Linux очистить файлы логов

Delete all of /var/log?

Can I delete everything in /var/log ? Or should I only delete files (recursively) in /var/log but leave folders? Does anyone have a good rm command line? (My admin skills leave me nervous.) Note: I am using Debian. I am not sure what version.

Deleting log files is a bad idea (you’ll also need to find every running process that has it’s own log file and «kill -HUP» it, a soft restart that will result in the program recreating any necessary log files). I would strongly advise against deleting log files, rely on utilities like logrotate to manage the contents of /var/log for you automatically (it does stuff like HUP the processes) If I may I’d like to tackle this from a different angle. What problem are you trying to resolve that’s led you to consider this?

10 Answers 10

Instead of deleting the files you should rotate them, e. g. using logrotate .

You never know when you’ll actually need the logs from some time ago, so it’s better to archive them (up to a reasonable age, e. g. 3 months).

logrotate can compress your old log files so they don’t occupy a lot of disk space.

Well, IMHO deleting all logs can make perfect sense in some cases. For example I want to build a Virtial Machine image to be used for new deployments. Needless to say I would like it to be a really clean system without any logs, histories, caches etc. saved.

Sorry, but looking at three months old log files is archeology. If you collect logs to identify problems, then evaluate them quickly.

@countermode You are never in the mood for nostalgia? Like looking at the 3 month old log files thinking about good ol’ times?

OK, I see the command. How to use it? man logrotate says use it in cron. I suppose with the -f option?

find /var/log -type f -delete 

Delete all .gz and rotated file

find /var/log -type f -regex ".*\.gz$" find /var/log -type f -regex ".*\.8$" 

Try run command without «-delete», to test it.

If you delete everything in /var/log, you will most likely end up with tons of error messages in very little time, since there are folders in there which are expected to exist (e.g. exim4, apache2, apt, cups, mysql, samba and more). Plus: there are some services or applications that will not create their log files, if they don’t exist. They expect at least an empty file to be present. So the direct answer to your question actually is «Do not do this. «.

As joschi has pointed out, there is no reason to do this. I have debian servers running that haven’t had a single log file deleted in years.

There are valid reasons to remove log files, IMHO. For instance, you are exporting a virtual machine for use by others, but you don’t want the virtual machine image to contain details of everything that has happened before exporting.

One reason could be, in a scenario where you’re trying to cover the tracks of a system intrusion, although I think this would make a lot of noise.

A reason could also be to simply optimize the space before exporting a virtual machine. This then results in a smaller template file.

I’m cloning virtual machines from a master. It makes perfect sense to clear the log on the master so that when you boot the clones you won’t get the master’s log. I did in tcsh:

cd /var/log foreach ii ( `find . -type f` ) foreach? cp /dev/null $ii foreach? end 

which clears the logs but keeps the files.

Cleaning all logs on a Linux system without deleting the files:

for CLEAN in $(find /var/log/ -type f) do cp /dev/null $CLEAN done 

Samba ( /var/www/samba ) creates log file-names with ip addresses, you may want to delete them:

for CLEAN in $(find /var/log/samba -type f) do rm -rf $CLEAN done 

You can use the option ctime to find old files. for example:

As bindbn explain, first try the find fetch files and after use the option delete 😀

/var/log often has permissions of drwxrwxr-x , so is not user writable unless the user is root or belongs to a privileged group. That means new log files cannot be created by non-privileged users.

Applications that expect to log to a point within /var/log will often touch a file into existence somewhere in the /var/log hierarchy during install time (which often occurs with elevated privileges), and will chmod and possibly chown it at that time to permissions appropriate for the unprivileged users who will be using the application.

Apache logs, for example, are usually written to by nobody , who is a user with as few privileges as possible for Apache to get its job done without putting the system at undue risk. But even a more run-of-the-mill application often expects to be able to write to a logfile in /var/log .

So what happens if the logfile, and the path to the logfile don’t exist? That’s entirely up to the application. Some applications will quietly skip logging. Others will create a lot of warnings. And others will simply bail out. There’s no hard-fast rule; it’s up to the vigilance of the application developer, as well as how critical the developer considers its ability to log. At best the application will attempt to either write to, or possibly create and then write to a log file at a destination within /var/log , and will find itself unable to do so because it’s being run by a user who doesn’t have privileges to write into that part of the filesystem.

