The below script named newsyslog is what I use for log backups. It provides for creating archives of logs that you choose as well as proper creation of new empty logs (including correct permissions, ownership and signaling the syslogd daemon to start using the new log).
You will need to do some initial setup for the below script to function. Essentially you create an /etc/logdirs file that lists the directories (one per line) containing logs you want archived (or just use the defaults built into the script). Then in each directory containing logs you want archived you create another file named logfiles in which you list the file names of the logs to be archived (one per line).
There are two archiving schemes. One creates a rotation of archive files (set to 5 by default). The other uses a date stamp in the file name allowing for infinite archive files. See the NUMLOGS variable below. Set NUMLOGS to 0 and the script uses date/time stamps in the archive file names and NUMLOGS set to any positive number uses that number of rotating archives (with a number embedded in the file name).
Finally, to enable use of this newsyslog script you will need to adjust the root crontab (log in as root and do "crontab -e"
so that the existing cron entry for newsyslog points to this new version.
Note: For Solaris there should already be a newsyslog script that manages archiving of log files but the cron job that launches this script is set for 3:10AM so if your machine is powered off at night it will never run.
Enjoy
newsyslog script:
-----------------
#!/bin/sh
#
# newsyslog
#
PATH="/bin:/usr/bin:/usr/ucb:/etc:/usr/etc:/usr/local/gnu/bin"
export PATH
ARCHIVE_DIR="."
ARC_OWNER="root"
ARC_GROUP="staff"
if [ -s /etc/logdirs ]; then
DIRS=`cat /etc/logdirs`
else
DIRS="/var/adm /var/log"
fi
OLD=$$
# If NUMLOGS=0 then all logs are kept with a date/time extension
# Uncomment the following 2 lines and comment out the NUMLOGS=# to get this
#NUMLOGS=0
DATE=`/bin/date +%y%m%d.%H%M`
NUMLOGS=5
#
# Run through twice, the first time we just move the file to a new name
# - thus syslog keeps writing to it.
# Then we tell syslog to re-read it's config thus making it switch to the
# new file
#
for LOGDIR in ${DIRS}
do
if [ ! -d ${LOGDIR} ]; then
echo "${0}: ${LOGDIR} does not exist."
continue
fi
cd ${LOGDIR}
if [ -f logfiles ]; then
FILES=`cat logfiles`
else
echo "${0}: File ${LOGDIR}/logfiles does not exist."
continue
fi
for LOG in ${FILES}
do
if [ ! -f ${LOG} ]; then
echo "${0}: Log file ${LOGDIR}/${LOG} does not exist."
cp /dev/null ${LOGDIR}/${LOG}
continue
fi
if [ -s ${LOG} ]; then
MODE=`ls -l ${LOG} | sed -e "s/[ ].*//" -e "s/[^.]//" -e "s/rwx/7/g" -e "s/rw-/6/g" -e "s/r-x/5/g" -e "s/r--/4/g" -e "s/-wx/3/g" -e "s/-w-/2/g" -e "s/--x/1/g" -e "s/---/0/g"`
OWNER=`ls -l ${LOG} | awk '{print $3}'`
GROUP=`ls -l ${LOG} | awk '{print $4}'`
mv ${LOG} ${LOG}.${OLD}
cp /dev/null ${LOG}
chmod ${MODE} ${LOG}
# echo "Changing owner/group of ${LOG} to ${OWNER} and ${GROUP}"
chown ${OWNER} ${LOG}
chgrp ${GROUP} ${LOG}
fi
done
done
#
kill -HUP `cat /etc/syslog.pid`
#
for LOGDIR in ${DIRS}
do
if [ ! -d ${LOGDIR} ]; then
continue
fi
cd ${LOGDIR}
if [ -f logfiles ]; then
FILES=`cat logfiles`
else
continue
fi
for LOG in ${FILES}
do
if [ ! -f ${LOG} ]; then
continue
fi
if [ -s ${LOG}.${OLD} ]; then
MODE=`ls -l ${LOG}.${OLD} | sed -e "s/[ ].*//" -e "s/[^.]//" -e "s/rwx/7/g" -e "s/rw-/6/g" -e "s/r-x/5/g" -e "s/r--/4/g" -e "s/-wx/3/g" -e "s/-w-/2/g" -e "s/--x/1/g" -e "s/---/0/g" -e "s/7/5/g" -e "s/6/4/g" -e "s/3/1/g" -e "s/2/0/g"`
if [ ${NUMLOGS} = 0 ]; then
ARCHFILE=${ARCHIVE_DIR}/${LOG}.${DATE}.gz
else
ARCHFILE=${ARCHIVE_DIR}/${LOG}.0.gz
COUNT=${NUMLOGS}
while [ ${COUNT} -gt 0 ]
do
FROM=`expr ${COUNT} - 1`
test -f ${LOG}.${FROM}.gz&& mv ${LOG}.${FROM}.gz ${LOG}.${COUNT}.gz
COUNT=`expr ${COUNT} - 1`
done
fi
gzip -c ${LOG}.${OLD} >${ARCHFILE}
if [ $? = 0 ]; then
chmod ${MODE} ${ARCHFILE}
chown $ARC_OWNER ${ARCHFILE}
chgrp $ARC_GROUP ${ARCHFILE}
rm -f ${LOG}.${OLD}
fi
fi
done
done
#comment this next line out if you use NUMLOGS=0
cp -p /var/log/authlog.0.gz /usr/local/archive/authlog.$DATE.gz
