I've been checking out the logging system on my computer, and, I've decided I need to make some changes to my log monitoring.

For one, I don't need certain logs. Could I stop my computer from monitoring those logs by editing /etc/syslog.conf?

Secondly, if I want to clean up a log file, how do I do that? Just delete the log and recreate it? Or...what? (The one is getting very full...3 megs or something.)

Help on both those issues would be much appreciated. Also, any recommendations on log monitoring programs would be very good. SWATCH doesn't do what I want it to do (I was reading the NHF's)


Dark Ninja

1. Yes, editing syslog.conf will allow you to properly configure which log messages go to which log file. The manual for syslog.conf goes through this quite well.

2. Generally it's good practice to compress and archive log files for a few months before deleting them for good. There are a few utilities out there that do this for you, they're called logrotators. RedHat comes with Logrotate, which seems to be the most popular one. You can also write your own shell script that does it for you like I did. Generally:

1. Check size of log file is smaller than x
2. If bigger than x, then use tar and gzip
3. Move the file to another location or rename
4. Use touch to create the file again.
5. Restart syslogd

There is a log monitoring program that is available at http://www.psionic.com I forget what it's called but Psionic only has three software downloads, so it's one of them, and it's pretty obvious from the name. :)

Nice. It worked like a charm. Only one problem...what's the command to restart syslogd. (And do I need to stop it before I run this script?)


Dark Ninja

You can restart syslogd anytime. The command is:

kill -HUP $(cat /var/run/syslogd.pid)