cronolog 割断分析apache日志配置笔记
cronolog 割断分析apache日志配置笔记环境:centos 5.1 + Apache/2.0.61+cronolog(1.6.2)
使用cronolog可以格式化日志文件的格式,比如按时间分割,易于管理和分析。
cronolog的安装配置非常简单,简要说明如下:
1.下载软件
http://cronolog.org/download/index.html
使用wget下载:http://cronolog.org/download/cronolog-1.6.2.tar.gz
2.解压缩
tar -zxvf cronolog-1.6.2.tar.gz
3.进入相应的目录,编译,安装
#./configure
#make
#make install
4.测试cronolog是否安装成功
# which cronolog
/usr/local/sbin/cronolog
# cronolog -V
cronolog version 1.6.2
注:如果上述cronolog没有正确安装的话,下面修改httpd.conf 将不能正常启动
4.修改apache配置文件/usr/local/apache2/conf/httpd.conf
#CustomLog logs/access_log common 注销掉原有的日志格式,改为一下
CustomLog "|/usr/local/sbin/cronolog /usr/local/apache2/logs/access_log.%Y%m%d" combined
如果有虚拟主机的话,还要在虚拟主机的VirtualHost中设置:(本文的访问日志都放在access_log中)
CustomLog "|/usr/local/sbin/cronolog /usr/local/apache2/logs/access_log.%Y%m%d" combined
本文配置文件如下:
DocumentRoot /usr/local/smp/
ServerName 218.61.31.211
AddHandler cgi-script .cgi
AllowOverride None
Options ExecCGI Indexes
Order allow,deny
Allow from all
ErrorLog logs/error_log
CustomLog "|/usr/local/sbin/cronolog /usr/local/apache2/logs/access_log.%Y%m%d" combined
5. 杀掉httpd进程 ,重新启动apache
# cd /usr/local/apache2/logs/
# killall httpd
# rm access_log
# /usr/local/apache2/bin/apachectl start
注意确保apache正常启动
# ps -fe
root 16750 1 0 14:56 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
root 16751 16750 0 14:56 ? 00:00:00 /usr/local/sbin/cronolog /usr/local/apache2/logs/access_log.%Y%m%d
nobody 16774 16750 0 14:56 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
nobody 16776 16750 0 14:56 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
nobody 16777 16750 0 14:56 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
nobody 16800 16750 0 15:06 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
nobody 16818 16750 0 15:11 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
nobody 16832 16750 0 15:17 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
nobody 16843 16750 0 15:22 ? 00:00:00 /usr/local/apache2/bin/httpd -k start
6.检查cronolog是否正常割接
从ie访问该机器,在web上多刷新几次.刚开始在/usr/local/apache2/logs/可能没有生成,但经过你多刷新几次,就会出现要的效果,是以天来分割:
access_log.20081103
# ls
access_log.20081103 error_log
强调:/usr/local/apache2/logs/access_log 的原文件没有删除的话,有可能不会出现access_log.20081103。 apache在启动的时候,默认访问日志都会
写入/usr/local/apache2/logs/access_log中,即使此时你进行access_log改名为access_log.bak, 日志就会写入access_log.bak,对于运行apache来说access_log
改名了,但是其inode节点号没变.只有在重启apache的时候 ,apache发现/usr/local/apache2/logs/ 没有access_log文件,此时会自动创建.
7.周期计划删除分割的日志 (每天打包前一天的日志,每天删除半月前的打包日志
# crontab -e
0 1 * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1
0 3 * * * /bin/gzip -f /usr/local/apache2/logs/access_log.`date -d yesterday +%Y%m%d`
0 4 * * * /usr/bin/find /usr/local/apache2/logs/ -name access_*.gz -mtime +15 -exec rm -rf {} \;
参考来源:http://bbs.linuxtone.org/thread-93-1-1.html
页:
[1]