How to rotate apache logs in Linux
Here’s a little shell hack we did with synack last week. Basically instead of logrotate for apache we wrote this shell script which gives us more control over the logs. If you look into the codes you will see that it grabs all the apache log files, zips them, clear the logs, move the zipped file into different directory and if needed ftp/ssh file into different server. At the end, it restarts apache to enable new logs.
So enjoy!
#!/bin/sh # log-apache.sh # # Copyright 2007 Arstan Jusupov <arstan> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.</arstan> # Exporting paths PATH=$PATH:/usr/local/sbin:/sbin:/usr/sbin # Assign variables LOGS_FILE_ZIP=`date +%Y%m%d`_logs.zip LOGS_DIR=/var/log/httpd LOGS_BACKUPS_DIR=/var/logs_backups FTP_BACKUPS_DIR=/path/to/backup/`date +%Y%m` APACHECTL=`which apachectl` # or hard-code full path FTP_USER="backup" FTP_PASSWD="backup" FTP_SERVER="192.168.x.x" # Check if we can access $LOGS_DIR if [ ! -d $LOGS_DIR ]; then echo $LOGS_DIR does not exists or cannot be accessed. break fi # Check if $LOGS_BACKUPS_DIR exists, if not create. if [ ! -d $LOGS_BACKUPS_DIR ]; then mkdir -p $LOGS_BACKUPS_DIR fi # Rotate the log files for X in `ls $LOGS_DIR | grep log`; do mv $LOGS_DIR/$X $LOGS_DIR/$(date +%Y%m%d)_$X done # Archive log files zip $LOGS_BACKUPS_DIR/$LOGS_FILE_ZIP $LOGS_DIR/$(date +%Y%m%d)* # Verification for successful zipping and removal of old log files. if [ $? = 0 ]; then rm $LOGS_DIR/$(date +%Y%m%d)* fi # Re-create the log files for X in access_log error_log ssl_error_log ssl_request_log modsec_audit_log modsec_debug_log; do touch $LOGS_DIR/$X done # Finally, restarting apache or if you want $APACHECTL graceful $APACHECTL restart # Off-system transfer of the log files # Change local dir cd $LOGS_BACKUPS_DIR ftp -n $FTP_SERVER <<end> user $FTP_USER $FTP_PASSWD binary</end> # create the remote backup dir in %Y%m format, if exists wont hurt # I dont know how to do: if [ -d $DIR ]; then mkdir $FTP_BACKUPS_DIR cd $FTP_BACKUPS_DIR put $LOGS_FILE_ZIP bye End-Of-Session echo Done exit 0