RHEL9  logrotate.timer OnCalendar logrotateログファイルを定期にローテーションする方法

環境
# cat/etc/redhat-release
Red Hat Enterprise Linux release 9.2 (Plow)

概要
onCalendar定期的書式

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
minutely *-*-* *:*:00 毎分
hourly *-*-* *:00:00 毎時
daily *-*-* 00:00:00 日次
monthly *-*-01 00:00:00 月次
weekly Mon *-*-* 00:00:00 週次
yearly *-01-01 00:00:00 年次
quarterly *-01,04,07,10-01 00:00:00 四半期ごと
semiannually *-01,07-01 00:00:00 半期ごと
minutely *-*-* *:*:00 毎分 hourly *-*-* *:00:00 毎時 daily *-*-* 00:00:00 日次 monthly *-*-01 00:00:00 月次 weekly Mon *-*-* 00:00:00 週次 yearly *-01-01 00:00:00 年次 quarterly *-01,04,07,10-01 00:00:00 四半期ごと semiannually *-01,07-01 00:00:00 半期ごと
minutely *-*-* *:*:00 毎分
hourly *-*-* *:00:00 毎時
daily *-*-* 00:00:00 日次
monthly *-*-01 00:00:00 月次
weekly Mon *-*-* 00:00:00 週次
yearly *-01-01 00:00:00 年次
quarterly *-01,04,07,10-01 00:00:00 四半期ごと
semiannually *-01,07-01 00:00:00 半期ごと

設定方法
1.デフォルトのunitファイルを確認します。

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
# ls -lrt /usr/lib/systemd/system/ | grep logrotate
-rw-r--r--. 1 root root 191 1014 2019 logrotate.timer
-rw-r--r--. 1 root root 870 821 2020 logrotate.service
# ls -lrt /usr/lib/systemd/system/ | grep logrotate -rw-r--r--. 1 root root 191 10月 14 2019 logrotate.timer -rw-r--r--. 1 root root 870 8月 21 2020 logrotate.service
# ls -lrt /usr/lib/systemd/system/ | grep logrotate
-rw-r--r--. 1 root root 191 10月 14 2019 logrotate.timer
-rw-r--r--. 1 root root 870 8月 21 2020 logrotate.service

2.logrotate.timerを確認します

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
# cat /usr/lib/systemd/system/logrotate.timer
[Unit]
Description=Daily rotation of log files
Documentation=man:logrotate(8) man:logrotate.conf(5)
[Timer]
OnCalendar=daily
AccuracySec=1h
Persistent=true
[Install]
WantedBy=timers.target
# cat /usr/lib/systemd/system/logrotate.timer [Unit] Description=Daily rotation of log files Documentation=man:logrotate(8) man:logrotate.conf(5) [Timer] OnCalendar=daily AccuracySec=1h Persistent=true [Install] WantedBy=timers.target
# cat /usr/lib/systemd/system/logrotate.timer
[Unit]
Description=Daily rotation of log files
Documentation=man:logrotate(8) man:logrotate.conf(5)

