logrotate 中几个重要指令的理解

1.create:create mode owner group Immediately after rotation (before the postrotate script is run) the log file  is  created  (with  the  same name as the log file just rotated).  mode specifies the mode for the log file in octal (the same as chmod(2)), owner specifies the user  name  who  will own the log file, and group specifies the group the log file will belong to. Any of the log file attributes may be omitted, in which case those attributes  for  the  new  file will  use  the  same  values  as the original log file for the omitted attributes. This option can be disabled using the nocreate option.

$ cat /etc/logrotate.conf
/var/log/test.log {
        size 1M
    create 666 jaseywang jaseywang
$ sudo logrotate /etc/logrotate.conf

# while true;do cat /dev/zero  > /var/log/test.log ;done
# logrotate   /etc/logrotate.conf
# ll /var/log/test.log*

也就是说 logrotate 之后生成的 file.log 新文件的权限,用户,用户组,执行了 logrotate 之后,该日志文件对应的服务会向 test.log.1 文件继续写入而不是向 test.log 写入。

2.copytruncate:Truncate:the original log file in place after creating a copy, instead of moving the old log file and optionally creating a new one.  It can be used when some program  can not  be  told  to  close its logfile and thus might continue writing (appending) to the previous log file forever.  Note that there is a very small time slice between  copying the  file  and  truncating it, so some logging data might be lost.  When this option is used, the create option will have no effect, as the old log file stays in place.

truncate 理解起来就是清空文件内容,但是保留该文件,等同于下面这个命令:
$ > filename

Linux 下面有个 truncate 命令,可以用来 shrink/extend 文件大小,如果 -s 后面的数值大于指定文件的大小,多出来的部分将会以零字节填充;如果小于,多出的来的数据将丢失。
注意:如果 truncate 一个大于文件实际大小的文件,系统并没有给该文件分配 inode,只是一个声称的大小罢了,这点可以通过 ls -s 看出,或者 du 也能看出。当然,du -b 的作用跟 ls -l 等同。

3.copy:Make a copy of the log file, but don't change the original at all.  This option can  be used,  for  instance,  to  make  a snapshot of the current log file, or when some other utility needs to truncate or parse the file.  When this  option  is  used,  the  create option will have no effect, as the old log file stays in place.

compresscmd /bin/bzip2
compressext .bz2
默认会以 .gz 结尾,如果使用 bzip2,那么需要指定以 bz2 结尾

默认为 bytes,可以以 M/G 结尾

这样解释 last 指令显示的内容就简单了,常常发现 last 只会显示从某段时间开始的登录/reboot 等信息,就是系统默认做了 logrotate 的,如果要看之前的登录信息,执行:
$ last -f wtmp.1