Traditional system loggers like syslog or syslog-ng write log
files and rely on third-party applications to handle log rotation. While this
isn’t necessarily a bad thing, and it is the de facto standard, there is a
better and more flexible way, using the socklog

To use socklog, you also need the svlogd program installed, which
is part of the runit tools. The runit tool is similar to DJB’s daemontools
in that it runs services under supervision. Once you have runit and socklog
installed, create a service for socklog-unix with a /service/socklog-unix/run script that looks similar to this:

/sbin/chpst -m 2000000 -U syslogd /bin/socklog unix /dev/log 2>&1

Also create a /service/socklog-unix/log/run
script that looks similar to:

cd /var/log/socklog
/sbin/chpst -u syslogd /sbin/svlogd /var/log/socklog/all \
  /var/log/socklog/auth \

This can be extended further to cover all syslog facilities,
but here you can see that each facility has its own directory. Inside each
directory is a single file called config
which indicates the facilities to log. For instance, in /var/log/socklog/user/config you might have:


This tells socklog
to unset all facilities (-*) and to set the user facility (user.*). The result
is that logging will go to a file called current
and contain only the user facility logging messages.

As another example, the /var/log/socklog/auth/config
file might contain:


This unsets all facilities and logs the auth and authpriv
facilities. And because svlogd is
used, logs are automatically rotated. You can even configure the size of logs,
frequency of rotation, how many old logs to keep, etc. This makes obsolete the
need for a third-party tool like logrotate
to rotate logs, as well as the need to restart services when logs are rotated.

Delivered each Tuesday, TechRepublic’s free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!