Log rotation: Difference between revisions
stub tag |
m Reverted edits by 223.233.64.249 (talk) to last version by 108.41.185.26 |
||
| (32 intermediate revisions by 28 users not shown) | |||
| Line 1: | Line 1: | ||
{{short description|Aspect of computer systems management}} |
|||
'''Log rotation''' is an automated process used in [[system administration]] in which dated [[Computer data logging|log files]] are [[archive]]d. In general, it is used on [[server (computing)|servers]]. Servers which run large applications, such as [[LAMP (software bundle)|LAMP stacks]], often log every request, and as such, the process of log rotation may be beneficial. |
|||
{{hatnote | This article discusses rotating information. For rotating physical objects, see [[Logrolling (disambiguation) | logrolling]].}} |
|||
In [[information technology]], '''log rotation''' is an automated process used in [[system administration]] in which [[Computer data logging|log files]] are compressed, moved ([[archive]]d), renamed or deleted once they are too old or too big (there can be other metrics that can apply here). |
|||
New incoming log data is directed into a new fresh file (at the same location).<ref> |
|||
{{cite web |
|||
| url = http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf |
|||
| title = Guide to Computer Security Management: Recommendations of the National Institute of Standards and Technology |
|||
| last1 = Kent |
|||
| first1 = Karen |
|||
| last2 = Souppaya |
|||
| first2 = Murugiah |
|||
| date = September 2006 |
|||
| series = Special Publication 800-92 |
|||
| publisher = National Institute of Standards and Technology: Technology Administration, U.S. Department of Commerce |
|||
| location = Gaithersburg, MD |
|||
| page = 3 |
|||
| access-date = 2014-10-02 |
|||
| quote = Log rotation is closing a log file and opening a new log file when the first file is considered to be complete. Log rotation is typically performed according to a schedule (e.g., hourly, daily, weekly) or when a log file reaches a certain size. |
|||
}} |
|||
</ref> |
|||
The main purpose of log rotation is to restrict the volume of the log data to avoid overflowing the record store, while keeping the [[log file]]s small enough so viewers can still open them. |
|||
Servers which run large applications, such as [[LAMP (software bundle)|LAMP stacks]], often log every request: in the face of bulky logs, log rotation provides a way to limit the total size of the logs retained while still allowing analysis of recent events. |
|||
Even though some arguments in favor of log rotation imply that maintaining smaller files increases writing performance, the size of a file doesn’t affect its writing performance. The reason is that in most modern filesystem implementations, the kernel knows the size of a file, and appending data can happen after performing a seek syscall to position the pointer at the end of the file which is a constant time operation. |
|||
== Methods of archival == |
== Methods of archival == |
||
In [[Linux]] log rotation is typically performed using the logrotate [[command (computing)|command]].<ref name="logrotate">{{cite web|url=http://linux.die.net/man/8/logrotate | title=logrotate (8) - Linux man page | access-date=February 10, 2013}}</ref><ref name="acuk">{{cite web|url=http://www-uxsup.csx.cam.ac.uk/~jw35/courses/apache/html/x1670.htm | title=Log rotation | access-date=February 10, 2013}}</ref> The command can be used to [[email]] logs to a [[systems administrator]] after log rotation. Dated logs may also be [[Data compression|compressed]]. |
|||
In [[FreeBSD]] and [[macOS]] the newsyslog command is used.<ref name="newsyslog">{{cite web|title=newsyslog (8) - maintain system log files to manageable sizes|url=http://www.freebsd.org/cgi/man.cgi?newsyslog%288%29}}</ref> It has the ability to trigger rotation based on file size, time or interval (or any combination thereof). It can compress the archives and send a [[Unix signal|signal]] to a [[Process (computing)|process]] to reset logging. |
|||
| ⚫ | |||
| ⚫ | |||
| ⚫ | Typically, a new logfile is |
||
| ⚫ | Typically, a new logfile is created periodically, and the old logfile is renamed by appending a "1" to the name. Each time a new log file is started, the numbers in the file names of old logfiles are increased by one, so the files "rotate" through the numbers (thus the name "log rotation"). Old logfiles whose number exceeds a threshold can then be deleted or archived off-line to save space. |
||
== References == |
== References == |
||
| Line 13: | Line 41: | ||
[[Category:System administration]] |
[[Category:System administration]] |
||
{{stub}} |
{{comp-stub}} |
||
Latest revision as of 10:02, 7 October 2021
In information technology, log rotation is an automated process used in system administration in which log files are compressed, moved (archived), renamed or deleted once they are too old or too big (there can be other metrics that can apply here). New incoming log data is directed into a new fresh file (at the same location).[1]
The main purpose of log rotation is to restrict the volume of the log data to avoid overflowing the record store, while keeping the log files small enough so viewers can still open them.
Servers which run large applications, such as LAMP stacks, often log every request: in the face of bulky logs, log rotation provides a way to limit the total size of the logs retained while still allowing analysis of recent events.
Even though some arguments in favor of log rotation imply that maintaining smaller files increases writing performance, the size of a file doesn’t affect its writing performance. The reason is that in most modern filesystem implementations, the kernel knows the size of a file, and appending data can happen after performing a seek syscall to position the pointer at the end of the file which is a constant time operation.
Methods of archival
[edit]In Linux log rotation is typically performed using the logrotate command.[2][3] The command can be used to email logs to a systems administrator after log rotation. Dated logs may also be compressed.
In FreeBSD and macOS the newsyslog command is used.[4] It has the ability to trigger rotation based on file size, time or interval (or any combination thereof). It can compress the archives and send a signal to a process to reset logging.
The command is often run as a cron job, which has the effect of fully automatic log rotation.
Typically, a new logfile is created periodically, and the old logfile is renamed by appending a "1" to the name. Each time a new log file is started, the numbers in the file names of old logfiles are increased by one, so the files "rotate" through the numbers (thus the name "log rotation"). Old logfiles whose number exceeds a threshold can then be deleted or archived off-line to save space.
References
[edit]- ^
Kent, Karen; Souppaya, Murugiah (September 2006). "Guide to Computer Security Management: Recommendations of the National Institute of Standards and Technology" (PDF). Special Publication 800-92. Gaithersburg, MD: National Institute of Standards and Technology: Technology Administration, U.S. Department of Commerce. p. 3. Retrieved 2014-10-02.
Log rotation is closing a log file and opening a new log file when the first file is considered to be complete. Log rotation is typically performed according to a schedule (e.g., hourly, daily, weekly) or when a log file reaches a certain size.
- ^ "logrotate (8) - Linux man page". Retrieved February 10, 2013.
- ^ "Log rotation". Retrieved February 10, 2013.
- ^ "newsyslog (8) - maintain system log files to manageable sizes".
 | This computing article is a stub. You can help Wikipedia by expanding it. |