Event Log Rotation

Both pbmasterd and pblogd have the ability to rotate the event log. The current event log is renamed with a date/time tag, and a new event log is created with the specified event log name.

Event Log Rotation Based On Size

The eventlogrotate keyword specifies a rotate size and an optional path for the resulting rotated file. The size may include a k, m, or g, indicating the specified number is multiplied by 1024, 1048576, or 1073741824, respectively. This mechanism rotates the event log only during Accept and Reject events. The optional path specifies a new path only (not the file name portion). The rotated event log has the file name format pb.eventlog_YYYYMMDD_HHMMSS.

eventlogrotate size=8k,path=/somewhere/else/

If the optional path is specified, the event log is renamed to the new file name (on the original file system) while the event log lock is held, then after the lock is released, the old renamed event log is moved to the optional path (possibly on a different file system). If the specified path does not exist, it is created.

This mechanism works with the event log /path/filename specified in the pb.settings file, or as changed via policy.

Variable Substitution in the Path

The path portion of the eventlogrotate keyword supports variable substitution. This is most useful to rotate to directories based on hostname or date. This mechanism works only when rotating by size during an Accept or Reject event. When rotating via command line (or cron), no policy variables are available. Variables used in the path portion of the eventlogrotate keyword must be variables that exist in every Accept and Reject event.

The date variable results in a yyyy/mm/dd format, which includes subdirectories. For a yyyymmdd format without subdirectories, use %year%%i18n_month%%i18n_day%.

eventlogrotate "size=8k, path=/var/log/pb/eventlogs/%masterhost%/%date%/"

Manual Event Log Rotation

The --rotate option (-R), for both pbmasterd and pblogd, allows manual rotation, or rotation via cron, for the event log /path/filename specified in pb.settings. The --rotate option does not operate on event log /path/filenames changed via policy. The file name of a specific event log to rotate can be specified as an optional argument to the --rotate (-R) option. This mechanism uses the path element of the eventlogrotate keyword (ignoring any size specification).

pbmasterd --rotate

pbmasterd --rotate /var/log/pbeventlogA

pblogd --rotate

pblogd --rotate /var/log/pbeventlogA

Event Log Rotation Based On Age

Cron can be configured to execute either pbmasterd or pblogd with the --rotate option, to periodically rotate the event log.

For more information, see the Endpoint Privilege Management for Unix and LinuxInstallation Guide.