Packages required

apt-get install socklog-run

requires runit (or supervise).

Preserve valuable information from sysklogd

syslogd-listfiles > logfiles
syslogd-listfiles --auth >> logfiles
syslogd-listfiles --weekly >> logfiles

This should give the following logfiles:

/var/log/syslog
/var/log/auth.log
/var/log/mail.warn
/var/log/uucp.log
/var/log/user.log
/var/log/daemon.log
/var/log/messages
/var/log/debug
/var/log/auth.log
/var/log/mail.err
/var/log/mail.log
/var/log/kern.log
/var/log/lpr.log
/var/log/mail.info

modifications to socklog

/var/log/socklog/syslog/config:

s999999
n5
+*
-auth.*
-authpriv.*
-daemon.info*

/var/log/socklog/debug/config:

s999999
n5
-*
+*.debug*
-auth.*
-authpriv.*
-news.*
-mail.*

create /var/log/socklog/messages:

install -d -m 750 /var/log/socklog/messages

/var/log/socklog/messages/config:

s999999
n5
+*.info*
+*.notice*
+*.warn*
-authpriv.*
-auth.*
-cron.*
-daemon.*
-mail.*
-news.*

/etc/socklog/unix/log/run:

#!/bin/sh
exec chpst -ulog svlogd \
  main/main main/auth main/cron main/daemon main/debug main/ftp \
  main/kern main/local main/mail main/news main/syslog main/user \
  main/messages
}}
(Just add a \ to the last line and append `main/messages`)

Signal socklog:
{{{
svc -t /service/socklog-unix/log/run

modify the /var/log directory

Essentially replace the files by symlinks pointing to socklog/*/current

Example:

determine the medium daily logsize: zcat auth.log.*.gz > logsize * divide the filesize in bytes of logsize between the number of *.log files: * ls -l logsize * echo $((###/7)) * rm logsize * set this as the filesize in the log/auth/config file
eventually save the current logs: savelog -c 100 -n auth.log
link: ln -s log/auth/current auth.log

CategoryTips