How to trim excessive size of log file? [OS X 10.6.2]
in [Mac Systems]
|
From: John Varela on 8 Jan 2010 20:05 On Fri, 8 Jan 2010 04:20:13 UTC, dempson(a)actrix.gen.nz (David Empson) wrote: > ls -l /var/log/system* > > This is what mine shows: > > -rw-r----- 1 root admin 10596 8 Jan 00:30 /var/log/system.log.0.bz2 > -rw-r----- 1 root admin 15424 7 Jan 00:31 /var/log/system.log.1.bz2 > -rw-r----- 1 root admin 10355 6 Jan 00:30 /var/log/system.log.2.bz2 > -rw-r----- 1 root admin 1576 5 Jan 00:30 /var/log/system.log.3.bz2 > -rw-r----- 1 root admin 18926 5 Jan 00:12 /var/log/system.log.4.bz2 > -rw-r----- 1 root admin 23765 26 Dec 00:30 /var/log/system.log.5.bz2 > -rw-r----- 1 root admin 32591 21 Dec 00:52 /var/log/system.log.6.bz2 > -rw-r----- 1 root admin 12088 18 Dec 00:30 /var/log/system.log.7.bz2 > > My file sizes vary betwen 1.5K and 32.5K. Note that my most recent logs > have been archived roughly every 24 hours, near midnight, but there is a > bit of a gap to the previous few. I get only two lines of output: system.log is 89.5MB and one .bz2 file dated Nov 6 at 302KB. Is there any reason to keep thes old logs? -- John Varela Trade NEWlamps for OLDlamps for email
From: David Empson on 8 Jan 2010 20:58
John Varela <OLDlamps(a)verizon.net> wrote: > On Fri, 8 Jan 2010 04:20:13 UTC, dempson(a)actrix.gen.nz (David > Empson) wrote: > > > ls -l /var/log/system* > > > > This is what mine shows: > > > > -rw-r----- 1 root admin 10596 8 Jan 00:30 /var/log/system.log.0.bz2 > > -rw-r----- 1 root admin 15424 7 Jan 00:31 /var/log/system.log.1.bz2 > > -rw-r----- 1 root admin 10355 6 Jan 00:30 /var/log/system.log.2.bz2 > > -rw-r----- 1 root admin 1576 5 Jan 00:30 /var/log/system.log.3.bz2 > > -rw-r----- 1 root admin 18926 5 Jan 00:12 /var/log/system.log.4.bz2 > > -rw-r----- 1 root admin 23765 26 Dec 00:30 /var/log/system.log.5.bz2 > > -rw-r----- 1 root admin 32591 21 Dec 00:52 /var/log/system.log.6.bz2 > > -rw-r----- 1 root admin 12088 18 Dec 00:30 /var/log/system.log.7.bz2 > > > > My file sizes vary betwen 1.5K and 32.5K. Note that my most recent logs > > have been archived roughly every 24 hours, near midnight, but there is a > > bit of a gap to the previous few. I need to correct my previous description slightly: on closer inspection it turns out that on Snow Leopard, newsyslog is configured to run on the half hour every hour, while on Leopard it is on the hour every hour. system.log will be rotated if newsyslog runs at 12:30 a.m. for Snow Leopard, or at midnight for Leopard. It won't "catch up" a missed log rotation if the computer wasn't awake at that time. On rare occasions it may be rotated at other times within the following hour (e.g. if you woke up the computer then), which probably explains the two other times in my list above. Most of the other logs are rotated based on the size of the file having reached a threshold (typically 1 MB) when newsyslog runs on the half hour (or hour). This is configured in /etc/newsyslog.conf, and Snow Leopard has more of them in /etc/newsyslog.d/ The mechanism changed between Tiger and Leopard. In Tiger and earlier it was done by the daily maintenance script which runs at 3:15 a.m., but only if the computer is awake at that time. (Tiger uses launchd to invoke the periodic scripts, but I think it was Leopard which added the ability for launchd to catch up on missed events. Panther and earlier used cron to run the periodic scripts, and it only happens if the computer is awake at that time.) > I get only two lines of output: system.log is 89.5MB and one .bz2 > file dated Nov 6 at 302KB. > > Is there any reason to keep thes old logs? Only if you want to look at them to investigate something which happened on your computer at a particular time. The safest option would be to force a log rotation manually. You can do this with the following command in Terminal (on Leopard or Snow Leopard): sudo newsyslog -F /var/log/system.log You can only do this if you are an admin user and will be prompted for your password. This will immediately archive the active system.log (compressing it significantly) and start a fresh one. Other methods of manually emptying the logs are risky. newsyslog does quite a few steps to make sure no log messages are lost, and that the expected files continue to exist. After this you could delete the old compressed logs if you don't want to keep them, with: sudo rm /var/log/system.log.[0-7].bz2 -- David Empson dempson(a)actrix.gen.nz |