In my day to day I'm asked to tar up logs quite often, but often from hosts which have the same log file names. I've got this little snippet saved that can rename the log file paths in the tar file so we don't clobber log files when extracting at the destination end.
The first part of the command is running find and looking for any files that are modified in the past 24 hours (use -daystart for the past day). We print any filenames found and pass that to xargs, which will then run tar and add the files to the output tar file. However in the middle is this transform option, it's doing a simple substring replacement of "var/log/jbossas/standalone" with "$(hostname)".
And that's it. Simple tar filename transformation.
This is of course completely ignoring solutions like splunk or greylog, but often vendors want their raw log files to look at.
find /var/log/jbossas/standalone -mtime -1 -type f -print | \ xargs tar --transform 'flags=r;s|var/log/jbossas/standalone|${hostname}|' \ -cvf /var/tmp/logs_$(hostname)_$(date +%Y%m%d).tgz
The first part of the command is running find and looking for any files that are modified in the past 24 hours (use -daystart for the past day). We print any filenames found and pass that to xargs, which will then run tar and add the files to the output tar file. However in the middle is this transform option, it's doing a simple substring replacement of "var/log/jbossas/standalone" with "$(hostname)".
And that's it. Simple tar filename transformation.
This is of course completely ignoring solutions like splunk or greylog, but often vendors want their raw log files to look at.
No comments:
Post a Comment