views:

2115

answers:

8

I have a process that's writing a lot of data to stdout, which I'm redirecting to a log file. I'd like to limit the size of the file by occasionally copying the current file to a new name and truncating it.

My usual techniques of truncating a file, like

cp /dev/null file

don't work, presumably because the process is using it.

Is there some way I can truncate the file? Or delete it and somehow associate the process' stdout with a new file?

FWIW, it's a third party product that I can't modify to change its logging model.

EDIT redirecting over the file seems to have the same issue as the copy above - the file returns to its previous size next time it's written to:

ls -l sample.log ; echo > sample.log ; ls -l sample.log ; sleep 10 ; ls -l sample.log
-rw-rw-r-- 1 user group 1291999 Jun 11  2009 sample.log
-rw-rw-r-- 1 user group 1 Jun 11  2009 sample.log
-rw-rw-r-- 1 user group 1292311 Jun 11  2009 sample.log
A: 

Try > file.


Update regarding the comments: it works nicely for me:

robert@rm:~> echo "content" > test-file
robert@rm:~> cat test-file 
content
robert@rm:~> > test-file
robert@rm:~> cat test-file
Robert Munteanu
I'd appreciate knowing why I got downvoted.
Robert Munteanu
Redirecting over the file doesn't seem to work - it has the same problem as the "cp /dev/null file" I mentioned in the question. It seems to work, but the next time the file's written to it reverts to its previous size.On my flavour of linux that particular command returns "Invalid null command."; not sure if you were suggesting "[something] > file", rather than just "> file".
Hobo
I mean exactly '> file', perhaps it's a bash-specific command. The file reverting is quite strage though.
Robert Munteanu
I've seen this behaviour too. It almost seems like the file pointer is being changed to a new empty file. But the running process has a handle on the old file. When it writes it changes the file pointer back to the old file.
Casey Watson
+4  A: 

Take a look at the utility split(1), part of GNU Coreutils.

Michiel Buddingh'
Excellent - thanks. Looks like the best option for what I want to do.
Hobo
It seems odd that this is the chosen solution. It does nothing to reduce the size of the file; all it does is give you copies of the sections of the file as well as the original.
Jonathan Leffler
Yeah, this does what I need, rather than what I asked. I'll redirect via split, rather than directly to the log file, which will limit the size of the individual log files.
Hobo
+2  A: 

as the file is being used, if you try to nullify it or something like that, sometimes it might "confuse" the app that's writing into the log file and it might not log anything after that.

What I'd try ot do is to set up a kind of proxy/filter for that log, instead of redirecting to file, redirect to a process or something that would get input and write to a rolling file.

Maybe it can be done by script otherwise you could write a simple app for that ( java or something else ). The impact on app performance should be quite small, but you'll have to run some tests.

Btw, your app, is it a stand-alone, web app, ... ? Maybe there are other options to be investigated.

Edit: there's also an Append Redirection Operator >> that I've personally never used, but it might not lock the file.

Billy
Cheers. Yeah, I think that's the approach I'm going to take. I'll use Michiel's suggestion of using split. I hadn't realised it worked on stdin as well as files (which I shoudl have).
Hobo
+2  A: 

Did you check the behavior of any signals like SIGHUP to the third party product, to see if it will start logging a fresh file? You would move the old file to a permanent name, first.

kill -HUP [process-id]

And then it would start writing out again.

Alternatively (as Billy suggested) maybe redirecting the output from the application to a logging program like multilog or the one that is commonly used with Apache, known as cronolog. Then you'll have more fine grained control of where everything goes before it is written to that initial file descriptor (file), which is really all it is.

Vex
I don't think I want to restart the process (it's pretty slow to come up, and that'd affect our users), but cheers for teaching me about kill -HUP - i wasn't aware of it.
Hobo
multilog looks great, thanks for the tip !
Billy
@Hobo: Just to clarify, for daemons which recognize HUP, 'kill -HUP' tells them to reread their configuration and/or close and reopen any files they're using. It does not restart the process. (If the daemon doesn't trap the HUP, then, yeah, it'll die normally...)
Dave Sherohman
Cheers Dave. I really need to read the man pages more closely...
Hobo
+2  A: 
Arthur Ulfeldt
You probably need LD_PRELOAD rather than LD_LIBRARY_PATH. I think you're on the right track with your explanation, though the details are a little woolly - see my explanation (which can probably have the same accusation lobbed at it).
Jonathan Leffler
Thanks for clarifying why it's happening. I figured it was something like that, but good to have it confirmed.I think intercepting system calls is more than I'd like to do in this case, but thanks for another alternative.
Hobo
+4  A: 

The interesting thing about those regrown files is that the first 128 KB or so will be all zeroes after you truncate the file by copying /dev/null over it. This happens because the file is truncated to zero length, but the file descriptor in the application still points immediately after its last write. When it writes again, the file system treats the start of the file as all zero bytes - without actually writing the zeroes to disk.

