I have a question about cleaning up of /var on linux. Like we trim the syslog.log and other log files in hpux and then just save the old ones in compressed form. What approach we should adopt in RHEL because in RHEL, they have /var/log/message, message1, 2, and 3. What other things can we check if we are cleaning up /var on RHEL.
Note: If you are the author of this question and wish to assign points to any of the answers, please login first.For more information on assigning points ,click
here
In RHEL the logrotate program is used to rotate/keep versions of your file. In the logrotate.conf you can specify how much versions you want to keep, and other files to rotate.
You should also check /var/spool/ directory, there are some "spool" files like mail and printing files that should be handled. For example, if no one ever reads that root mail, you will have a big file there.
Just run du -sh * in the /var directory to identify where you get the most big directory.
There should also be some available space occupied by the rpm database. The database can be trimmed if you know how, e.g. redundant, i.e. old, versions of packages could be removed from the database. Unfortunately, I'm not too familiar with how. But perhaps the forum can aid.
First, modify the config file /etc/logrotate.conf. Turn on "compress" feature, change "rotate" value, "minsize" value and "weekly" log rotate value to fit your needs.
Take a look at directory /var/log and decide which logs you want to trim on frequent basis. Most to all of them could be trimmed. Then add the log file entries in the config file /etc/logrotate.d/syslog
Run the find command against "/var" mount point to discover other log files that could be candidates for trimming.
Run man logrotate command for more info on logrotate function.
Like Ivan mentioned, almost any Linux distro today uses the logrotate program for rotation of most of the log files on their system (of which most will be found in subdirs named according to their services beneath /var/log)
Especially, on RHEL systems you have the main configuration in /etc/logrotate.conf which merely is a stub for global settings and the wtmp file.
Here, for instance is mine, which is almost the original as installed (except for the tabooext entries)
As you can see, it globally defines to keep 4 rotated generations of log files (unless overridden in a later curly bracketed section. Also note that this global config includes all files that don't end in tabooext suffixes from the directory /etc/logrotate.d, and this is the place where you will find more specific definitions for most of the services that keep log files. For instance, the messages file's rotation is defined in /etc/logrotate.d/syslog
As you can see, all the files listed to the left of the opening curly bracket will be affected by what follows in the block.
If you wish to have your rotate log files to be compressed just place the "compress" keyword in the block, and if you want to keep fewer than 4 generations insert an e.g. "rotate 2" there (rotate 0 would keep no old copies) As you can see from the timestamps of your rotate logs the global default of "weekly" rotations applies. If you require more frequent rotations put the "daily" keyword in the syslog's config block.
There are lots of further keywords that influence the rotation scheme. Please consult "man logrotate".
The execution of logrotate is controlled by cron. In the system's main crontab you will find these entries
Printable version
