Thursday, April 20, 2017

logrotate -- Use YYYYMMDD (ISO 8601) format and the name won't change

Quick, which file contains records from 18 April 2017 ?

syslog
syslog.1
syslog.2.gz
syslog.3.gz
syslog.4.gz
syslog.5.gz
or how about here?:

syslog
syslog-20170417.gz
syslog-20170418.gz
syslog-20170419.gz
syslog-20170420

With the first set, it depends on today's date, because rotating the logs means 3 -> 4, 2 -> 3, 1 -> 2, and the most recent -> .1, and whatever answer you came up with today will be different next week.

And if you archive or back up your log files, either you need to rename or they will be overwriting each other.

Logrotate already has a feature for this called 'dateext'; just add this to /etc/logrotate.conf :

diff --git a/logrotate.conf b/logrotate.conf
index 436713d..436f10d 100644
--- a/logrotate.conf
+++ b/logrotate.conf
@@ -1,13 +1,14 @@
 # see "man logrotate" for details
 # rotate log files weekly
 weekly
+dateext

to make it take effect globally.  You can also do it on a per- log-file type basis.
See man logrotate for more details.

Do this on every new system and you won't have this problem in the future
(that's why I wrote this post, so I don't forget).

This will take effect at next rotation time.  Existing files will not be affected, so you'll have to take care of those yourself.

Why YYYYMMDD format?
This is the right thing, it's the standard; it's an International Standard.
You don't have to worry about which side of the ocean you're on to figure out when 04/05/2017 refers to.
Dates in this format also naturally sort; ever see a bunch of file or folder names like 31jan17, 01feb17 15apr17, and have to sort them for processing ?  With a YYYYMMDD format that problem goes away.  It's unambiguous.



More here:  ISO 8601 - Wikipedia