i have just set up an (r)syslog server to receive the logs of various clients, which works fine.
only logrotate is still not behaving as intending. i want logrotate to create a new logfile for each day, but only to keep and store i.e. compress non-empty files.
my logrotate config looks currently like this
# sample configuration for logrotate being a remote server for multiple clients
/var/log/syslog
{
rotate 3
daily
missingok
notifempty
delaycompress
compress
dateext
nomail
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
# local i.e. the system's very own logs: keep logs for a whole month
/var/log/kern.log
/var/log/kernel-info
/var/log/auth.log
/var/log/auth-info
/var/log/cron.log
/var/log/cron-info
/var/log/daemon.log
/var/log/daemon-info
/var/log/mail.log
/var/log/rsyslog
/var/log/rsyslog-info
{
rotate 31
daily
missingok
notifempty
delaycompress
compress
dateext
nomail
sharedscripts
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
# received i.e. logs from the clients
/var/log/path-to-logs/*/*
{
rotate 31
daily
missingok
notifempty
delaycompress
compress
dateext
nomail
}
what i end up with is having is some sort of "summarized" files such as filename-datestampDay-Day and corresponding .gz files. What I do have are empty files, which are eventually zipped.
so does the notifempty
directive is in fact responsible for these DayX-DayY files, days on which really nothing happened?
what would be an efficient way to drop both, empty log files and their .gz files, so that I eventually only keep logs/compressed files that truly contain data?
Notifempty works correctly, remove delaycompress from your config.
I have tested it on local computer and it should work the way you are want to.
It's also good command:
It will show you how logs will be proccessed without actual log processing.