So the short answer is no, don’t delete everything in /var/log — it breaks the contract users with sufficient privileges to do such things have with the applications that run on their system, and will cause some noise, some silent failure to log, and some all-out breakage.

The appropriate action to take is to set up logrotate with appropriate config files. Typically rotation will be associated with a cron job. Rotation can be interval based, or size based, or both. It’s even possible to set up rules that avoid interval based rotation if the logfile is still empty when the interval expires. Rotation can include mailing of logfiles, compression, deletion, shredding, and so on.

The average user wouldn’t need to be too concerned about log rotation. Developers would probably want to ensure that logs they use have rotation rules established. In fact, it is likely good manners on the part of developers to set up log rotation at install time for any software-specific logs that software will be creating and writing.

Источник

How to clean log file? [duplicate]

Is there a better way to clean the log file? I usually delete the old logfile and create a new logfile and I am looking for a shorter type/bash/command program. How can I use an alias?

1 Answer 1

(fell free to substitute false or any other command that produces no output, like e.g. : does in bash ) if you want to be more eloquent, will all empty logfile (actually they will truncate it to zero size).

If you want to know how long it «takes», you may use

(which is the same as dd if=/dev/null > logfile , by the way)

(or truncate -s 0 logfile ) to be perfectly explicit or, if you don’t want to,

(in which case you are relying on the common behaviour that applications usually do recreate a logfile if it doesn’t exist already).

However, since logfiles are usually useful, you might want to compress and save a copy. While you could do that with your own script, it is a good idea to at least try using an existing working solution, in this case logrotate , which can do exactly that and is reasonably configurable.

Should you need to do it for several files, the safe way is

Some shells ( zsh ) also allow one to specify several redirection targets.

This works (at least in bash ) since it creates all the redirections required although only the last one will catch any input (or none in this case). The tee example with several files should work in any case (given your tee does know how to handle several output files)

Of course, the good old shell loop would work as well:

for f in file1 file2 . ; do # pick your favourite emptying method done 

although it will be much slower due to the command being run separately for each file. That may be helped by using find :

Источник

Как очистить файл журнала в Linux

Добавить в избранное

В этой статье вы узнаете, как обрезать файл журнала и удалять его содержимое, не удаляя сам файл.

Вы окажетесь в ситуациях, когда вам нужно очистить файл. Это часто случается, когда у вас огромные файлы журналов, и как бы вы это сделали?

Один не очень чистый способ — удалить файл, а затем создать новый файл. Но это не очень хорошая идея. Это не будет тот же файл, временная метка (atime, mtime и т. д.). Будет отличаться вместе с другими правами доступа к файлам.

Вместо создания нового пустого файла вы можете удалить его содержимое. Итак, как вы очищаете файл в Linux? Как очистить файл от всего его содержимого без удаления самого файла?

4 способа очистить файл в Linux

Существует несколько способов очистки файла без его фактического удаления. Позвольте нам показать вам некоторые из этих методов.

Способ 1: усечь файл с помощью команды truncate

Самый безопасный способ обрезать файл журнала — использовать команду truncate.

В приведенной выше команде -s используется для установки/настройки размера (в байтах) файла. Когда вы используете -s 0, это означает, что вы изменили размер файла до 0 байт.

Способ 2: Пустой файл, используя :> или >

Самый простой способ очистить файл — использовать команду ниже. Если файл не используется, он будет работать в Bash:

Хотя вышеперечисленное работает только в Bash Shell, вы можете использовать аналогичную команду для других оболочек:

Вы также можете использовать эту команду для очистки файла:

Способ 3: использование команды echo для очистки файла в Linux

Другой способ очистить файл — использовать команду echo в Linux:

Вы также можете использовать команду echo следующим образом:

Способ 4: используйте /dev/null, чтобы очистить файл

Вы также можете использовать знаменитую /dev/null и объединить ее с командой cat для очистки файла журнала:

И если у вас недостаточно прав для какой-либо из вышеперечисленных команд, это верный выстрел, но немного грязный способ добиться этого:

touch newfile mv newfile filename

Мы надеемся, что этот быстрый совет помог вам очистить файл в Linux. Добавьте нас в закладки для получения дополнительных советов по Linux.

Если вы нашли ошибку, пожалуйста, выделите фрагмент текста и нажмите Ctrl+Enter.

Источник