# This is a sample newsyslog configuration file.  Any line starting with #
# is considered to be a comment, and blank lines are ignored.  Fields are
# whitespace-separated (tabs, spaces, whatever).

# Set some variables to simplify things later.  The variable names and
# variable contents are arbitrary.  The % escapes have the following
# meanings:
#
#   %%   The character '%'
#   %d   The current date in the form yyyy-mm-dd.
#   %D   The current day of the month in the form dd.
#   %M   The current month of the year in the form mm.
#   %Y   The current year in the form yyyy.
#   %t   The current time in seconds since epoch.
#   %m   The machine hostname.
#   %n   The name of the log being rotated.
#
# The logs are archived in a directory named for the current date in a
# file named <machine>.<log> where <machine> is the hostname of the
# machine and <log> is the name of the log.
set logdir  = /var/log/%n
set afsdir  = /usr/afs/logs/%n
set save    = /var/log/OLD/%n
set saveafs = /usr/afs/logs/OLD/%n
set archive = /afs/ir/site/leland/auth/logs/%M/%d/%m.%n
set stats   = /afs/ir/site/leland/stats/%M/%d/%m.%n

# Each set of logs to rotate is placed in a block.  The block just serves
# to group together information about a single log.  This block rotates
# two syslog log files, plus the systemstats log file (which doesn't
# actually require notifying any daemon, so it could be in a block by
# itself) sending SIGHUP to the process whose PID is stored in
# /etc/syslog.pid after the logs are rotated.  A copy is saved into AFS,
# and a second copy (up to fifteen of them) is saved on local disk, just
# in case.
syslog {
    restart: hup /etc/syslog.pid

    #    name         location  owner  group  permissions
    #    -----------  --------  -----  -----  -----------
    log: auth         logdir    root   0      644
    log: syslog       logdir    root   0      644
    log: systemstats  logdir    root   0      644

    #        name         archive  count
    #        -----------  -------  -----
    archive: auth         archive      0
    archive: auth         save        15
    archive: syslog       archive      0
    archive: syslog       save        15
    archive: systemstats  stats        0
    archive: systemstats  save         1

    # Also run syslog-filter on the rotated syslog, passing it the
    # appropriate configuration file.
    analyze: syslog /usr/local/bin/syslog-filter /usr/local/etc/filter-auth

    # More logs could be listed here in the same format.
}

# This block rotates out an AFS authentication log, which requires that
# the server be stopped before the rotation and then restarted
# afterwards.
afs {
    stop:    run /usr/afs/bin/bos shutdown %m -inst kaserver -localauth -wait
    restart: run /usr/afs/bin/bos restart  %m -inst kaserver -localauth

    #    name     location  owner  group  permissions
    #    -------  --------  -----  -----  -----------
    log: AuthLog  afsdir    root   0      644

    #        name     archive  count
    #        -------  -------  -----
    archive: AuthLog  authlog      0
    archive: AuthLog  saveafs      1

    # Strip out all of the uninteresting portions of the AuthLog before
    # archiving it.
    filter:  AuthLog  /usr/local/sbin/filter-authlog
}
