[Techtalk] newsyslog naming scheme could be improved?

Jeremy Chadwick koitsu at FreeBSD.org
Sat Oct 11 16:46:33 UTC 2008 

On Sat, Oct 11, 2008 at 09:33:42AM -0700, Kelly Jones wrote:
> newsyslog rotates logfiles so that messages.0.gz is yesterday's file,
> messages.1.gz is the day before's, etc.
> 
> This is ugly. If I tell my fellow sysadmins that I ran this command:
> 
> zfgrep 'bad thing' /var/log/messages.4.gz
> 
> and found stuff, they may run it the next day and get different
> results because the file is now messages.5.gz

Is it possible to educate your co-workers into looking at timestamps on
files before randomly assuming that EVERYTHING ends up in .4.gz?  :-)
Surely your co-workers aren't that dense.

Or you can have them use zgrep 'bad thing' /var/log/messages.*.gz
and tell them "pay close attention to the timestamps shown!!"  That
might work as a better work-around.

> Improving my cow-orkers intelligence would be the ideal solution, but
> has anyone considered tweaking newsyslog to name files
> messages.2008-10-05-12-00-00.gz or something. IE, give them a constant
> name that doesn't change and then delete them after how many ever
> days?

I'd vote for the following strftime(3) format: "%Y%m%dT%H%M".  Otherwise
known as: YYYYMMDDThhmm

YYYY = Year (4-digit)
  MM = Month (01 to 12)
  DD = Day (01 to 31)
   T = Literal ASCII string "T"
  hh = Hour (24-hour time, e.g. 00 to 23)
  mm = Minute (00 to 59)

The "T" aspect is optional, but it's what we use at my workplace,
and makes recognising the hour-minute portion easier.

I don't think we need second-level granularity on this stuff; even
minute granularity is questionable (because not all logs will get
rotated at exactly 00 minutes; they might take 20 minutes to compress
based on system load, etc...), since you'd have inconsistencies in
the filenames, e.g.:

messages.20081005T0000.gz
messages.20081006T0001.gz
messages.20081007T0001.gz
messages.20081008T0000.gz
messages.20081009T0002.gz

And so on.

Food for thought.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

More information about the Techtalk mailing list