NEWSYSLOG(8) System Manager's Manual NEWSYSLOG(8)

newsyslogmaintain system log files to manageable sizes

newsyslog [-CFNnrsv] [-R tagname] [-a directory] [-d directory] [-f config_file] [file ...]

The newsyslog utility should be scheduled to run periodically by cron(8). When it is executed it archives log files if necessary. If a log file is determined to require archiving, newsyslog rearranges the files so that “logfile” is empty, “logfile.0” has the last period's logs in it, “logfile.1” has the next to last period's logs in it, and so on, up to a user-specified number of archived logs. Optionally the archived logs can be compressed to save space.

A log can be archived for three reasons:

  1. It is larger than the configured size (in kilobytes).
  2. A configured number of hours have elapsed since the log was last archived.
  3. This is the specific configured hour for rotation of the log.

The granularity of newsyslog is dependent on how often it is scheduled to run by cron(8). Since the program is quite fast, it may be scheduled to run every hour without any ill effects, and mode three (above) assumes that this is so.

The following options can be used with newsyslog:

config_file
Instruct newsyslog to use config_file instead of /etc/newsyslog.conf and /etc/newsyslog.d/*.conf for its configuration file.
directory
Specify a directory into which archived log files will be written. If a relative path is given, it is appended to the path of each log file and the resulting path is used as the directory into which the archived log for that log file will be written. If an absolute path is given, all archived logs are written into the given directory. If any component of the path directory does not exist, it will be created when newsyslog is run.
directory
Specify a directory which all log files will be relative to. To allow archiving of logs outside the root, the directory passed to the -a option is unaffected.
Place newsyslog in verbose mode. In this mode it will print out each log and its reasons for either trimming that log or skipping it.
Cause newsyslog not to trim the logs, but to print out what it would do if this option were not specified.
Remove the restriction that newsyslog must be running as root. Of course, newsyslog will not be able to send a HUP signal to syslogd(8) so this option should only be used in debugging.
Specify that newsyslog should not send any signals to any daemon processes that it would normally signal when rotating a log file. For any log file which is rotated, this option will usually also mean the rotated log file will not be compressed if there is a daemon which would have been signalled without this option. However, this option is most likely to be useful when specified with the -R option, and in that case the compression will be done.
If specified once, then newsyslog will create any log files which do not exist, and which have the C flag specified in their config file entry. If specified multiple times, then newsyslog will create all log files which do not already exist. If log files are given on the command-line, then the -C or -CC will only apply to those specific log files.
Force newsyslog to trim the logs, even if the trim conditions have not been met. This option is useful for diagnosing system problems by providing you with fresh logs that contain only the problems.
Do not perform any rotations. This option is intended to be used with the -C or -CC options when creating log files is the only objective.
tagname
Specify that newsyslog should rotate a given list of files, even if trim conditions are not met for those files. The tagname is only used in the messages written to the log files which are rotated. This differs from the -F option in that one or more log files must also be specified, so that newsyslog will only operate on those specific files. This option is mainly intended for the daemons or programs which write some log files, and want to trigger a rotate based on their own criteria. With this option they can execute newsyslog to trigger the rotate when they want it to happen, and still give the system administrator a way to specify the rules of rotation (such as how many backup copies are kept, and what kind of compression is done). When a daemon does execute newsyslog with the -R option, it should make sure all of the log files are closed before calling newsyslog, and then it should re-open the files after newsyslog returns. Usually the calling process will also want to specify the -s option, so newsyslog will not send a signal to the very process which called it to force the rotate. Skipping the signal step will also mean that newsyslog will return faster, since newsyslog normally waits a few seconds after any signal that is sent.

If additional command line arguments are given, newsyslog will only examine log files that match those arguments; otherwise, it will examine all files listed in the configuration file(s).

/etc/newsyslog.conf
newsyslog configuration file
/etc/newsyslog.d/
newsyslog configuration directory

Previous versions of the newsyslog utility used the dot (``.'') character to distinguish the group name. Beginning with FreeBSD 3.3, this has been changed to a colon (``:'') character so that user and group names may contain the dot character. The dot (``.'') character is still accepted for backwards compatibility.

The newsyslog utility originated from NetBSD and first appeared in FreeBSD 2.2.

Theodore Ts'o, MIT Project Athena

Copyright 1987, Massachusetts Institute of Technology

bzip2(1), gzip(1), syslog(3), newsyslog.conf(5), chown(8), syslogd(8)

Does not yet automatically read the logs to find security breaches.

February 24, 2005 Mac OS X 12