Menu
When I run tail -f for a log file, logrotate rotate it but tail -f did not stop. It continue show logs in new file. After that I try manually;
mv my.log my.log.2
touch my.log
echo "test text" >> my.log
echo "test text" >> my.log
It does not works. How does logrotate rotate logs? Does it copy all lines to new file?
Note: I am working on centos 5.
975
The main answer to handle rotating log files is to use -F on the tail command. It is the same as "--follow=name --retry". Basicially, tail will follow the file name (even if deleted and re-added as log files are when rotated) instead of the file 'descriptor' as it does with -f.
A tail log is a log that contains recent data from a log file. There's no specific definition of how recent that data needs to be, or how many events or transactions a log tail needs to include.
In a few words, logrotate will rename or compress the main log when a condition is met (more about that in a minute) so that the next event is recorded on an empty file. In addition, it will remove “old” log files and will keep the most recent ones.
The tail -f command continues to print messages, and you have to stop the session with a Ctrl + C command. As logs often snowball quickly, it's important to focus on only the most critical log messages, so system administrators also use the “grep” command along with tail -f command to filter the log messages.
You may want tail -F instead (uppercase -F) to follow even if the file is deleted, renamed, etc.
tail -F my.log
tail -f (lowercase) uses the file descriptor only, which doesn't care what the filename is. tail -F uses the filename, so if you delete or rename the original and put a new one in place, it will pickup the new file.
As for logrotate, it works several different ways. By default, it moves (renames) the original file out of the way, and creates a new empty file. In that case, the file descriptor is maintained for the logging process until it closes and reopens, then it will get the new file.
If you use the logrotate "copytruncate" option, then both the file and the file descriptor are maintained, and logrotate copies all of the data to a new file, truncates the original file and leaves the original file in place. Some processes do not close their logfile, so using the copytruncate is necessary. Without it, the process will continue to log to the file under its new name.
This behaviour is by design, in UNIX the file descriptor for an open file is not effected by rename or delete operations.
192
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
