HPE Community
Operating System - HP-UX
1847190 Members
3691 Online
110263 Solutions
New Discussion

Triming of logfiles 3 months old entries

 
Henry Chua
Super Advisor

‎03-21-2005 11:58 AM

‎03-21-2005 11:58 AM

Triming of logfiles 3 months old entries

Hi Guys,

I want to remove 3months old entries in a logfile how should I go about doing it?

Thanks!
Henry
0 Kudos
Reply
6 REPLIES 6
A. Clay Stephenson
Acclaimed Contributor

‎03-21-2005 01:09 PM

‎03-21-2005 01:09 PM

Re: Triming of logfiles 3 months old entries

That depends entirely upon the format of each logfile. I assume each entry has some sort of timestamp. The usual method of doing this is to read the entire logfile one entry at a time and decide if each entry is a keeper or a throwaway. The keepers go into a new temporary file and the throwaways are simply ignored. At the end, you mv the temp file to the logfile and you are done.
If it ain't broke, I can fix that.
0 Kudos
Reply
Indira Aramandla
Honored Contributor

‎03-21-2005 02:30 PM

‎03-21-2005 02:30 PM

Re: Triming of logfiles 3 months old entries

Hi Henry,

Your log file entries must be having some kind of date specification.
For example
An oracle alert log entries with date specification as Tue Mar 1 17:58:49 2005
A syslog will have entries with date specification as Feb 9 16:15:00

As Clay mentioned, you will have to read the entire file compare each line with the date format and decide if the entry needs to be deleted ot remains in the file.

You can use the date command formats to compare the date specification in your log file.

For eg:- `date +"%a %b %e %E"` will return Tue Mar 22 2005. So dependig on the date specification use the paramters and cat the log file from beginning to end in a look read each LINE and compare the date.

Indira A
Never give up, Keep Trying
0 Kudos
Reply
Fred Martin_1
Valued Contributor

‎03-23-2005 02:19 AM

‎03-23-2005 02:19 AM

Re: Triming of logfiles 3 months old entries

I keep an archive directory, and one the first of each month a script runs in root cron, that copies certain log files (syslog, cronlog, mail log, lp log, and some database logs specific to us).

As they are copied they have the date appended to the name, such as:
/arch/logs/syslog.2005-02-01
/arch/logs/mail.2005-02-01

After the files are copied to the arch directory, the oldest of each are removed by the script. I keep six months worth in there.

Then the script zero's out each log file, using:
/usr/bin/cat /dev/null > $logfile

That's how I handle mine. I don't do wtmp and btmp in this manner but I'm considering it. Any comments from readers on that? Can I use the same menthod as I do for the others?

Otherwise Henry, I hope this helps.

Fred
fmartin@applicatorssales.com
0 Kudos
Reply
Scott Lindstrom_2
Regular Advisor

‎03-28-2005 07:33 AM

‎03-28-2005 07:33 AM

Re: Triming of logfiles 3 months old entries

There are probably more elegant ways to handle trimming wtmp, but this is what I do.

Scott Lindstrom
0 Kudos
Reply
Scott Lindstrom_2
Regular Advisor

‎03-28-2005 07:35 AM

‎03-28-2005 07:35 AM

Re: Triming of logfiles 3 months old entries

sorry - you need to take out the 'exit 0' that's before the second execution of 'fwtmp'.

Scott
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎03-28-2005 07:38 AM

‎03-28-2005 07:38 AM

Re: Triming of logfiles 3 months old entries

Have a look at logrotate:

http://hpux.ee.ualberta.ca/hppd/hpux/Sysadmin/logrotate-2.5/

Logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.