System Log Rotation Utilizing logadm (for Solaris 9 OS Only

)

by Kristopher March Today, most system administrators are looking for ways to maximize their time at work and are always finding new and efficient ways of carrying out their daily tasks: The builtin Solaris tool, logadm, is one way to do so. New in the Solaris 9 Operating System, logadm is found in /usr/sbin. Monitoring logs of all types found on a Solaris OS-based machine is a role most system administrators assume on a daily basis. The most typical system log of interest would be /var/adm/messages. On a busy system, this log file tends to grow rather quickly, thus making log examination a burdensome task. Numerous other log files could exist on a Sun server running the Solaris OS, all depending on the configuration. Other applications send information to a log file. Whether it is informational or critical, the text notices contained within these log files often provide pertinent data that should be viewed frequently. Other log files to note:
• • • • •

-- Logs common system events /var/adm/messages -- Miscellaneous log file for most events on a system /var/cron/log -- Logs all jobs run in crontab /var/lp/logs/lpsched -- Logs information related to the print services /var/adm/pacct -- Used for process accounting
/var/adm/syslog

In this Tech Tip, we will discuss the appropriate steps needed to set up and utilize logadm. In the default configuration, the /var/adm/messages file is already configured to be rotated. Therefore, we will use the sshdlog as our example. For most environments, running SSH is a critical component to secure machines. With the combination of Secure FTP and many users logging in, there is the potential for this file to grow rather quickly over a 24hour period. Also, the policies of some computer centers require these files to be archived for a certain amount of time.

Configuration

is an ideal tool to be run from cron. logadm uses a configuration file found in the /etc directory. It is called logadm.conf, and there are a couple of ways to customize this file to best suit your needs.
logadm

In this example, we will edit the file directly using the VI editor. Following the completion of any modification to the /etc/logadm.conf file, we run the logadm ­V file to check for any errors and to validate the file before going further in our process. Follow these steps to get started.

*must be completed as uid: root 1. Verify you are running the correct version of the Solaris OS. It should be version 9.
% /usr/bin/uname -r # this will show the version number 5.9

2. Determine which files need to be rotated on a daily basis. Again, we use the sshdlog found under /var/adm/ in this example. Most other files will work. 3. Make a copy of the logadm in case you need to revert back to the default file.
% cp /etc/logadm.conf  /etc/logadm.conf.orig

4. Edit the file using VI.
% vi /etc/logadm.conf            

5. The syntax for log rotating is as follows:
logname <space> options

Here we use a very simple configuration to rotate these files. Insert the following line:
/var/adm/sshdlog ­C 8 ­P 'Sat Dec  6 08:10:00 2003' ­a 'kill ­HUP `cat \ /var/run/sshd2_22.pid`'

As you can see from the line above, we specified /var/adm/sshdlog as our log to rotate. The options I choose to use are explained here: -- This option specifies the maximum number of log files to keep. If exceeded, the oldest file will be deleted to keep the number at 8. If you need to keep these files longer, change the number to a larger value.
­C ­P ­a

-- This option is used to specify a timestamp for the log�s last rotation.

-- This option is used to specify a post command that is run once after all logs have been rotated. Although not entirely necessary, I send a kill signal to the SSH parent PID to reread any configuration files and send a message to the sshdlog. 6. Once finished editing your file, save it and validate the sshdloglogadm.conf as specified above. Many other useful options can be used with the logadm tool. The best reference available is the man pages on this subject, which are available in the standard man files location: /usr/bin/man logadm.

Setting Up logadm to Run from cron

Now that you have your logadm configuration file updated and validated, it's time to set up cron to automatically run logadm so that your log file will be rotated. As root, open the crontab file and start a new line. Note: I chose to run logadm every night at 11:58 pm.
/usr/bin/crontab ­e    ­ Insert the following line.  58 23 * * * /usr/sbin/logadm 

Specified in cron without any options, logadm will use the default configuration file found in /etc/. Congratulations! You have successfully set up log rotating and are on your way to adding other log files that you see fit. Any logs now specified will automatically rotate without any user intervention.