"Last month, we discussed setting up and configuring the syslog facility. This month, we will look at two additional considerations that come into play where syslog is concerned. First, we need a way to manage all the log files that we are creating and insure that they do not consume too much disk space. Second, we will need to have a strategy for processing all of the information and discerning what is most important within it. All of the log files in the world are of little use if no one looks at them. This column will explore both of these issues."
"The traditional solution for managing Unix log files involves periodically saving their contents to another file, and then truncating the active log to zero length. ... The logrotate command serves to automate this common practice and is installed and enabled by default on Red Hat Linux systems. The command itself rotates one or more log files by copying the current contents to a numbered backup version, and then truncating or recreating the original file. It is actually executed periodically via the cron facility. logrotate is controlled by its configuration file, /etc/logrotate.conf and the various files in /etc/logrotate.d."
"swatch was one of the very first utilities designed to process information stored in system log files. It is widely available in Linux archives, and you can also obtain it from its official location, ftp.stanford.edu/general/security-tools/swatch. swatch can run it in a variety of modes: examining new entries as they are added to a system log file, monitoring an output stream in real-time, checking through a file on a one-time basis and so on. swatch works by looking for predefined patterns in whatever input it is examining, and then by taking predetermined actions based on finding matching patterns. All of this is set up as usual, via a configuration file, which is typically ~/.swatchrc."
"logwatch is available from http://www.kaybee.org/~kirk/. Like swatch, it is written in Perl. When installed, it creates the subdirectory /etc/log.d, which holds its configuration information and executable scripts."