1 minute read

I was checking an article on how to upload archived logs to azure blob. As initial set up I’ve updated logrotate.conf(/etc/logrotate.conf) with below settings.

file to edit:

/etc/logrotate.conf

Then updated syslog rotate config to test on how messages files can be archived. Make sure the destination path is created. In this case I’ve got /opt/logs/ referenced. file edited /opt/logrotate.d/syslog

This will ensure the last rotated log file would be copied to /opt/logs/. You can have any other scripts configured to upload to blob from here. Once these settings are in place test run(force run) logrotate -f /etc/logrotate.conf. Result of the operation can be found below

view Current Dir # pwd
/opt/logs
view files in current directory ll
total 0
Force run logrotate # logrotate -f /etc/logrotate.conf 
tar: Removing leading `/' from member names
/var/log/messages-2018-05-08-1525798193 -- Note the time stamp
View files in /opt/logs/ # ll
total 4
-rw-r--r--. 1 root root 257 May 8 16:56 messages-2018-05-08-16-56.tar.gz
View the file next to be rotated # ll /var/log/|grep messages-
-rw-------. 1 root root 147 May 8 16:49 messages-2018-05-08-1525798616

Test Results :)

If you are able to follow the bash commands you can see the archived file has the same timestamp as first created log.

[root@localhost logs]# cat /var/log/messages-2018-05-08-1525799265
May 8 17:05:18 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="553" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
May 8 17:05:31 localhost chronyd[561]: Selected source 123.108.200.124
May 8 17:06:36 localhost su: (to root) vagrant on pts/0
May 8 17:07:40 localhost chronyd[561]: Selected source 139.59.43.68
[root@localhost logs]# logrotate -f /etc/logrotate.conf
tar: Removing leading `/' from member names
/var/log/messages-2018-05-08-1525799265
[root@localhost logs]# ll
total 4
-rw-r--r--. 1 root root 342 May 8 17:08 messages-2018-05-08-17-08.tar.gz
[root@localhost logs]# tar -zxvf *.tar.gz
var/log/messages-2018-05-08-1525799265
[root@localhost logs]# cat var/log/messages-2018-05-08-1525799265
May 8 17:05:18 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="553" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
May 8 17:05:31 localhost chronyd[561]: Selected source 123.108.200.124
May 8 17:06:36 localhost su: (to root) vagrant on pts/0
May 8 17:07:40 localhost chronyd[561]: Selected source 139.59.43.68

If you want to implement logrotate to blog storage, the reference URL is dowdandassociates.com/blog/ . Above link is about logrotate to S3 hourly using s3cmd. I would be using azcopy for blob storage upload.

You May Also Enjoy

VS Code Change Default terminal Windows exec

less than 1 minute read

Customizes which terminal to run on Windows. Ctrl+R and search for User Preference Search for terminal.external.windowsExec and change the path to desired. F...

Azure Container Groups for hosting

2 minute read

Azure NSG and Azure Service Tags to block all connection except to Azure Portal, this is an undocumented feature available with Azure