Q. My log files grow continuously. How do I limit the growth of UNIX log files stored in /usr/spool/ or /var/log/ directory?
A. The log files could be the only source of information available to trace a problem or security issues. Log files keep growing every day as new logging data are appended onto existing log files. If you failed to manage log files, it will eat out disk space and no space will be left on filesystem to store user data. To avoid such problems try following solutions:
Keep log files in a separate filesystem
Never ever store /var/log or /var/adm and all other location on a / (root) filesysem. Always store all log files on a separate filesystem to maintain the security, integrity and performance of the system.
Control the growth of system log files
There are varios approaches to control the growth of system log files.
Option # 1: Manually truncate log file
Use any one of the following command to truncate log file:
# >/var/log/log.file
OR
# cat /dev/null > /usr/adm/log.file
Option # 2: Automatically truncate log file
You need to keep several old versions of a log file in the system by periodically deleting the oldest one, renaming the current one, and then recreating it. This can be done by using a shell script or using automated tool such as logrotate.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 2 comments… read them below or add one }
you can use logrotate – /usr/sbin/logrotate
you can for example start a new, empty log every day. and the old log is renamed to log.1 log.2 log.3 and so on.
so you keep all the logs in tiny pieces and can delete parts of the logs, instead always the whole log.
Logrotate also let you delete some of the log which are for example older than 90, 180 and so on days.
You can have different setting for each log file you want to maintenance.
Very useful tool.