Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

A script to move and file the system logs UNIX
If you're like me and were annoyed to find a couple dozen .gz log files in your /var/log directory every time you opened it, than this is a script for you. It runs by cron after the maintenance scripts are run.

Read the rest of the article for the script...

Here's the script:
#Script File to move the gzipped logs
#First, moves all *.gz files from /var/log to /Users/USERNAME/logs/**THECURRENTDATE**
#Then changes the owner to USERNAME and the group to admin

CURRDATE=`/bin/date +%m-%d-%y`
/bin/mkdir /Users/USERNAME/logs/$CURRDATE
/bin/mv /var/log/*.gz /Users/USERNAME/logs/$CURRDATE
/usr/sbin/chown USERNAME /Users/USERNAME/logs/$CURRDATE/*
/usr/bin/chgrp admin /Users/USERNAME/logs/$CURRDATE/*
Replace USERNAME with your actual short user name. Place this script anywhere you want (I put it as /etc/logs). Then, add this to the end of your /etc/crontab file:
35	4	*	*	*	root	sh /etc/logs
Replace "/etc/logs" with wherever you placed the script. Also change the time to about a half an hour after the last maintenance script is run (the first two numbers, in MINUTE HOUR form). Thus, if I listed the contents of /Users/bfoster/logs, I would see this:
[maclaxguy:~/logs] bfoster% ls -F
07-23-02/ 07-24-02/ 07-25-02/
And you'll have the logs from the corresponding dates in each directory. Oh, and you'll also need to create the /Users/USERNAME/logs directory. Hope you find this usefull.
    •    
  • Currently 4.00 / 5
  You rated: 5 / 5 (3 votes cast)
 
[4,557 views]  

A script to move and file the system logs | 4 comments | Create New Account
Click here to return to the 'A script to move and file the system logs' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Why keep log files?
Authored by: mervTormel on Jul 29, '02 10:30:06AM
Why are .gz files in the log dir annoying? why do you want to save them, bloating your home dir? There is no provision for additional cleanup in your method. How many days will you save? Ad infinitum? is there a legal requirement for saving them? if so, then they should get to external media and/or off-site. Log files aren't very interesting historically. They are meant to be useful in diagnosing problems close to the present. Occasionally, you may want to go back a few days to investigate an issue, but only legal issues make them historically valuable. Otherwise, they are cruft and are expunged after a duration, as they should be. The older a log file is, the less reflective of reality it is, and the more investigation is required to exact a reality. The management of logs with the /etc/ maintenance scripts is universally reasonable. Now, with this facility, there's more management and bloat every day. What are your requirements and does this achieve them? I would be annoyed by the additional bloat and maintenance of the new ~/logs dir. Have you just transferred the workload somewhere else without really solving anything? And here's a real, slick solution that leaves the system vanilla, and let's you see/access your system logs unencumbered by the .gz files... Wouldn't it be simpler if you didn't look at the /var/log dir? Why not just make aliases/symlinks of the interesting log files in your ~/logs dir and leave the maintenance mechanism vanilla and mask the .gz files existence from you view that way? like so...
 % mkdir ~/syslogs
% ln -s /var/log/*.log ~/syslogs
% ls -ln ~/syslogs>

total 96
lrwx------ 1 501 80 25 Jul 30 08:33 backup.daily.log -> /var/log/backup.daily.log
lrwx------ 1 501 80 25 Jul 30 08:33 dmesg-9jun02.log -> /var/log/dmesg-9jun02.log
lrwx------ 1 501 80 18 Jul 30 08:33 dmesg.log -> /var/log/dmesg.log
lrwx------ 1 501 80 16 Jul 30 08:33 ftp.log -> /var/log/ftp.log
lrwx------ 1 501 80 20 Jul 30 08:33 lookupd.log -> /var/log/lookupd.log
lrwx------ 1 501 80 16 Jul 30 08:33 lpr.log -> /var/log/lpr.log
lrwx------ 1 501 80 17 Jul 30 08:33 mail.log -> /var/log/mail.log
lrwx------ 1 501 80 23 Jul 30 08:33 makewhatis.log -> /var/log/makewhatis.log
lrwx------ 1 501 80 21 Jul 30 08:33 messages.log -> /var/log/messages.log
lrwx------ 1 501 80 20 Jul 30 08:33 netinfo.log -> /var/log/netinfo.log
lrwx------ 1 501 80 19 Jul 30 08:33 secure.log -> /var/log/secure.log
lrwx------ 1 501 80 19 Jul 30 08:33 system.log -> /var/log/system.log


[ Reply to This | # ]
Why keep log files?
Authored by: maclaxguy on Jul 30, '02 03:39:48PM

I simply wrote this because I do check over my logs every week or so. I like to see if anything is going wrong, and see if any possible security breaches have occurred. After I read them, I usually just delete them. All this is doing is making me able to delete them when I choose to do so, and cataloging them by their date for easy reference. I see what you are saying, and for some, this script is nothing that they would like to use. However, I find it very useful, and I thought that perhaps a few other people might as well.

Ben Foster



[ Reply to This | # ]
Why keep log files?
Authored by: Loren on Nov 20, '02 05:07:44PM

I am using my Mac as a remote logging machine for my office firewall, and we save those logs a really long time. This script should be very helpful.

Thanks.

Loren



[ Reply to This | # ]
Alternative to variable...
Authored by: Loren on Nov 22, '02 11:25:12AM

I couldn't get the CURRDATE variable to work. Always got an error.

But, instead of the variable, just using the follwoing format worked for me...

/bin/mkdir /Users/USERNAME/logs/`/bin/date +%m-%d-%y`

Also, when testing, I had to add /usr/bin/sudo to the beginning of each line, but that shouldn't happen when cron runs the job in the night.

Loren



[ Reply to This | # ]