xref: /freebsd/usr.sbin/newsyslog/newsyslog.8 (revision 1b6c76a2fe091c74f08427e6c870851025a9cf67)

.\" This file contains changes from the Open Software Foundation.
.\"
.\"	from: @(#)newsyslog.8
.\" $FreeBSD$
.\"
.\" Copyright 1988, 1989 by the Massachusetts Institute of Technology
.\"
.\" Permission to use, copy, modify, and distribute this software
.\" and its documentation for any purpose and without fee is
.\" hereby granted, provided that the above copyright notice
.\" appear in all copies and that both that copyright notice and
.\" this permission notice appear in supporting documentation,
.\" and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
.\" used in advertising or publicity pertaining to distribution
.\" of the software without specific, written prior permission.
.\" M.I.T. and the M.I.T. S.I.P.B. make no representations about
.\" the suitability of this software for any purpose.  It is
.\" provided "as is" without express or implied warranty.
.\"
.Dd April 4, 2000
.Dt NEWSYSLOG 8
.Os
.Sh NAME
.Nm newsyslog
.Nd maintain system log files to manageable sizes
.Sh SYNOPSIS
.Nm
.Op Fl Fnrv
.Op Fl f Ar config_file
.Op Fl a Ar directory
.Op Ar
.Sh DESCRIPTION
.Nm Newsyslog
is a program that should be scheduled to run periodically by
.Xr cron 8 .
When it is executed it archives log files if necessary.  If a log file
is determined to require archiving,
.Nm
rearranges the files so that
.Dq Va logfile
is empty,
.Dq Va logfile Ns Li \&.0
has
the last period's logs in it,
.Dq Va logfile Ns Li \&.1
has the next to last
period's logs in it, and so on, up to a user-specified number of
archived logs.  Optionally the archived logs can be compressed to save
space.
.Pp
A log can be archived for three reasons:
.Bl -enum -offset indent
.It
It is larger than the configured size (in kilobytes).
.It
A configured number of hours have elapsed since the log was last
archived.
.It
This is the specific configured hour for rotation of the log.
.El
.Pp
The granularity of
.Nm
is dependent on how often it is scheduled to run by
.Xr cron 8 .
Since the program is quite fast, it may be scheduled to run every hour
without any ill effects,
and mode three (above) assumes that this is so.
.Pp
When starting up,
.Nm
reads in a configuration file to determine which logs may potentially
be archived.
By default, this configuration file is
.Pa /etc/newsyslog.conf .
Each line of the file contains information about a particular log file
that should be handled by
.Nm .
Each line has five mandatory fields and four optional fields, with
whitespace separating each field.  Blank lines or lines beginning with
``#'' are ignored.  The fields of the configuration file are as
follows:
.Pp
.Bl -tag -width indent
.It Ar logfile_name
Name of the system log file to be archived.
.It Ar owner : Ns Ar group
This optional field specifies the owner and group for the archive file.
The ":" is essential, even if the
.Ar owner
or
.Ar group
field is left blank.  The field may be numeric, or a name which is
present in
.Pa /etc/passwd
or
.Pa /etc/group .
.It Ar mode
Specify the mode of the log file and archives.
.It Ar count
Specify the number of archive files to be kept
besides the log file itself.
.It Ar size
When the size of the log file reaches
.Ar size
in kilobytes,
the log file will be trimmed as described above.  If this field
is replaced by an asterisk
.Pq Ql \&* ,
then the size of the log file is not taken into account
when determining when to trim the log file.
.It Ar when
The
.Ar when
field can consist of an interval, a specific time, or both.  If
the
.Ar when
field is an asterisk
.Pq Ql \&*
log rotation will depend only on the contents of the
.Ar size
field.
Otherwise, the
.Ar when
field consists of an optional interval in hours, optionally followed
by an
.So Li \&@ Sc Ns No -sign
and a time in a restricted
.Tn ISO 8601
format or by an
.So Li \&$ Sc Ns No -sign
and a time specification for logfile rotation at a fixed time once
per day, per week or per month.
.Pp
If a time is specified, the log file will only be trimmed if
.Nm
is run within one hour of the specified time.  If an
interval is specified, the log file will be trimmed if that many hours have
passed since the last rotation.  When both a time and an interval are
specified, both conditions must be satisfied for the rotation to take
place.
.Pp
There is no provision for specification of a timezone.  There is
little point in specifying an explicit minutes or seconds component in
the current implementation, since the only comparison is `within the
hour'.
.Pp
.Sy ISO 8601 restricted time format
.Pp
The lead-in character for a restricted
.Tn ISO 8601
time is
an
.So Li \&@ Sc Ns No -sign .
The particular format of the time in restricted
.Tn ISO 8601
is:
.Sm off
.Oo
.Oo
.Oo
.Oo
.Oo
.Va \&cc
.Oc
.Va \&yy
.Oc
.Va \&mm
.Oc
.Va \&dd
.Oc
.Oo
.Li \&T
.Oo
.Va \&hh
.Oo
.Va \&mm
.Oo
.Va \&ss
.Oc
.Oc
.Oc
.Oc
.Oc .
