System Log Rotation Utilizing logadm (for Solaris 9 OS Only)

by Kristopher March

Today, most system administrators are looking for ways to maximize their time at work
and are always finding new and efficient ways of carrying out their daily tasks: The built-
in Solaris tool, logadm, is one way to do so. New in the Solaris 9 Operating System,
logadm is found in /usr/sbin.

Monitoring logs of all types found on a Solaris OS-based machine is a role most system
administrators assume on a daily basis. The most typical system log of interest would be
/var/adm/messages. On a busy system, this log file tends to grow rather quickly, thus
making log examination a burdensome task. Numerous other log files could exist on a
Sun server running the Solaris OS, all depending on the configuration. Other applications
send information to a log file. Whether it is informational or critical, the text notices
contained within these log files often provide pertinent data that should be viewed
frequently.

Other log files to note:

• /var/adm/syslog -- Logs common system events

• /var/adm/messages -- Miscellaneous log file for most events on a system
• /var/cron/log -- Logs all jobs run in crontab
• /var/lp/logs/lpsched -- Logs information related to the print services
• /var/adm/pacct -- Used for process accounting

In this Tech Tip, we will discuss the appropriate steps needed to set up and utilize logadm.
In the default configuration, the /var/adm/messages file is already configured to be rotated.
Therefore, we will use the sshdlog as our example. For most environments, running SSH
is a critical component to secure machines. With the combination of Secure FTP and
many users logging in, there is the potential for this file to grow rather quickly over a 24-
hour period. Also, the policies of some computer centers require these files to be archived
for a certain amount of time.

Configuration

logadm is an ideal tool to be run from cron. logadm uses a configuration file found in the
/etc directory. It is called logadm.conf, and there are a couple of ways to customize this
file to best suit your needs.

In this example, we will edit the file directly using the VI editor. Following the
completion of any modification to the /etc/logadm.conf file, we run the logadm ­V file to
check for any errors and to validate the file before going further in our process.

Follow these steps to get started.

*must be completed as uid: root

1. Verify you are running the correct version of the Solaris OS. It should be version 9.

% /usr/bin/uname -r # this will show the version number 5.9

2. Determine which files need to be rotated on a daily basis. Again, we use the sshdlog
found under /var/adm/ in this example. Most other files will work.

3. Make a copy of the logadm in case you need to revert back to the default file.

% cp /etc/logadm.conf  /etc/logadm.conf.orig

4. Edit the file using VI.

% vi /etc/logadm.conf            

5. The syntax for log rotating is as follows:

logname <space> options

Here we use a very simple configuration to rotate these files. Insert the following line:

/var/adm/sshdlog ­C 8 ­P 'Sat Dec  6 08:10:00 2003' ­a 'kill ­HUP `cat \
/var/run/sshd2_22.pid`'

As you can see from the line above, we specified /var/adm/sshdlog as our log to rotate.

The options I choose to use are explained here:

­C -- This option specifies the maximum number of log files to keep. If exceeded, the
oldest file will be deleted to keep the number at 8. If you need to keep these files longer,
change the number to a larger value.

­P -- This option is used to specify a timestamp for the log�s last rotation.

­a -- This option is used to specify a post command that is run once after all logs have
been rotated. Although not entirely necessary, I send a kill signal to the SSH parent PID
to reread any configuration files and send a message to the sshdlog.

6. Once finished editing your file, save it and validate the sshdloglogadm.conf as
specified above.

Many other useful options can be used with the logadm tool. The best reference available
is the man pages on this subject, which are available in the standard man files location:
/usr/bin/man logadm.
Setting Up logadm to Run from cron

Now that you have your logadm configuration file updated and validated, it's time to set up
cron to automatically run logadm so that your log file will be rotated.

As root, open the crontab file and start a new line. Note: I chose to run logadm every night
at 11:58 pm.
/usr/bin/crontab ­e    ­ Insert the following line. 
58 23 * * * /usr/sbin/logadm 

Specified in cron without any options, logadm will use the default configuration file found
in /etc/.

Congratulations! You have successfully set up log rotating and are on your way to adding
other log files that you see fit. Any logs now specified will automatically rotate without
any user intervention.