Date: Sat, 11 Oct 2008 10:26:40 -0700 From: Doug Hardie <bc979@lafn.org> To: freebsd-questions@freebsd.org Subject: Re: newsyslog naming scheme could be improved? Message-ID: <94CAAEB3-698B-4D2D-8124-96CBDEBD3A63@lafn.org> In-Reply-To: <20081011164633.GA67326@icarus.home.lan> References: <26face530810110933o1403705o625586ac53b309fb@mail.gmail.com> <20081011164633.GA67326@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 11, 2008, at 09:46, Jeremy Chadwick wrote: > On Sat, Oct 11, 2008 at 09:33:42AM -0700, Kelly Jones wrote: >> newsyslog rotates logfiles so that messages.0.gz is yesterday's file, >> messages.1.gz is the day before's, etc. >> >> This is ugly. If I tell my fellow sysadmins that I ran this command: >> >> zfgrep 'bad thing' /var/log/messages.4.gz >> >> and found stuff, they may run it the next day and get different >> results because the file is now messages.5.gz > > Is it possible to educate your co-workers into looking at timestamps > on > files before randomly assuming that EVERYTHING ends up in .4.gz? :-) > Surely your co-workers aren't that dense. > > Or you can have them use zgrep 'bad thing' /var/log/messages.*.gz > and tell them "pay close attention to the timestamps shown!!" That > might work as a better work-around. > >> Improving my cow-orkers intelligence would be the ideal solution, but >> has anyone considered tweaking newsyslog to name files >> messages.2008-10-05-12-00-00.gz or something. IE, give them a >> constant >> name that doesn't change and then delete them after how many ever >> days? > > I'd vote for the following strftime(3) format: "%Y%m%dT%H%M". > Otherwise > known as: YYYYMMDDThhmm Either approach would sure increase the typing when searching for log entries for a specific day. I keep 30 days of maillogs and reasonably frequently have to search them for a specific day a week or 2 ago. Given that I usually run about 5 searches to find all the relevant entries, that would sure add to the typing. Also, I have no immediate idea how newsyslog would be able to still retain 30 backups. The dates on the files are not necessarily accurate. They can get changed easily. Searching with maillog.* is a horrible waste of computer and people time. Puts a real load on the mail server and I wait for quite awhile.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?94CAAEB3-698B-4D2D-8124-96CBDEBD3A63>