随着时间的推移,我注意到/ var / log中的一些日志,如auth,kern和消息变得越来越大.我为他们制作了logrotate条目：

$cat /etc/logrotate.d/auth.log 
/var/log/kern.log {
    rotate 5
    daily
}
$cat /etc/logrotate.d/kern.log 
/var/log/kern.log {
    rotate 5
    daily
}
$cat /etc/logrotate.d/messages 
/var/log/messages {
    rotate 5
    daily
    postrotate
        /bin/killall -HUP syslogd
    endscript
}

我也启用了压缩选项：

$grep compress /etc/logrotate.conf 
# uncomment this if you want your log files compressed
compress

这适用于auth.log,kern.log和其他日志,这意味着每个日志都经过gzip压缩和旋转,并保留最后5天的日志.然而,/ var / log / messages没有被压缩,导致超过5天的日志：

$ls /var/log/messages*
/var/log/messages           /var/log/messages-20100213
/var/log/messages-20100201  /var/log/messages-20100214
/var/log/messages-20100202  /var/log/messages-20100215
/var/log/messages-20100203  /var/log/messages-20100216
/var/log/messages-20100204  /var/log/messages-20100217
/var/log/messages-20100205  /var/log/messages-20100218
/var/log/messages-20100206  /var/log/messages-20100219
/var/log/messages-20100207  /var/log/messages-20100220
/var/log/messages-20100208  /var/log/messages-20100221
/var/log/messages-20100209  /var/log/messages-20100222
/var/log/messages-20100210  /var/log/messages-20100223
/var/log/messages-20100211  /var/log/messages-20100224
/var/log/messages-20100212

如another logrotate question on ServerFault中所述,旧日志(很可能)未被删除,因为每个文件的文件结尾不同.这似乎是因为文件没有被gzip压缩.

如果保留/ var / log / messages与最后5天的日志一样,我可以做什么,就像我的所有其他日志文件一样？我错过了什么？

编辑1：前几个答案中要求的其他信息.

我正在运行Gentoo Linux.我的/etc/logrotate.conf文件：

$cat /etc/logrotate.conf 
# $Header: /var/cvsroot/gentoo-x86/app-admin/logrotate/files/logrotate.conf,v 1.3 2008/12/24 20:49:10 dang Exp $
#
# Logrotate default configuration file for Gentoo Linux
#
# See "man logrotate" for details
# rotate log files weekly
weekly
#daily
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
compress
# packages can drop log rotation information into this directory
include /etc/logrotate.d
notifempty
nomail
noolddir
# no packages own lastlog or wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}
/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

/etc/logrotate.d包含我上面提到的自定义配置文件以及这些包安装的MysqL,rsync等配置.

我的root crontab是空的：

$sudo crontab -l
no crontab for root

我检查了所有/etc/cron.{daily,hourly,monthly,weekly}以查找与syslog相关的内容,并且有一个旋转/ var / log / syslog和/var/log/auth.log的脚本.

接下来,我按照CarpeNoctem的建议制作了一个/ var / log / messages-only logrotate配置文件：

$cat logrotate-messages 
weekly
rotate 4
create
dateext
compress
notifempty
nomail
noolddir
/var/log/messages {
    rotate 5
    daily
    postrotate
        /bin/killall -HUP syslogd
    endscript
}

然后我手动运行logrotate：

$logrotate -d logrotate-messages -f
reading config file logrotate-messages
reading config info for /var/log/messages 

Handling 1 logs

rotating pattern: /var/log/messages  forced from command line (5 rotations)
empty log files are not rotated,old logs are removed
considering log /var/log/messages
  log needs rotating
rotating log /var/log/messages,log->rotateCount is 5
dateext suffix '-20100224'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs Failed
renaming /var/log/messages to /var/log/messages-20100224
creating new /var/log/messages mode = 0644 uid = 0 gid = 0
running postrotate script
running script with arg /var/log/messages : "
        /bin/killall -HUP syslogd
"
compressing log with: /bin/gzip
$which gzip
/bin/gzip
$file /bin/gzip
/bin/gzip: ELF 32-bit LSB executable,Intel 80386,version 1 (SYSV),dynamically linked (uses shared libs),for GNU/Linux 2.6.9,stripped

根据上面的日志,logrotate使用/ bin / gzip压缩日志,但我没有在/ var / log中看到压缩消息文件.此外,旧旋转文件的globbing失败.

编辑2：在将旧的/ var / log / message- *文件附加.gz后缀后添加logrotate运行的调试输出.

我们从：

$ls /var/log/messages*
/var/log/messages              /var/log/messages-20100222.gz
/var/log/messages-20100219.gz  /var/log/messages-20100223.gz
/var/log/messages-20100220.gz  /var/log/messages-20100224.gz
/var/log/messages-20100221.gz

然后使用我们的自定义配置文件运行logrotate：

$logrotate -d logrotate-messages -f
reading config file logrotate-messages
reading config info for /var/log/messages 

Handling 1 logs

rotating pattern: /var/log/messages  forced from command line (5 rotations)
empty log files are not rotated,log->rotateCount is 5
dateext suffix '-20100224'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
removing /var/log/messages-20100219.gz
removing old log /var/log/messages-20100219.gz
destination /var/log/messages-20100224.gz already exists,skipping rotation

这次,logrotate的glob成功并找到第六个压缩日志文件,打算将其删除.该文件实际上没有删除;我猜那是因为我们在调试模式下运行.

我很好奇是否为/ var / log / messages启用delaycompress选项会有所帮助.我启用了它,并将在第二天早上检查结果.

delaycompress
          Postpone  compression of the prevIoUs log file to the next rota‐
          tion cycle.  This only has effect when used in combination  with
          compress.   It  can  be used when some program cannot be told to
          close its logfile and thus might continue writing to the  previ‐
          ous log file for some time.

# sample logrotate configuration file
   compress

   /var/log/messages {
       rotate 5
       weekly
       postrotate
           /usr/bin/killall -HUP syslogd
       endscript
   }