pkg://chklogs-2.0-3.tar.gz:163018/
chklogs-2.0-3/
doc/chklogs.8
downloads
.\" $Header: /home/projects/cvs/chklogs/docs/chklogs.8,v 1.6 1997/09/28 19:45:55 grimaldo Exp $
.TH chklogs 8 "v2.0 - 31 August 1997"
.ds )H System Administration
.ds ]W SIARCO, S.A., Panama : August 1997
.SH NAME
chklogs \- Check and archive system log files
.SH SYNOPSIS
.B chklogs
.RI "[ " -amwctv " ]"
.SH DESCRIPTION
.I chklogs
Will check the system logs that are registered in the
.I Configuration
file and take appropriate user-specified action. The reason for this
is to keep the system log sizes in check so that they don't grow
too large. These system logs need to be trimmed from time to time.
Additionaly it is also possible to limit the number of archived logs.
As of version 1.8 chklogs has an administrative program in addition
to the main script and supports time-oriented logs rather than only
size-oriented logs as well as several other nice features.
The main actions taken by the script are: to truncate overgrown logs to
zero size (
.I truncate
), to compress (GNU zip) and archive overgrown logs (
.I archive
) while performing archive shuffling, to execute (
.I execute
) a user-specified handler/program/script and to
.I warn
the user/administrator that certain actions (the first three) need to be
taken for some logs. Additionally it is possible to mail the report
instead of displaying the results in the console. Chklogs can also
check the presence of (possibly archived) logs and test the integrity
of the Configuration File. Other administrative stuff is done with the
.I chklogsadm
program.
.SH The Configuration File chklogs.conf
First you need to know the location of the system logs that are
active in your system/distribution. For
.I each
logfile that is to be controlled under chklogs you must provide the
full path name of the logfile, the maximum allowed size, the default
action
.I archive
,
.I truncate
or
.I execute
and the maximum number of archived logs before automatically deleting
the oldest archive (
.I shuffling
). This information is kept in a plain ASCII file in columnar fashion.
For the archive action you must also specify the maximum number of
archivals before shuffling. Truncate needs no further parameter while
Execute needs a parameter (the 4th column) indicating which external
program is to be executed whe the log grows too big. Do note that the
truncate action cuts your log down to zero byte size!. The format of
the configuration file is described in
.B chklogs.conf (5).
The location of the configuration file is usually
.I /etc/chklogs.conf
but chklogs can be configured to look for it somewhere else.
The configuration file contains a series of records for each of the
logs to be controlled. A comment line starts with a
.I #
character in the first column.
A sample configuration file would look like this:
.RE
.nf
###################################################################
# ChkLogs v1.9 configuration file for host panama
#
# Copyright (C)1995,1996,1997 D. Emilio Grimaldo T.
#
#:options global
#:global /var/log/chklogs
/var/spool/uucp/Log 8000 truncate
# The Syslogd daemon follows
#:group syslog
#:pre /usr/local/sbin/tidy -m
#:post /root/perl/cdk_stub stop
/var/spool/syslog/syslog 10000 archive 5
/var/log/news/nntpsend.log 5000 archive 8
# Prepare PPP statistics on the fly
/var/spool/syslog/ppp.log 9999 execute /usr/bin/ppp-report %L
.fi
.SH CONFIGURATION
If you are installing the Chklogs package, libraries and helpers in a
directory other than
.I /usr/local/lib/chklogs/
you will need to modify the default library search path in the
.B chklogs
and
.B chklogsadm
scripts by modifying the line reading:
.nf
use lib "/usr/local/lib/chklogs";
.fi
to whatever you chose. However keeping this default will make your
future upgrade procedures easier. Some of the Perl helper scripts might
also need adjusting. In any case the configuration variables section
is clearly marked.
You may need to adjust some variables and paths in the module file
.B Chklogs.pm
and the main script
.B chklogs.
.PP
In the library file there is a clearly marked configuration section
that contains some important variables used by the library, the
administrative program and the main script.
Additionally you
.I might
need to modify some of the defaults given in some of the configuration
variables of the
.B chklogs
script, though the defaults should work in most Unix flavours. These are:
.TP
.B $zipper
The command used to invoke the program that will compress
the offending log. Defaults to `/bin/gzip'. You may also use '/bin/compress'.
.TP
.B $zipext
The extension given to the compressed file by the $zipper. Defaults to `gz'.
But if you chose `compress' above, you should use 'Z' here instead.
