Ubuntu – Compression setting for log files in /var/log

log

For the log files in /var/log,
it appears that the wtmp and also the rotated wtmp.n are not ASCII file and can only be read by the last command, so if they are compressed, one has to first uncompress them and then use last -f ... to read. The other compressed log files can be easily read using an editor such as emacs since they are ASCII text files.

Is there a way to set "compress" for all other logs files except the wtmp.n?
(I assume that if one uncomments the #compress in the /etc/logrotate.conf,

# uncomment this if you want your log files compressed
#compress

then all log files will be compressed, including the wtmp.)

Thanks

Best Answer

/var/log/wtmp is not a text file but it's not compressed either. It's a binary file and to decode it you need a dedicated tool called rawtmp available with the sac package.

sudo apt-get install sac

To access wtmp logs, type in a terminal:

rawtmp | less

Or to decode the first wtmp archive:

rawtmp -w /var/log/wtmp.1 | less

EDIT: To override logrotate compression settings for wtmp you just need to edit the /etc/logrotate.conf file:

sudo gedit /etc/logrotate.conf

To add the nocompress directive:

/var/log/wtmp {
    nocompress
    missingok
    monthly
    create 0664 root utmp
    rotate 12
}

From logrotate man page:

   nocompress
          Old versions of log files are not compressed. See also compress.

Related Solutions

Ubuntu – Meaning of files in /var/log/lightdm/ and how to properly read lightdm.log file

Read this Q&A if you want more info on the boot/login process.

lightdm.log is the log file where your display manager (also called login manager) lightdm write its messages.

After lightdm started the X-server, the X's first and last messages (like a header and a footer) will go into x-N.log, where N represents the display, just like in /var/log/Xorg.N.log which is the log file for the other messages from X.

The x-N-greeter.log file is the log file where the greeter (on ubuntu it is unity-greeter) messages are written, N again represents the display number.

You should start with lightdm.log and read it sequentially, and you will see that is is always reported when and where newer log files are created, e.g.:

[+0.22s] DEBUG: Logging to /var/log/lightdm/lightdm.log
...
[+0.31s] DEBUG: Logging to /var/log/lightdm/x-0.log
...
[+0.87s] DEBUG: Logging to /var/log/lightdm/x-0-greeter.log

Yes, those log files are regenerated on every reboot, but the previous log is saved with the .old suffix.

Ubuntu – Ubuntu 14.04 – logrotate does not rotate /var/log/* (rsyslog config)

Same issue happened and resolved on Ubuntu 14.04 server with below change in /etc/logrotate.d/rsyslog

from:

/var/log/syslog
{
    rotate 7
    daily
    ...
    postrotate
        reload rsyslog >/dev/null 2>&1 || true
    endscript
}

to this:

{
    rotate 7
    daily
    ...
    postrotate
        service rsyslog rotate >/dev/null 2>&1 || true
    endscript
}

for each rotated rsyslog files. I triggered logrotate manually with "/usr/sbin/logrotate /etc/logrotate.conf" and tested it with logger.

Best Answer

Related Solutions

Ubuntu – Meaning of files in /var/log/lightdm/ and how to properly read lightdm.log file

Ubuntu – Ubuntu 14.04 – logrotate does not rotate /var/log/* (rsyslog config)

Related Question