About Cronolog
cronolog is a simple filter program that reads log file entries from standard input and writes each entry to the output file specified by a filename template and the current date and time. When the expanded filename changes, the current file is closed and a new one opened. cronolog is intended to be used in conjunction with a Web server, such as Apache, to split the access log into daily or monthly logs
Install cronolog in the Linux
#wget http://cronolog.org/download/cronolog-1.6.2.tar.gz
#tar zxvf cronolog-1.6.2.tar.gz
#cd cronolog-1.6.2
#./configure
#make
#make install
|
Long form |
Short form |
Meaning |
|
–hardlink=NAME |
-H NAME |
maintain a hard link from NAME to the current log file |
|
–symlink=NAME |
-S NAME |
maintain a symbolic link from NAME to the current log file |
|
–prev-symlink=NAME |
-P NAME |
maintain a symbolic link from NAME to previous log |
|
–link=NAME |
-l NAME |
same as -S/–symlink |
|
–help |
-h |
print a help message then exit |
|
–period=PERIOD |
-p PERIOD |
set the rotation period explicitly (new in 1.6.2) |
|
–delay=DELAY |
|
set the rotation period delay (new in 1.6.2 — this will be renamed –rotation-offset with a short form of -o in 1.6.3) |
|
–once-only |
|
create single output log from template (not rotated) |
|
–debug=FILE |
-x FILE |
write debug messages to FILE ( or to standard error if FILE is "-") |
|
–american |
-a |
Interprete ambiguous start dates in American date formats (mm/dd/yy[yy]) |
|
–european |
-e |
Interprete ambiguous start dates in European date formats (dd/mm/yy[yy] – default) |
|
–start-time=DT |
-s DT |
starting date and time (in ambiguous cases interpreted according to –american or –european specification) |
|
–time-zone=TZ |
-z TZ |
use TZ for timezone |
|
–version |
-V |
print version number, then exit |
|
Specifier |
Description |
|
%% |
a literal % character |
|
%n |
a new-line character |
|
%t |
a horizontal tab character |
|
Time fields |
|
|
%H |
hour (00..23) |
|
%I |
hour (01..12) |
|
%p |
the locale’s AM or PM indicator |
|
%M |
minute (00..59) |
|
%S |
second (00..61, which allows for leap seconds) |
|
%X |
the locale’s time representation (e.g.: "15:12:47") |
|
%Z |
time zone (e.g. GMT), or nothing if the time zone cannot be determined |
|
Date fields |
|
|
%a |
the locale’s abbreviated weekday name (e.g.: Sun..Sat) |
|
%A |
the locale’s full weekday name (e.g.: Sunday .. Saturday) |
|
%b |
the locale’s abbreviated month name (e.g.: Jan .. Dec) |
|
%B |
the locale’s full month name, (e.g.: January .. December) |
|
%c |
the locale’s date and time (e.g.: "Sun Dec 15 14:12:47 GMT 1996") |
|
%d |
day of month (01 .. 31) |
|
%j |
day of year (001 .. 366) |
|
%m |
month (01 .. 12) |
|
%U |
week of the year with Sunday as first day of week (00..53, where week 1 is the week containing the first Sunday of the year) |
|
%W |
week of the year with Monday as first day of week (00..53, where week 1 is the week containing the first Monday of the year) |
|
%w |
day of week (0 .. 6, where 0 corresponds to Sunday) |
|
%x |
locale’s date representation (e.g. today in Britain: "15/12/96") |
|
%y |
year without the century (00 .. 99) |
|
%Y |
year with the century (1970 .. 2038) |
Cronolog usage:
Edit your httpd.conf file
CustomLog "|/path/to/cronolog [OPTIONS] logfile-spec" [format]
CustomLog "|/usr/sbin/cronolog /web/logs/%Y/%m/%d/access.log" combined
ErrorLog "|/usr/sbin/cronolog /web/logs/%Y/%m/%d/errors.log"
Security issues with cronolog
As far as I am aware noone has done a formal security audit of cronolog. However I have checked the code for potential buffer overflows and such like, and have not found anything untoward. Users should however be aware that cronolog is normally invoked from the web server and passed a filename template from which it constructs the names of the log files that are written. On Unix-like systems piped log programs are started by the initial server process, which runs as root; thus cronolog will usually run as root. If an attacker can write to the web server configuration file then he or she could cause cronolog to write to critical files. Mind you if an attacker does manage to change the web server configuration file then all sorts of nefarious actions are open to them.