.Sm on
Optional date fields default to the appropriate component of the
current date; optional time fields default to midnight; hence if today
is January 22, 1999, the following date specifications are all
equivalent:
.Pp
.Bl -item -compact -offset indent
.It
.Sq Li 19990122T000000
.It
.Sq Li 990122T000000
.It
.Sq Li 0122T000000
.It
.Sq Li 22T000000
.It
.Sq Li T000000
.It
.Sq Li T0000
.It
.Sq Li T00
.It
.Sq Li 22T
.It
.Sq Li \&T
.It
.Sq Li \&
.El
.Pp
.Sy Day, week and month time format
.Pp
The lead-in character for day, week and month specification is a
.So Li \&$ Sc Ns No -sign .
The particular format of day, week and month specification is:
.Op Va D\&hh ,
.Op Va W\&w Ns Op Va D\&hh
and
.Op Va M\&dd Ns Op Va D\&hh
respectively.
Optional time fields default to midnight.
The ranges for day and hour secifications are:
.Pp
.Bl -tag -width Ds -compact -offset indent
.It Ar hh
hours, range 0 ... 23
.It Ar w
day of week, range 0 ... 6, 0 = Sunday
.It Ar dd
day of month, range 1 ... 31, or the letter
.Em L
or
.Em l
to specify the last day of the month.
.El
.Pp
Some examples:
.Pp
.Bl -tag -width Ds -compact -offset indent
.It Ar $D0
rotate every night at midnight
.It Ar $D23
rotate every day at 23:00 hr
.It Ar $W0D23
rotate every week on Sunday at 23:00 hr
.It Ar $W5D16
rotate every week on Friday at 16:00 hr
.It Ar $MLD0
rotate at the last day of every month at midnight
.It Ar $M5D6
rotate on every 5th day of month at 6:00 hr
.El
.Pp
.It Ar flags
This optional field specifies if the archive should have any
special processing done to the archived log files.
The
.Ar Z
flag will make the archive files compress to save space by
using
.Xr gzip 1 .
The
.Ar B
flag means that the file is a binary file, and so the
.Tn ASCII
message which
.Nm
inserts to indicate the fact that the logs have been
turned over should not be included.  The
.Ar -
flag means nothing, but can be used as a placeholder when the
.Ar path_to_pid_file
field is specified.
.It Ar path_to_pid_file
This optional field specifies
the file name to read to find the daemon process id.  If this
field is present, a
.Ar signal_number
is sent the process id contained in this
file.  This field must start with "/" in order to be recognized
properly.
.It Ar signal_number
This optional field specifies
the signal number will be sent to the daemon process.
By default
a SIGHUP will be sent.
.El
.Sh OPTIONS
The following options can be used with
.Nm :
.Bl -tag -width indent
.It Fl f Ar config_file
Instruct
.Nm
to use
.Ar config_file
instead of
.Pa /etc/newsyslog.conf
for its configuration file.
.It Fl a Ar directory
Specify a
.Ar directory
into which archived log files will be written.
If a relative path is given,
it is appended to the path of each log file
and the resulting path is used as the directory
into which the archived log for that log file will be written.
If an absolute path is given,
all archived logs are written into the given
.Ar directory .
If any component of the path
.Ar directory
does not exist,
it will be created when
.Nm
is run.
.It Fl v
Place
.Nm
in verbose mode.  In this mode it will print out each log and its
reasons for either trimming that log or skipping it.
.It Fl n
Cause
.Nm
not to trim the logs, but to print out what it would do if this option
were not specified.
.It Fl r
Remove the restriction that
.Nm
must be running as root.  Of course,
.Nm
will not be able to send a HUP signal to
.Xr syslogd 8
so this option should only be used in debugging.
.It Fl F
Force
.Nm
to trim the logs, even if the trim conditions have not been met.  This
option is useful for diagnosing system problems by providing you with
fresh logs that contain only the problems.
.El
.Pp
If additional command line arguments are given,
.Nm
will only examine log files that match those arguments; otherwise, it
will examine all files listed in the configuration file.
.Sh FILES
.Bl -tag -width /etc/newsyslog.confxxxx -compact
.It Pa /etc/newsyslog.conf
.Nm
configuration file
.El
.Sh BUGS
Doesn't yet automatically read the logs to find security breaches.
.Sh AUTHORS
.An Theodore Ts'o ,
MIT Project Athena
.Pp
Copyright 1987, Massachusetts Institute of Technology
.Sh COMPATIBILITY
Previous versions of the
.Nm
utility used the dot (``.'') character to
distinguish the group name.
Begining with
.Fx 3.3 ,
this has been changed to a colon (``:'') character so that user and group
names may contain the dot character.  The dot (``.'') character is still
accepted for backwards compatibility.
.Sh "SEE ALSO"
.Xr gzip 1 ,
.Xr syslog 3 ,
.Xr chown 8 ,
.Xr syslogd 8