[Timer]
OnCalendar=daily
AccuracySec=1h
Persistent=true

[Install]
WantedBy=timers.target

3.logrotate.serviceの内容を確認します

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
# cat /usr/lib/systemd/system/logrotate.timer
[Unit]
Description=Daily rotation of log files
Documentation=man:logrotate(8) man:logrotate.conf(5)
[Timer]
OnCalendar=daily
AccuracySec=1h
Persistent=true
[Install]
WantedBy=timers.target
[root@localhost ~]# cat /usr/lib/systemd/system/logrotate.service
[Unit]
Description=Rotate log files
Documentation=man:logrotate(8) man:logrotate.conf(5)
RequiresMountsFor=/var/log
ConditionACPower=true
[Service]
Type=oneshot
ExecStart=/usr/sbin/logrotate /etc/logrotate.conf
# performance options
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
# hardening options
# details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
# no ProtectHome for userdir logs
# no PrivateNetwork for mail deliviery
# no NoNewPrivileges for third party rotate scripts
# no RestrictSUIDSGID for creating setgid directories
LockPersonality=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
RestrictNamespaces=true
RestrictRealtime=true
# cat /usr/lib/systemd/system/logrotate.timer [Unit] Description=Daily rotation of log files Documentation=man:logrotate(8) man:logrotate.conf(5) [Timer] OnCalendar=daily AccuracySec=1h Persistent=true [Install] WantedBy=timers.target [root@localhost ~]# cat /usr/lib/systemd/system/logrotate.service [Unit] Description=Rotate log files Documentation=man:logrotate(8) man:logrotate.conf(5) RequiresMountsFor=/var/log ConditionACPower=true [Service] Type=oneshot ExecStart=/usr/sbin/logrotate /etc/logrotate.conf # performance options Nice=19 IOSchedulingClass=best-effort IOSchedulingPriority=7 # hardening options # details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html # no ProtectHome for userdir logs # no PrivateNetwork for mail deliviery # no NoNewPrivileges for third party rotate scripts # no RestrictSUIDSGID for creating setgid directories LockPersonality=true MemoryDenyWriteExecute=true PrivateDevices=true PrivateTmp=true ProtectClock=true ProtectControlGroups=true ProtectHostname=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=full RestrictNamespaces=true RestrictRealtime=true
# cat /usr/lib/systemd/system/logrotate.timer

[Unit]
Description=Daily rotation of log files
Documentation=man:logrotate(8) man:logrotate.conf(5)

[Timer]
OnCalendar=daily
AccuracySec=1h
Persistent=true

[Install]
WantedBy=timers.target
[root@localhost ~]# cat /usr/lib/systemd/system/logrotate.service
[Unit]
Description=Rotate log files
Documentation=man:logrotate(8) man:logrotate.conf(5)
RequiresMountsFor=/var/log
ConditionACPower=true

[Service]
Type=oneshot
ExecStart=/usr/sbin/logrotate /etc/logrotate.conf

# performance options
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7

# hardening options
#  details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
#  no ProtectHome for userdir logs
#  no PrivateNetwork for mail deliviery
#  no NoNewPrivileges for third party rotate scripts
#  no RestrictSUIDSGID for creating setgid directories
LockPersonality=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
RestrictNamespaces=true
RestrictRealtime=true

4.OnCalendarのtimer 設定を変更します
例 OnCalendar=dailyをOnCalendar=weeklyに変更します。
変更方法

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
# cp -p /usr/lib/systemd/system/logrotate.timer /etc/systemd/system/
# cp -p /usr/lib/systemd/system/logrotate.service /etc/systemd/system/
# sed -i s/OnCalendar=daily/OnCalendar=weekly/ /etc/systemd/system/logrotate.timer
# cp -p /usr/lib/systemd/system/logrotate.timer /etc/systemd/system/ # cp -p /usr/lib/systemd/system/logrotate.service /etc/systemd/system/ # sed -i s/OnCalendar=daily/OnCalendar=weekly/ /etc/systemd/system/logrotate.timer
# cp -p /usr/lib/systemd/system/logrotate.timer /etc/systemd/system/
# cp -p /usr/lib/systemd/system/logrotate.service /etc/systemd/system/
# sed -i s/OnCalendar=daily/OnCalendar=weekly/ /etc/systemd/system/logrotate.timer

設定ファイルを反映する
# systemctl daemon-reload

サービスを再起動
# systemctl restart logrotate.service

関連投稿:

  1. RHEL9 sudoers ファイル内にありませんの解決方法
  2. RHEL9.2 SELinuxの無効化方法
  3. RHEL8 パスワードの有効期限の変更方法
  4. RHEL9 rsyslog の基本的な設定サンプル

RHEL9

Posted by arkgame