Where to insert a script to generate a report from auth.log just before rotating it?

Tony Arnold tony.arnold at manchester.ac.uk
Thu Sep 21 13:05:39 UTC 2006


On Thu, 2006-09-21 at 11:33 +0100, Adam Funk wrote:
> On 2006-09-21, Paul Dwerryhouse <paul at dwerryhouse.com.au> wrote:
> > On Wed, Sep 20, 2006 at 04:56:42PM +0100, Adam Funk wrote:
> >> A while back on another list I was advised that auth.log (and syslog
> >> and a few others) are rotated by /etc/cron.weekly/sysklogd.  I'm now
> >> interested in running a Perl program to generate a report from
> >> auth.log just before each rotation.
> >
> > Wouldn't it be better to run the script on the file after it has been
> > rotated (using its new filename, auth.log.0)? If you do it before it's
> > rotated, then syslog will still be writing to the file and you might
> > miss some information.
> Thanks for the excellent suggestion!  I'll do it this way:

I used to do this kind of thing on a different operating system many
years ago (OpenVMS). What I did then was to process the log file on a
daily basis and extract just the previous 24 hours worth of records and
produce a daily report. You could do this by processing auth.log* file
and extract the relevant entries using some regular expressions.

It would have the advantage of producing a daily report rather than a
report whenever the files get rotated and would be completely
independent of the sysklogd script. It is a bit more coding to produce
the report though.

I guess it all depends on what you are trying to achieve.

Just my thoughts.

Tony Arnold <tony.arnold at manchester.ac.uk>
University of Manchester

More information about the ubuntu-users mailing list