			C H K L O G S   
			 Version 1.5

Introduction
------------

Sooner or later every system admininistrator has to check and purge-if
necessary-the system logs. These system logs are created by programs
such as cron, init, list managers, mail programs, news, uucp, etc. These
logs always grow, some faster than others but in the end they end up
using precious disk space. To avoid running out of disk space these
system logs have to be clipped or purged when the information they
contain is no longer necessary.

The location of the logs vary from system to system, and sometimes
the person installing the distribution has little knowledge about
the location (and even existance!) of these log files. This program
can either be part of the system administrator's tool set, or in
the case of newbies the program can be installed in such a way that
he receives the proper warnings when necessary.

In summary, a small and simple implementation in a single language.

What you will find here
-----------------------

chklogs		The Perl script
chklogs.txt	This document
log 		A sample Log Index file (used in my system)
chklogs.8	Manual page

What's new in this version
--------------------------

* Solved problem of log files that are not recreated after archival. 
  Some logging programs create the log file if it does not exist. Others 
  such as syslogd do *not* create it.  New variable is $toucher

* The Action field of the report has been expanded to be either of:
  OK, Clean up, Archived  to remind whether it is just a reminder that
  it needs trimming or if it has been archived (-a,-M)	[30 Apr 95]

* Added the check (-c) option by using Perl functions emulating
  basename & dirname [30 Apr 95]

* Finally wrote an nroff manual page

The Log Index file
------------------

First you need to know the location of the system logs that are
active in your system/distribution. You also need to assign to
each of these logs a maximum allowable size, that is a size after
which the system administrator better purge them in case (s)he
forgot. This information is kept in a plain file containing the
full path (and name) of the log in the 1st column, and in the 2nd
column the maximum size allowed for the log of the 1st column. This
file is $logf and contains a series of records for each of the
logs to be examined.

The size specified in the 2nd column can be specified in either
bytes (default) or blocks. When changing from one size-spec to
the other the sizes in the $logf have to be converted AND
the $repmode variable in the script has to be set to the
appropriate value (byte,block). 

The default size mode is bytes because it is a bit tricky to
use blocks. First the block size differs in various systems,
HP-UX uses a block size of 8192 while Linux uses 1024. Secondly, 
while one can find out the size of a file in blocks by using the
`ls -l' command, the stat function in Perl reports a different
number of blocks than the `ls -s' command depending on the system.
Therefore the factor has to be adjusted in the script. In HP-UX
it has to be multiplied by 2, while in Linux it has to be divided
by 2.

A sample log index file would look like this:

/var/spool/uucp/Log		  5000
/var/spool/syslog/syslog	 10000
/var/log/news/nntpsend.log	 10000

Configuration
-------------

You may need or want to modify the following variables in the script to
suit it to your system:

$repmode	Can be either `byte' or `block'. It controls whether we
		check for sizes in bytes or disk blocks. See previous 
		section. Defaults to `byte'.
$zipper		The command used to invoke the program that will compress
		the offending log. Defaults to `/bin/gzip'.
$zipext		The extension given to the compressed file by the $zipper.
		Defaults to `gz'.
$logf		The Log Index file. Defaults to `/home/root/.log'.
$admin		The system administrator's account, mail will be sent
		to this address. Defaults to `root'.
$mailer		The actual mailer program and any options. Defaults
		to `/usr/sbin/sendmail -ep -i'.
$toucher	Absolute filename of the touch program. Touch is used
		to recreate log files that have been archived.

How to Use chklogs
------------------

Chklogs could be used at the system administrator's discretion, or
by creating a cron entry or by having it execute at boot time. The
first two seem more appropriate.

Chklogs will compare the maximum allowable sizes of each log -as 
given in the Log Index- against the actual size of the log file
being examined. Then a report is produced that will include as
part of the header:
	a) The location of the Log Index file
	b) The size reporting method (byte or block)
	c) Column headings for the contents of the report
	d) The generic name of archived logs if archiving is 
	   enabled.

The syntax of the command is as follows:

	chklogs [option]

If no option is specified chklogs will produce a report on the 
standard output device. This report shows the following information
for *each* of the examined system logs:

	1) The fully qualified filename of the system logfile
	2) The current size of the log
	3) The maximum allowed size as specified in the Log Index file
	4) Action (to be) taken. Clean up, Archived or OK.

If a log has grown out of the maximum specified size, the action column
will show "Clean up" to emphasize that it needs looking at or Archived
if it was archived.

With the -m option no output
is sent to the standard output device, instead the same check will
be performed on all system logs. If and only if any of the logs has
grown past its maximum size a report will be mailed to the $admin
user. This report contains the same header as described above, but
it will *only* report those logfiles whose size has grown too much. 
This way the $admin user gets a reminder, this is a good option if
the script is run on a crontab. My crontab looks like this:

# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.1159 installed on Sun Mar  5 00:59:41 1995)
# (Cron version -- $Id: chklogs.txt,v 1.3 1995/04/30 21:40:10 root Rel $)
# crontab file for Root
00 21 * * *       /home/root/bin/chklogs -M 

Thus running every day at 21:00 hours.

With the -a option a summary will be produced in stdout (just as if
no option was specified) and the archiving will be enabled. With
archiving, the overgrown log will be compressed and archived in the
same directory as the original log. The log carries a name together
with a time stamp of the form YYMMDD as an extension. Care is taken
to archive the log with the same ownership and permissions as the
original log.

The -M option is the combined efect of the -a and -m options. Chklogs
only takes ONE parameter so it is not possible to use -a -m together
in the command line.

Finally the -c option only makes use of the Log Index to give a 
listing (on stdout) of *all* log files (archived or not) that 
are present in the system. This option is useful to have a quick
overview of what (archived) logs are in the filesystem.

Acknowledgements
----------------
* Thanks to Sam Lantinga <slouken@cs.ucdavis.edu> for the patch to
  improve configurability. Version 1.4
* Thanks to Michael Vergallen <mvergall@innet.be> for the patch to
  recreate archived log files. Version 1.5

If you use this script I would like to hear from you! any comments
or suggestions are welcome :)

Author
------
chklogs written by Didimo Emilio Grimaldo T.
EMAIL:  grimaldo@iaehv.iaehv.nl	    (Host machine)
	grimaldo@panama.iaehv.nl    (Linux box @ home)
	grimaldo@sce.philips.nl	    (Work)
$Header: /home/root/bin/RCS/chklogs.txt,v 1.3 1995/04/30 21:40:10 root Rel $