.TP
.B $mailer
The actual mailer program and any options. Defaults to
`/usr/sbin/sendmail -ep -i '.
.TP
.B $maxlogs
Specifies the maximum numbers of archived logs for a given
log type to prevent an excess of archived logs if you abandon
your system for some time. If the maximum is reached
.I shuffling
is done, the oldest archived log is removed to make space for
the newest one. Defaults to 5. Notice that this default is only
used if the value specified in the Configuration file is invalid or zero.
.TP
.B $syslogF
The full pathname (including basename!) of the
.I syslog.pid
file. This is used to send
.I SIGSTOP
and
.I SIGCONT
to syslogd while chklogs works on the logs. Default is
.I /var/run/syslog.pid
. As of v2.0 this is only a filename, the path is taken from the
.I $VarRun
configuration variable. However, for backwards compatibility
syslogF can be a fully qualified name in which case VarRun is ignored
for the purpose of finding the Syslog Daemon configuration file.
.PP
There are other built-in defaults which you will find in the library/
module file
.I Chklogs.pm
which are described in the Chklogs Resource File manual page
.I chklogsrc(5).
.SH OPTIONS
Chklogs could be used at the system administrator's discretion, or
by creating a cron entry or by having it execute at boot time. The
first two seem more appropriate.
Chklogs will compare the maximum allowable sizes/age for each log -as
given in the configuration - against the actual size of the log file
being examined. Then a report is produced that will include as
part of the header:
.PP
.BI -
The location of the Configuration file
.br
.BI -
The hostname of the machine in which chklogs was run.
.br
.BI -
The date when the script was run
.br
.BI -
Column headings for the contents of the report
.br
.BI -
The generic name of archived logs if archiving is enabled
.PP
The report produced by chklogs, whether sent to the standard output
device or by mail will include the following information for
.I each
of the examined system logs:
.PP
.BI -
The fully qualified filename of the system logfile
.br
.BI -
The current size/age of the log
.br
.BI -
The maximum allowed size/age as specified in the Configuration file
.br
.BI -
Action (to be) taken. When warning this will become
.I ok
,
.I truncate!
or
.I archive!
but when an action has been taken then it is either
.I truncated
,
.I archived
or
.I execute
.
.PP
.TP
.B -m
Mail report. This option can be used with -a and -w. No report will be
produced on standard output device. The report will be mailed if and
only if any action has been taken or needs to be taken. So if at least
one log has grown past its allowed size a mail will be sent to the
.I $admin
user. This report contains the same header as described above. This
is a good option if the script is run on a crontab. My crontab looks
like this:
.br
# crontab file for root
.br
00 21 * * sun /home/root/bin/chklogs -m
Thus running every Sunday at 21:00 hours.
.TP
.B -a
Archive override. Can be used with -m. The overgrown logs will be
processed as usual and a report will be produced. The difference lies
in the override attribute, that is if the Configuration specified
.I truncate
for action, it will be overriden and an archive will be made instead.
This is useful when used manually to force archivals for later
perusal. When a log is archived (not necessarily with override) it
is compressed, a time stamp of the form YYMMDD is present in the
logname and a new log with the same permissions and ownerships is
created (some programs do not re-create logs). Also if the maximum
number of archived logs has been reached, the oldest one is removed
so as to save your disk space.
.TP
.B -w
Warn. Can be used with -m. A report will be produced but no action
will be taken by chklogs. For example if you want to mail a reminder
to the admin user that some logs need maintenace, use the -m and -w
options combined as in
.I chklogs -m -w
.TP
.B -t
Test Configuration File. This will only check the sanity of the config
file and produce a formatted listing of the index on stdout.
.TP
.B -c
Only makes use of the
.I Configuration File
to give a listing (on stdout) of
.I all
log files (archived or not) that
are present in the system. This option is useful to have a quick
overview of what (archived) logs are in the filesystem.
.TP
.B -v
Displays the version identification of chklogs and its library version.
When no option is specified chklogs will process the logs and take
the appropiate action. If several options are specified then each
must be preceeded by a dash, with at least a space within options.
.SH FILES
.I /etc/chklogs.conf
.br
.I /var/log/.chklogsdb
.br
.I /usr/local/lib/chklogs/chklogsrc
.br
.I $HOME/chklogsrc
.br
.I /var/run/syslog.pid
.SH SEE ALSO
chklogs.conf(5), chklogsadm(8)
.SH AUTHOR
.I chklogs
Copyright (C) Didimo Emilio Grimaldo Tunon
.br
grimaldo@panama.iaehv.nl
