execute that besides rolling the logs?

if [ -f /etc/clamav.local ]; then
    echo -n "Running clamav.local:"
    sh /etc/clamav.local
fi

Now we need to set the attributes for our files:

chmod 0755 /private/etc/periodic/clamav
chmod 0755 /private/etc/periodic/clamav/*
chown root:wheel /private/etc/periodic/clamav
chown root:wheel /private/etc/periodic/clamav/*

Using your favorite editor again, edit /private/etc/crontab and add the following entry:

30	4	*	*	6	root	periodic clamav

Next, we need to create a link in /etc to the script for periodic to access it with in the following format.

sudo ln -s periodic/{scriptname}/{priority}.{scriptname} {scriptname}

So it you would use this for clamav.

cd /etc
sudo ln -s periodic/clamav/500.clamav clamav

Finally, we need to add our entry into the periodic config file located at /private/etc/default/periodic.conf using your favorite editor, I found out by not adding this entry it’s behavior is unpredictable and dependability is an issue.

The format as described in “man periodic.conf” is {dir}_option.

# clamav options
#
# These options are used by periodic(8) itself to determine what to do
# with the output of the sub-programs that are run, and where to send
# that output.
#
clamav_output="/var/log/clamav.out"	# user to e-mail or /file to save
clamav_show_success="YES"			# scripts returning 0
clamav_show_info="YES"				# scripts returning 1
clamav_show_badconfig="NO"			# scripts returning 2

This step is not required but I like to be able to see my available options so I have also edited “/usr/share/man/man8/periodic.8” and “/usr/share/man/cat8/periodic.8.gz” to include my added routines.

To edit the “periodic.8.gz” you must first unpack it, I recommend you use BBEdit to edit the file since it has an option to show invisible characters that this file is riddled with and the lines you must duplicate contain many.

After you have made your additions to this file, repack it (gz) and place it back in the “/usr/share/man/cat8” folder and your done.

As a safety measure, you can restart the server (cause I didn’t know how to restart cron).

It has been suggested that watchdog will restart the service if it stops but I didn’t explore this possibility.

It’s ready to roll. (your own)

Leave a reply

You must be logged in to post a comment.