I was a bit confused as to why my
/var/log/syslog was getting rotated every day, while everything else was weekly, or handled directly by a specific configuration in
The script at
/etc/cron.daily/syslogd will rotate all files that are the output
syslogd-listfiles each day. The same script at
/etc/cron.weekly/syslogd will rotate all files that are the output of
syslogd-listfiles --weekly on a weekly basis.
syslogd-listfiles is controlled by
/etc/syslog.conf. Near the top of the configuration file, you’ll see the configuration for syslog:
The “*.*” is an ‘everything’ directive (see my $everything in
/usr/sbin/syslogd-listfiles). My goal was to preserve my syslog for more than seven days since it is a relatively inactive machine. I ended up adding a new directive to allow the syslog (and auth) messages to be logged and rotated every day, and logged to syslog which will only be rotated once a week.
It might be a bit clumsy but it solves my two problems, by creating two syslogs.
- I need *.* to be logged somewhere as a catchall
- I want syslog to be rotated only once a week
You definitely do not want to do this on a busy machine, but if your syslogs are not that big and you want to keep them around a while, this is a good way to accomplish that.
My preference for server side Linux is Debian 4. As with most distributions, most of the system files are rotated on a daily, weekly, and monthly basis by logrotate. For example, in Debian the log files for apache2, aptitude, and clamav are all handled by logrotate, and the configuration files are located in /etc/logrotate.d/
create 640 root www-data
if [ -f /var/run/apache2.pid ]; then
/etc/init.d/apache2 restart > /dev/null
I was finding that my postfix log, mail.log, was getting rotated more often, even though it was really not very large. Sometimes it would rotate every day, sometimes every two days. But I couldn’t find any logrotate config files for the postfix logs. After a bit of searching I discovered that the mail facilities are handled by savelog, which operates in sysklogd. sysklogd is a script that runs in the daily cron at /etc/cron.daily/sysklogd.
A bit of the script is here, and you can see the savelog command:
for LOG in `syslogd-listfiles`
if [ -s $LOG ]; then
savelog -g adm -m 640 -u root -c 7 $LOG >/dev/null
So what is syslogd-listfiles? It will show you all files that are to be logged with syslogd.
silver:/etc/cron.daily# syslogd-listfiles --all