介绍

默认apache日志默认不分割的，长时间不清理apache日志就会占满磁盘空间，而且一个整文件既不利于管理也不利于分析统计。（其他日志也如此）

什么cronolog?

cronolog是一个简单的过滤程序，它从标准输入设备读入日志记录，并把这些记录写入到输出文件集，输出文件的名字由一个文件名模板和当前的日期时间组成。cronolog通常与web服务器一起使用，例如apache,用来安全地对日志文件按日期、月或其它特定的区间进行分割。当然也可以配置来分割其他服务的日志，如nginx,lighttpd。

详情参考 man cronolog，这里用apache举例。

安装cronolog

yum -y install cronolog

cronolog官网已经不用了，但是centos的yum已经包含了该软件，所以可以直接下载

配置

apache的虚拟主机的日志的cronolog配置

cat /app/server/httpd/conf/vhosts/test.com.conf

<VirtualHost *:80>
     DocumentRoot /app/www/test.com
     ServerName test.com
     <Directory "/app/www/test.com">
         Options -Indexes FollowSymLinks
         DirectoryIndex index.php index.html
         AllowOverride all
         Order allow,deny
         Allow from all
     </Directory>
     ErrorLog "|/usr/sbin/cronolog /app/server/httpd/logs/test.com-error_%Y%m%d.log"
     CustomLog "|/usr/sbin/cronolog /app/server/httpd/logs/test.com_%Y%m%d.log" combined
</VirtualHost>

在虚拟主机基础配置上修改errorlog和customlog的配置而已，其他配置只是参考，无关cronolog的。

检查

配置完成后检查配置文件是否正常

 /app/server/httpd/bin/apachectl -t
Syntax OK

配置完成后需要完全关闭apache所有进程后再启动

service httpd stop

ps -ef|grep httpd

service httpd start

其实所有的系统操作都应该是谨慎而彻底的，确认上一步进行无误后方可进行下一步操作。

检查cronolog运行情况

ps -ef|grep cronolog
root  1006 1  0 Feb04 ?00:00:01 crond
root 22511  5290  0 15:51 ?00:00:00 /usr/sbin/cronolog /app/server/httpd/logs/wifi-www.luckygz.com_1234-error_%Y%m%d.log
root 22512  5290  0 15:51 ?00:00:00 /usr/sbin/cronolog /app/server/httpd/logs/test.com-error_%Y%m%d.log
root 22513  5290  0 15:51 ?00:00:00 /usr/sbin/cronolog /app/server/httpd/logs/test.com_%Y%m%d.log

检查日志是否开始分割

ls -lh /app/server/httpd/logs/|grep 'test.com'

1.正常情况下日志会按照配置进行分割，例如我这里是test.com_20150215.log
2.重启apache后，要有web请求访问网站，新的日志才会生成，不然的话是看不到效果的，虽然配置已经生效
3.原来的test.com.log还是会存在，你可以保留或者删掉

至此完成基本配置，基本实现需求。

more

但这里还想做多一步，就是日志分割了也依然比较大，因为纯文本很大，所以需要做定期压缩

#!/bin/bash

log_dir='/app/server/httpd/logs'
days='5'
log_bak_dir='/app/server/httpd/logs/bak'


find ${log_dir} -name "*.log" -type f -mtime +${days}|grep -v 'bak' |xargs -I '{}' mv '{}' ${log_bak_dir}

cd ${log_bak_dir}
for i in `ls -1 ${log_bak_dir}`
do
 gzip $i
done

脚本使用了find和一个for循环来完成，最终的效果就自动将匹配条件的日志文件转移到指定目录，然后进行压缩。

BTW顺带说说

apache默认日志的cronolog配置

cat /app/server/httpd/conf/httpd.conf

ErrorLog "|/usr/sbin/cronolog /app/server/httpd/logs/error_log"
CustomLog "|/usr/sbin/cronolog /app/server/httpd/logs/access_log" common

默认的httpd.conf全局日志error_log 和 access_log是不可以直接使用相对路径来进行分割的，所以需要写全路径，如上。

科普时间

cronolog的配置非常简单，可以在apache里直接调用，使用方法也很简便，直接写时间就可以指定时间分割，下面做了一些解释和例子参考。

   cronolog is intended to be used in conjunction with a Web server, such as Apache to split the access log into daily or monthly logs.  For example the Apache configuration directives:

           TransferLog "|/usr/sbin/cronolog /www/logs/%Y/%m/%d/access.log"
           ErrorLog    "|/usr/sbin/cronolog /www/logs/%Y/%m/%d/errors.log"

   would instruct Apache to pipe its access and error log messages into separate copies of cronolog, which would create new log files each day in a directory hierarchy structured by date, i.e. on  31  December
   1996 messages would be written to

           /www/logs/1996/12/31/access.log
           /www/logs/1996/12/31/errors.log

   after midnight the files

           /www/logs/1997/01/01/access.log
           /www/logs/1997/01/01/errors.log

而时间的格式是使用strftime function，不过根据介绍，基本能看懂，%是说明符，H代表0-23小时，24小时制，如此类推

Template format
   Each  character  in  the template represents a character in the expanded filename, except for date and time format specifiers, which are replaced by their expansion.  Format specifiers consist of a ‘%’ fol-
   lowed by one of the following characters:

   %      a literal % character

   n      a new-line character

   t      a horizontal tab character

   Time fields:

   H      hour (00..23)

   I      hour (01..12)

   p      the locale’s AM or PM indicator

   M      minute (00..59)

   S      second (00..61, which allows for leap seconds)

   X      the locale’s time representation (e.g.: "15:12:47")

   Z      time zone (e.g. GMT), or nothing if the time zone cannot be determined

   Date fields:

   a      the locale’s abbreviated weekday name (e.g.: Sun..Sat)

   A      the locale’s full weekday name (e.g.: Sunday .. Saturday)

   b      the locale’s abbreviated month name (e.g.: Jan .. Dec)

   B      the locale’s full month name, (e.g.: January .. December)

   c      the locale’s date and time (e.g.: "Sun Dec 15 14:12:47 GMT 1996")

   d      day of month (01 .. 31)

   j      day of year (001 .. 366)

   m      month (01 .. 12)

   U      week of the year with Sunday as first day of week (00..53, where week 1 is the week containing the first Sunday of the year)

   W      week of the year with Monday as first day of week (00..53, where week 1 is the week containing the first Monday of the year)

   w      day of week (0 .. 6, where 0 corresponds to Sunday)

   x      locale’s date representation (e.g. today in April in Britain: "13/04/97")

   y      year without the century (00 .. 99)

   Y      year with the century (1970 .. 2038)

   Other specifiers may be available depending on the C library’s implementation of the strftime function.

原文链接：http://www.godblessyuan.com/2015/02/15/apache_cronolog_log_split_rollback/