RFC: Nagios log rotation/archieving

Lars Michelsen lars.lists at googlemail.com
Tue Jul 31 14:10:42 CEST 2007


Hi Ethan, Hi Devels,
in the last days I worked a bit with the log rotation and the
archieved logs. I have some questions about the log archieving of
Nagios.
At first: I was wondering if there are differences between Nagios 2.x
and Nagios 3.x but it seems there are no.

- Log archieve file naming #1: The naming
nagios-<month>-<day>-<year>-<id>.log is not very comfortable. When I
do a isting of the archieve directory I get the mixed logs of the last
years and months. They are not sorted by year and date. By default ls
-ltr (sort by last modification time) would fix this problem but in my
case some logs were copied due to a server migration, this resulted in
same file modification timestamps.

:> ls -al
drwxr-xr-x 5 nagios nagios   20480 2007-07-30 11:29 .
drwxr-xr-x 9 nagios nagios    4096 2007-07-30 11:30 ..
-rw-r--r-- 1 nagios nagios    2680 2007-07-30 11:17 nagios-01-01-2006-00.log
-rw-r--r-- 1 nagios nagios  277443 2007-07-30 11:17 nagios-01-01-2007-00.log
-rw-r--r-- 1 nagios nagios    2680 2007-07-30 11:17 nagios-01-02-2006-00.log
-rw-r--r-- 1 nagios nagios  320326 2007-07-30 11:17 nagios-01-02-2007-00.log
...

This could easily be fixed by naming the files like
nagios-<year>-<month>-<day>-<id>.log or sth. like this. Eventualy
there could be added a new configuration option like
"log_archive_name". Default could remain at
log_archive_name=nagios-%m-%d-%Y-00.log.

- Log archieve file naming #2: The files are named with the date they
are rotated at. The logfile nagios-01-01-2007-00.log with daily
rotation contains the logs from 2006-12-31 00:00 to 2006-12-31 23:59.
Imo this is not very intuitive. Would it be better to name the files
like what they contain? e.g. nagios-01-01-2007-00.log contains the
logs from 2007-01-01 00:00 to 2007-01-01 23:59.
After some searches in rotation methods of other programs I recognized
that other tools do it like Nagos too. Okay, if this is a non written
standard I'll accept it. But I still think it would be more intuitive
when browsing directly in the logfiles.

- Epoch timestamp in the logs: The epoch logentries are not human
readable - is there a good reason to let it remain like it is? Or
could it be possible to change this date format also by a
configuration option?

We already had some discussions about this in the German Nagios Forum
(http://www.nagios-portal.de/forum/thread.php?threadid=7080) - the
results: Renaming of the logfile format would be easy with much
benefit when searching the logs manualy. Changing the timestamps in
the logs is only done with complex changes in the code - I gues too
much work for the benefit.

Best Regards,
Lars

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/




More information about the Developers mailing list