OpenBSD log rotate newsyslog

We’re setting up OpenBSD’s log rotate utility newsyslog(8) to deal with our custom services, such as gmifs. Reasons for log rotation include retaining disk space and removing access information such as IP addresses to protect the privacy of users long term.

The file /etc/newsyslog.conf specifies under which conditions what log files are to be rotated and what actions shall be taken as well as retention.

# logfile_name          owner:group     mode count size when  flags
/var/www/logs/gemini/access.log         644  4     *    $W0   Z
/var/www/logs/gemini/debug.log          644  7     250  *     Z

The access log file contains IP addresses, paths and status codes with timestamp, the debug log only contains information to improve the software, such as errors when handling requests or renewing certificates. The policy for each is therefore radically different.

A brief explanation of the used parameters:

• logfile_name - the full path to the log file to be processed.
• owner:group - optional and omitted in the gmifs example above. Newsyslog can change the owner and group of old log files, by default they are owned by root and the wheel group.
• mode - permission mode in standard UNIX three-digit octal notation
• count - retention of old log files counting up from zero plus.
• size - file size when newsyslog runs, if the file is larger in KiB it is rotated. Use an asterisk if the size doesn’t affect when you want to rotate the log file.
• when - time constraint for rotating the log. E.g. $W0 above stands for weekly. If an asterisk is used, the time doesn’t matter, as it is the case with the debug logs above.
• flags - optional, Z means the old log files are to be compressed with gzip(1).

For more details see newsyslog(8) with man newsyslog.