[asterisk-users] OT - log rotation [solved]

Sat Sep 5 11:24:23 CDT 2009

On Fri, 4 Sep 2009, Steve Edwards wrote:

>> Thank God Asterisk can be configured to use syslog. I think Asterisk 
>> should "deprecate" logging to files to "encourage" users to "get with 
>> best practices."

On Sat, 5 Sep 2009, Olivier wrote:

> Do you imply "asterisk -rx "logger reload" " is not needed anymore with 
> syslog ?

Correct. With syslog, the application (Asterisk, Apache, Sendmail, Kernel, 
and finally, as of 5.1.20, MySQL) just spews out whatever they have been 
configured to be "loggable." Log rotation then becomes a single problem 
handled by a single application, syslogd.

> Personnaly, I don't really know why I'm using Asterisk specific log 
> files. Maybe, using syslog would help to improve log management without 
> changing habits.

Syslog removes log management from each application and puts it in one 
place (syslogd) with one configuration file (/etc/syslog.conf). Each 
application still gets to decide what should be logged, but what happens 
to the log message is up to syslogd.

> With syslog, do you still keep Asterisk log files separate from main 
> /var/log/syslog, for instance ?

You can, but I don't. I do it like this:

) Configure every host to use ntp so all hosts have the same accurate 
time.

) Configure every application to use syslog.

) Configure syslogd on every host to send all of the log messages to a 
single loghost. This means every host but the log host has a single line 
(except for comments) in /etc/syslog.conf -- "*.* @loghost"

) Configure syslogd on the log host to dump all of the log messages into a 
single file. Again, a single line -- "*.* /var/log/system-log"

) Each day, system-log is "rotated" to system-log-$(date "+%d"). This way, 
I always have 30 days of logs on tap to look at. After that, the log file 
is over-written. This way, I don't have to worry about logs consuming all 
disk space. If nobody noticed the problem in 30 days, it wasn't that 
important :)

This configuration means that no host except the log host accumulates log 
files that need to be looked at, analyzed, rotated, or deleted. All the 
action is in one place on one host.

When something bad is happening, you only have to look in a single place. 
True, it can be like trying to drink from a fire hydrant, but that's what 
grep is for.

I find that things rarely happen in isolation and having every log message 
in a single place, in a consistent format, and temporally close to each 
other helps me to figure out what's going on.

A disk drive in your PSTN to IAX conversion host logs that it's 
temperature has risen 3 degrees and your conference host logs 10 hangups 
in the same second. Is it related?

If the log messages are right next to each other on the screen in front of 
you, you might make a connection.

-- 
Thanks in advance,
-------------------------------------------------------------------------
Steve Edwards       sedwards at sedwards.com      Voice: +1-760-468-3867 PST
Newline                                              Fax: +1-760-731-3000