Slackware 10.2. A Couple Of Words About Logrotate And Syslog.

Save somewhere the original configuration files and current working versions of such files. Sometimes it will be very useful. Because Nobody Knows The Whole Story.

Especially in advance.

Consider the addition of some lines in your /etc/syslog.conf file.
Format entry: facility.priority /path/to/file.

Minus sign in front of the /path/to/file is placed to omit syncing the file after every logging. I never use this minus, let it syncs.
man syslog.conf (and related) sometime helps.

Consider the possibility of particular soft combination with its log info. For eg., you can say at /etc/ssh/sshd_config that you want to log from sshd with LOCAL7.INFO priority at file /var/log/local7sshd.log

/etc/ssh/sshd_config:

…
# Logging
# obsoletes QuietMode and FascistLogging
SyslogFacility LOCAL7
LogLevel INFO
…

/etc/syslog.conf:

…
# This log is for news and uucp errors:
uucp,news.crit -/var/log/spooler# ADDED STUFF

local7.* /var/log/local7sshd.log
…

It is possible to check if syslog adequate understands the new entry. You should restart syslog after the editting of the syslog.conf and say (man logger):

user@pc # logger -p local7.info hey_dude

Among many other possible configurations of the logrotate package, consider the possibility of such configuration:

/etc/logrotate.conf:

# /etc/logrotate.conf
#
# logrotate is designed to ease administration of systems that generate large
# numbers of log files.  It allows automatic rotation, compression, removal, and
# mailing of log files.  Each log file may be handled daily, weekly, monthly, or
# when it grows too large.
#
# logrotate is normally run daily from root's crontab.
#
# For more details, see "man logrotate".

# rotate log files weekly:
weekly

# keep 52 weeks worth of backlogs:
rotate 52

# create new (empty) log files after rotating old ones:
create

# uncomment this if you want your log files compressed:
compress

# instead of rotation numbers print YYYYMMDD
dateext

# uncomment this if you want your log files compressed
compress

# option .-9. for default gzip compression
compressoptions -9

# next time will be copressed
delaycompress

# some packages install log rotation information in this directory:
include /etc/logrotate.d

# Rotate /var/log/wtmp:
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}

# Note that /var/log/lastlog is not rotated.  This is intentional, and it should
# not be.  The lastlog file is a database, and is also a sparse file that takes
# up much less space on the drive than it appears.

user@pc # cat /etc/logrotate.d/syslog

/var/log/cron /var/log/maillog /var/log/syslog {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` 2>/dev/null || true
endscript
}

This log rotation runs every day at 04:40 via crond (man crond):

user@pc:/etc/cron.daily# crontab -l
# If you don’t want the output of a cron job mailed to you, you have to direct
# any output to /dev/null.  We’ll do this here since these jobs should run
# properly on a newly installed system, but if they don’t the average newbie
# might get quite perplexed about getting strange mail every 5 minutes. :^)
#
# Run the hourly, daily, weekly, and monthly cron jobs.
# Jobs that need different timing may be entered into the crontab as before,
# but most really don’t need greater granularity than this.  If the exact
# times of the hourly, daily, weekly, and monthly cron jobs do not suit your
# needs, feel free to adjust them.
#
# Run hourly cron jobs at 47 minutes after the hour:
47 * * * * /usr/bin/run-parts /etc/cron.hourly 1> /dev/null
#
# Run daily cron jobs at 4:40 every day:
40 4 * * * /usr/bin/run-parts /etc/cron.daily 1> /dev/null
#
# Run weekly cron jobs at 4:30 on the first day of the week:
30 4 * * 0 /usr/bin/run-parts /etc/cron.weekly 1> /dev/null
#
# Run monthly cron jobs at 4:20 on the first day of the month:
20 4 1 * * /usr/bin/run-parts /etc/cron.monthly 1> /dev/null

user@pc:/etc/cron.daily# more /etc/cron.daily/logrotate
#!/bin/sh
/usr/sbin/logrotate /etc/logrotate.conf
user@pc:/etc/cron.daily#

[TS]