# Maintain log documents size dealt with without logrotate

Exists any kind of means to maintain documents size of log documents dealt with without revolving it by a new vacant documents and also deleting (or archiving) the old documents. As an example, if I set log documents maximum size to 1MB, after the documents size increase past that restriction it will certainly be instantly secured, the message is added 'tail' and also the earliest component of message is bulged to maintain the documents size 1MB.

0
2019-05-06 01:21:57
Source Share
 *      prune - clips off the tops of a list of files described in the
*              file /etc/default/prune. Designed to be run periodically
*              from cron, the idea is to automatically shorten log
*              files that grow forever. This file contains a list of
*              files (full pathname), and the number of blocks that
*              should be retained.  To retain some sanity, prune will
*              clip the file after the next newline. The file
*              /etc/default/prune should look something like:
*
*
*              The crontab entry on infoswx for prune looks like:
*
*                      0 5 * * * /etc/prune >/usr/adm/prune.log 2>&1
*
*              Compile with:  cc -O -o prune prune.c
*
*              and your system block size.
*
*      Ray Davis  infoswx!bees  09/25/85


Many (most? all?) daemons will certainly re - open their log files if sent out a HUP signal (as an example by very same cron work that runs trim)

0
2019-12-03 05:34:10
Source

You can write a little celebration manuscript to do this. Simply tail the documents to a particular byte matter making use of tail -c and also overwrite the documents.

from man tail :

-c, --bytes=N
output the last N bytes; alternatively, use +N to  output  bytes
starting with the Nth of each file

If  the  first  character of N (the number of bytes or lines) is a +',
print beginning with the Nth item from the start of each  file,  other‐
wise, print the last N items in the file.  N may have a multiplier suf‐
fix:  b  512,  kB  1000,  K  1024,  MB  1000*1000,  M   1024*1024,   GB
1000*1000*1000, G 1024*1024*1024, and so on for T, P, E, Z, Y.

.
0
2019-05-08 13:52:29
Source

Your only remedy might be to write your very own userspace documents system or add to an existing one. Consider the partial checklist at Filesystem in Userspace

If you do not have the abilities to add, supply a task attention or \$ or both, to add it for you.

I desire I had the moment to do it, I have constantly needed something specifically similar to this.

0
2019-05-08 13:37:41
Source

You can do something comparable making use of a FIFO, which is type of like an absolutely no - byte sized documents.

Nonetheless, note that if absolutely nothing reads from this documents, after that the syslog procedure might come to be obstructed, and also will certainly stop contacting ALL of your logfiles. I'm not exactly sure if this actions has actually been transformed with more recent variations of Ubuntu/CentOS.

One instance here

For an additional instance, attempt something similar to this.

sudo mkfifo /var/log/everything.fifo


And also add this to (r) syslog.conf, after that reactivate syslog :

*.*     |/var/log/everything.fifo


After that watch the FIFO from one window :

cat /var/log/everything.fifo


And also in an additional window, send some things to syslog :

logger Test1
logger Test2
logger Test3


You need to see the "Test *" lines in the result of cat over.

This attribute can be wonderful for debugging, specifically if you uncommitted to maintain the information around for longer. As an example, if you just intend to see every little thing with the exception of thefirewall spam, you can do something similar to this :

grep -vi "kernel: .* on wan" /var/log/everything.fifo

0
2019-05-08 13:36:29
Source

Here's my 2nd solution. This is a rather hackish.

Usage watch (1) to repetitively execute tail --bytes=1024 (the last 1024 bytes of the logfile, many thanks to @jjclarkson for that solution).

watch --no-title tail --bytes=1024 /var/log/messages >/tmp/messages.watch


And afterwards watch the documents with :

less --raw-control-chars /tmp/messages.watch


The distinction in between watch and also a while loop is that watch will just upgrade/ tmp/messages. watch if there were adjustments to/ var/log/messages.

while true; do
tail --bytes=1024 /var/log/messages > /tmp/messages.watch
sleep 1
done


And also well, I presume you can place a test` in the while loop to make sure that tail is just implemented if/ var/log/messages was upgraded, yet I will not figure that out currently.

0
2019-05-08 13:29:52
Source