[EDIT: I figured it out! Solution is at the bottom.] Hello, I'm trying to figure out how and when Postfix logs are rotated on Debian / Ubuntu systems. Specifically, because I want to setup a cron job to run pflogsumm. I don't see any reference to Postfix in /etc/logrotate.d: Code: # ls -lah /etc/logrotate.d total 64K drwxr-xr-x 2 root root 4.0K Jun 20 16:59 . drwxr-xr-x 117 root root 12K Jul 7 10:26 .. -rw-r--r-- 1 root root 173 Mar 13 2013 apt -rw-r--r-- 1 root root 79 Apr 18 2013 aptitude -rw-r--r-- 1 root root 209 Jun 17 2013 clamav-daemon -rw-r--r-- 1 root root 230 Jun 17 2013 clamav-freshclam -rw-r--r-- 1 root root 232 Jan 7 2013 dpkg -rw-r--r-- 1 root root 313 Mar 19 12:10 fail2ban -rw-r--r-- 1 root root 905 May 22 2013 mysql-server -rw-r--r-- 1 root root 356 May 28 2013 nginx -rw-r--r-- 1 root root 1014 Dec 14 2011 pure-ftpd-common -rw-r--r-- 1 root root 88 Nov 15 2011 razor -rw-r--r-- 1 root root 162 Nov 14 2011 rkhunter -rw-r--r-- 1 root root 122 Jan 18 2013 upstart Likewise, I don't see any reference in /etc/logrotate.conf: Code: # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp, or btmp -- we'll rotate them here /var/log/wtmp { missingok monthly create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0660 root utmp rotate 1 } # system-specific logs may be configured here Yet, the mail logs (generated via syslog) are indeed rotated: Code: # ls -lah /var/log | grep "mail" -rw-r----- 1 syslog adm 803K Jul 7 10:55 mail.err -rw-r----- 1 syslog adm 1.1M Jun 13 00:30 mail.err.0 -rw-r----- 1 syslog adm 28K May 10 00:30 mail.err.1.gz -rw-r----- 1 syslog adm 27K Apr 8 00:30 mail.err.2.gz -rw-r----- 1 syslog adm 27K Mar 7 00:30 mail.err.3.gz -rw-r----- 1 syslog adm 27K Feb 3 00:30 mail.err.4.gz -rw-r----- 1 syslog adm 27K Jan 2 2014 mail.err.5.gz -rw-r----- 1 syslog adm 27K Dec 1 2013 mail.err.6.gz -rw-r----- 1 syslog adm 64M Jul 7 10:58 mail.info -rw-r----- 1 syslog adm 153M Jul 7 00:33 mail.info.0 -rw-r----- 1 syslog adm 20M Jul 6 00:34 mail.info.1.gz -rw-r----- 1 syslog adm 4.1M Jul 5 00:31 mail.info.2.gz -rw-r----- 1 syslog adm 232K Jul 4 00:30 mail.info.3.gz -rw-r----- 1 syslog adm 300K Jul 3 00:30 mail.info.4.gz -rw-r----- 1 syslog adm 350K Jul 2 00:30 mail.info.5.gz -rw-r----- 1 syslog adm 311K Jul 1 00:30 mail.info.6.gz -rw-r----- 1 syslog adm 64M Jul 7 10:58 mail.log -rw-r----- 1 syslog adm 153M Jul 7 00:33 mail.log.0 -rw-r----- 1 syslog adm 20M Jul 6 00:34 mail.log.1.gz -rw-r----- 1 syslog adm 4.1M Jul 5 00:31 mail.log.2.gz -rw-r----- 1 syslog adm 232K Jul 4 00:30 mail.log.3.gz -rw-r----- 1 syslog adm 300K Jul 3 00:30 mail.log.4.gz -rw-r----- 1 syslog adm 350K Jul 2 00:30 mail.log.5.gz -rw-r----- 1 syslog adm 311K Jul 1 00:30 mail.log.6.gz -rw-r----- 1 syslog adm 581K Jul 7 10:58 mail.warn -rw-r----- 1 syslog adm 1.3M Jul 3 00:30 mail.warn.0 -rw-r----- 1 syslog adm 61K Jun 28 00:30 mail.warn.1.gz -rw-r----- 1 syslog adm 61K Jun 25 00:30 mail.warn.2.gz -rw-r----- 1 syslog adm 59K Jun 21 00:30 mail.warn.3.gz -rw-r----- 1 syslog adm 42K Jun 16 00:30 mail.warn.4.gz -rw-r----- 1 syslog adm 64K Jun 12 00:30 mail.warn.5.gz -rw-r----- 1 syslog adm 60K Jun 3 00:30 mail.warn.6.gz Might anyone know how and where this is done? In essence, I'm trying to figure out how best to implement a scheduled run of the pflogsumm PERL utility. It seems to make the most sense to execute the pflogsumm script immediately after the logfile (/var/log/mail.log) is rotated. logrotate's "postrotation" facility seems like the perfect candidate... Thanks for any assistance with this. UPDATE: Making some progress... it looks as though the mail log