From owner-freebsd-questions@FreeBSD.ORG Sat Oct 11 16:46:36 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFAEB106569A for ; Sat, 11 Oct 2008 16:46:36 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from QMTA09.westchester.pa.mail.comcast.net (qmta09.westchester.pa.mail.comcast.net [76.96.62.96]) by mx1.freebsd.org (Postfix) with ESMTP id 5E1A38FC1C for ; Sat, 11 Oct 2008 16:46:35 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from OMTA02.westchester.pa.mail.comcast.net ([76.96.62.19]) by QMTA09.westchester.pa.mail.comcast.net with comcast id RPST1a00D0QuhwU59UmbDk; Sat, 11 Oct 2008 16:46:35 +0000 Received: from koitsu.dyndns.org ([69.181.141.110]) by OMTA02.westchester.pa.mail.comcast.net with comcast id RUma1a0012P6wsM3NUmaCh; Sat, 11 Oct 2008 16:46:35 +0000 X-Authority-Analysis: v=1.0 c=1 a=0S9BgbUwaBQA:10 a=5Ang4VBPdZ8A:10 a=QycZ5dHgAAAA:8 a=0eE5fOn9c5oJVCDZMUsA:9 a=vsU6beKdr66TruKs_yQA:7 a=VcQjKuvoyLo0aN4z6bLPPlYc1EMA:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10 Received: by icarus.home.lan (Postfix, from userid 1000) id C57F6C9419; Sat, 11 Oct 2008 09:46:33 -0700 (PDT) Date: Sat, 11 Oct 2008 09:46:33 -0700 From: Jeremy Chadwick To: Kelly Jones Message-ID: <20081011164633.GA67326@icarus.home.lan> References: <26face530810110933o1403705o625586ac53b309fb@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <26face530810110933o1403705o625586ac53b309fb@mail.gmail.com> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: techtalk@linuxchix.org, freebsd-questions@freebsd.org, nmosug-l@mailman.swcp.com, nmlug@nmlug.org Subject: Re: newsyslog naming scheme could be improved? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Oct 2008 16:46:36 -0000 On Sat, Oct 11, 2008 at 09:33:42AM -0700, Kelly Jones wrote: > newsyslog rotates logfiles so that messages.0.gz is yesterday's file, > messages.1.gz is the day before's, etc. > > This is ugly. If I tell my fellow sysadmins that I ran this command: > > zfgrep 'bad thing' /var/log/messages.4.gz > > and found stuff, they may run it the next day and get different > results because the file is now messages.5.gz Is it possible to educate your co-workers into looking at timestamps on files before randomly assuming that EVERYTHING ends up in .4.gz? :-) Surely your co-workers aren't that dense. Or you can have them use zgrep 'bad thing' /var/log/messages.*.gz and tell them "pay close attention to the timestamps shown!!" That might work as a better work-around. > Improving my cow-orkers intelligence would be the ideal solution, but > has anyone considered tweaking newsyslog to name files > messages.2008-10-05-12-00-00.gz or something. IE, give them a constant > name that doesn't change and then delete them after how many ever > days? I'd vote for the following strftime(3) format: "%Y%m%dT%H%M". Otherwise known as: YYYYMMDDThhmm YYYY = Year (4-digit) MM = Month (01 to 12) DD = Day (01 to 31) T = Literal ASCII string "T" hh = Hour (24-hour time, e.g. 00 to 23) mm = Minute (00 to 59) The "T" aspect is optional, but it's what we use at my workplace, and makes recognising the hour-minute portion easier. I don't think we need second-level granularity on this stuff; even minute granularity is questionable (because not all logs will get rotated at exactly 00 minutes; they might take 20 minutes to compress based on system load, etc...), since you'd have inconsistencies in the filenames, e.g.: messages.20081005T0000.gz messages.20081006T0001.gz messages.20081007T0001.gz messages.20081008T0000.gz messages.20081009T0002.gz And so on. Food for thought. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |