newsyslog naming scheme could be improved?

[Doug Hardie]

On Oct 11, 2008, at 09:46, Jeremy Chadwick wrote:

> On Sat, Oct 11, 2008 at 09:33:42AM -0700, Kelly Jones wrote:
>> newsyslog rotates logfiles so that messages.0.gz is yesterday's file,
>> messages.1.gz is the day before's, etc.
>>
>> This is ugly. If I tell my fellow sysadmins that I ran this command:
>>
>> zfgrep 'bad thing' /var/log/messages.4.gz
>>
>> and found stuff, they may run it the next day and get different
>> results because the file is now messages.5.gz
>
> Is it possible to educate your co-workers into looking at timestamps  
> on
> files before randomly assuming that EVERYTHING ends up in .4.gz?  :-)
> Surely your co-workers aren't that dense.
>
> Or you can have them use zgrep 'bad thing' /var/log/messages.*.gz
> and tell them "pay close attention to the timestamps shown!!"  That
> might work as a better work-around.
>
>> Improving my cow-orkers intelligence would be the ideal solution, but
>> has anyone considered tweaking newsyslog to name files
>> messages.2008-10-05-12-00-00.gz or something. IE, give them a  
>> constant
>> name that doesn't change and then delete them after how many ever
>> days?
>
> I'd vote for the following strftime(3) format: "%Y%m%dT%H%M".   
> Otherwise
> known as: YYYYMMDDThhmm

Either approach would sure increase the typing when searching for log  
entries for a specific day.  I keep 30 days of maillogs and reasonably  
frequently have to search them for a specific day a week or 2 ago.   
Given that I usually run about 5 searches to find all the relevant  
entries, that would sure add to the typing.  Also, I have no immediate  
idea how newsyslog would be able to still retain 30 backups. The dates  
on the files are not necessarily accurate.  They can get changed  
easily.  Searching with maillog.* is a horrible waste of computer and  
people time.  Puts a real load on the mail server and I wait for quite  
awhile.