log management with crontab

Zenwo

4/27/24, 4:03 PM

I have a syslog-ng with multiple firewall logs and I want to compress log file everyday and delete logs older than 30 days.

Logs path example : /var/log/firewall/xx.xx.xx.01/2023/04/27/firewall.log

Here's what I'm thinking of doing:

1  0    * * *   root    service syslog-ng stop
2  0    * * *   root    find /var/log/firewall/xx.xx.xx.01/202*/*/*/*.log -mtime +1 -exec gzip {} \;
2  0    * * *   root    find /var/log/firewall/xx.xx.xx.02/202*/*/*/*.log -mtime +1 -exec gzip {} \;
2  0    * * *   root    find /var/log/firewall/xx.xx.xx.03/202*/*/*/*.log -mtime +1 -exec gzip {} \;
3  0    * * *   root    service syslog-ng start
0  1    * * *   root    find /var/log/firewall/xx.xx.xx.01/202*/* -mtime +30 -exec rm -fr {} +
0  1    * * *   root    find /var/log/firewall/xx.xx.xx.02/202*/* -mtime +30 -exec rm -fr {} +
0  1    * * *   root    find /var/log/firewall/xx.xx.xx.03/202*/* -mtime +30 -exec rm -fr {} +

Could you please tell me if I'm doing it the right way and if it will work ?

Thanks for you help !

Regards

0 + 4

gzip

cron

steeldriver

4/27/24, 5:02 PM

Have you considered doing this via the existing `logrotate` service, rather than rolling your own solution?

Bodo

4/27/24, 5:03 PM

Such tasks are usually done with `logrotate`. Please [edit] your question and add the name of the firewall software you use and show its configuration regarding logging. Did you specifically configure this unusual directory structure? The combination of wildcards with `find` is strange. I would replace it with `find /var/log/firewall/xx.xx.xx.01 -name '*.log' ...` if not changing the structure of the output to something different that can be handled by `logrotate`.

Rinzwind

4/27/24, 5:58 PM

besides the comments from steeldriver and bodo: this is not a correct usage of crontab. LInes that depend on each other need to go into a script or need to be chained with `&&` , And why the wildcards in the find command and not [1-3] to make the 3 commands into 1? But I agree: the main issue that what you want is logrotate its SOLE purpose and reason to exist: rotating log files.

Zenwo

4/28/24, 6:54 AM

Thanks for your answers, i'll check for the logrotate solution :)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: log management with crontab

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.