rotation happens through /etc/cron.daily/sysklogd: Code: #! /bin/sh # sysklogd Cron script to rotate system log files daily. # # If you want to rotate other logfiles daily, edit # this script. An easy way is to add files manually, # to add -a (for all log files) to syslogd-listfiles and # add some grep stuff, or use the -s pattern argument to # specify files that must not be listed. # # This is a configration file. You are invited to edit # it and maintain it on your own. You'll have to do # that if you don't like the default policy # wrt. rotating logfiles (i.e. with large logfiles # weekly and daily rotation may interfere). If you edit # this file and don't let dpkg upgrade it, you have full # control over it. Please read the manpage to # syslogd-listfiles. # # Written by Martin Schulze <[email protected]>. # $Id: cron.daily,v 1.14 2007-05-28 16:33:34 joey Exp $ test -x /usr/sbin/syslogd-listfiles || exit 0 test -x /sbin/syslogd || exit 0 test -f /usr/share/sysklogd/dummy || exit 0 USER=$(ps -C syslogd -o user= | head -n 1) [ -z "${USER}" ] && USER="root" || true set -e cd /var/log logs=$(syslogd-listfiles) test -n "$logs" || exit 0 for LOG in $logs do if [ -s $LOG ]; then savelog -g adm -m 640 -u ${USER} -c 7 $LOG >/dev/null fi done # Restart syslogd # /etc/init.d/sysklogd reload-or-restart > /dev/null The list of log files that the above script applies to is obtained with: Code: # /usr/sbin/syslogd-listfiles /var/log/user.log /var/log/syslog /var/log/debug /var/log/mail.log /var/log/mail.info Apparently, the "savelog" executable is used to do the actual rotation and compression. This is mildly annoying because this approach doesn't seem to provide the same level of flexibility as the logrotate program (unless I'm missing something), but the true annoyance is that I see no way to reproduce the "postrotate" functionality that would otherwise allow me to schedule the pflogsumm script execution for precisely the moment after which the mail log is rotated. In other words, if on Monday night the rotation begins at 12:30AM, and requires 3 minutes to run, and on Tuesday night the rotation begins at 12:30AM but requires 6 minutes to run, I can't reliably schedule the execution of pflogsumm. This is precisely the reason for which logrotate provides the "postrotate" command; it might be likened to a "callback function" in other programming environments. Happy to hear any other ideas... UPDATE 2: After more searching, I see that Falko actually posted a HOW-TO for pflogsumm at http://www.howtoforge.com/mail_statistics_mailgraph_pflogsumm . But this approach seems overly-complex to me. Changing my OS's default syslog rotation mechanism seems unnecessary, and perhaps it is, given the comment by "pflogsumm": "If you do a pflogsumm --help, you'll note the option of -d yesterday. This means you can get away from the logrotate entries entirely." I had noticed that --yesterday switch earlier, but failed to recognize its intention and usefulness until reading that comment. In summation, it seems that one need only run "pflogsumm -d yesterday [...]" at any time after the syslogs (and in turn mail.log, mail.info, mail.warn, etc.) are reasonably expected to have been rotated. On my system, the rotation begins at 12:30AM (00:30), so perhaps running pflogsumm at 01:00, with the "-d yesterday" switch, will serve the purpose. UPDATE 3: I ended-up simply creating a cron job, run under the "syslog" user, at 01:00 each day, that executes the following (be sure to use the *.0 log file, not the current one!): Code: pflogsumm -d yesterday /var/log/mail.log.0 I'm happy!