Ideally, you should ask the vendor of the application to open the log file with the O_APPEND flag. This means that after you truncate the file, the next write will implicitly seek to the end of the file (meaning back to offset zero) and then write the new information.


This code rigs standard output so it is in O_APPEND mode and then invokes the command given by its arguments (rather like nice runs a command after adjusting its nice-level, or nohup runs a command after fixing things so it ignores SIGHUP).

#include <stdlib.h>
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>

static char *arg0 = "<unknown>";

static void error(const char *fmt, ...)
{
    va_list args;
    int errnum = errno;
    fprintf(stderr, "%s: ", arg0);
    va_start(args, fmt);
    vfprintf(stderr, fmt, args);
    va_end(args);
    if (errnum != 0)
        fprintf(stderr, " (%d: %s)", errnum, strerror(errnum));
    putc('\n', stderr);
    fflush(0);
    exit(1);
}

int main(int argc, char **argv)
{
    int attr;
    arg0 = argv[0];

    if (argc < 2)
        error("Usage: %s cmd [arg ...]", arg0);
    if ((attr = fcntl(1, F_GETFL, &attr)) < 0)
        error("fcntl(F_GETFL) failed");
    attr |= O_APPEND;
    if (fcntl(1, F_SETFL, attr) != 0)
        error("fcntl(F_SETFL) failed");
    execvp(argv[1], &argv[1]);
    error("failed to exec %s", argv[1]);
    return(1);
}

My testing of it was somewhat casual, but just barely enough to persuade me that it worked.


@Billy notes that '>>' is the append operator - and indeed, on Solaris 10, bash (version 3.00.16(1)) does use the O_APPEND flag - thereby making the code above unnecessary, as shown ('Black JL:' is my prompt on this machine):

Black JL: truss -o bash.truss bash -c "echo Hi >> x3.29"
Black JL: grep open bash.truss
open("/var/ld/ld.config", O_RDONLY)             Err#2 ENOENT
open("/usr/lib/libcurses.so.1", O_RDONLY)       = 3
open("/usr/lib/libsocket.so.1", O_RDONLY)       = 3
open("/usr/lib/libnsl.so.1", O_RDONLY)          = 3
open("/usr/lib/libdl.so.1", O_RDONLY)           = 3
open("/usr/lib/libc.so.1", O_RDONLY)            = 3
open("/platform/SUNW,Ultra-4/lib/libc_psr.so.1", O_RDONLY) = 3
open64("/dev/tty", O_RDWR|O_NONBLOCK)           = 3
stat64("/usr/openssl/v0.9.8e/bin/bash", 0xFFBFF2A8) Err#2 ENOENT
open64("x3.29", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3
Black JL:

Use append redirection rather than the wrapper ('cantrip') code above. This just goes to show that when you use one particular technique for other (valid) purposes, adapting it to yet another is not necessarily the simplest mechanism - even though it works.

Jonathan Leffler
The log file's being created by me, by redirecting stdout. Any way to do the equivalent of O_APPEND on a file created by a simple redirect?
Hobo
@Hobo: succinctly - no. Or, at least, very unlikely. If you were able to start the program under a debugger, you might be able to make a fcntl() system call to add the O_APPEND attribute to standard output, but otherwise, you are stuck, I think. Well, let's think...you could write a wrapper around the other application...that does the fcntl() - and maybe the redirect too - and then runs the 3rd Party Program. Give me a while to look at that properly...
Jonathan Leffler
Wow. Cheers for taking the time to write that. I think it's more than I'd like to do at this stage - I think I'll stick with split - but I really appreciate you taking the time. Just a pity I can't vote more than once for your answer ;-)
Hobo
@Hobo - it wasn't a problem; it was mostly recycling previously used fragments (though adjusting the flags with the two calls to fcntl() was new). You can see it took me 25 minutes to assemble - not long.
Jonathan Leffler
@Hobo: Just redirect the standard output with >> instead of >, as noted in @Billy's answer.
CesarB
A: 

instead of redirecting it to a file you could pipe it to a program that automatically rotates the file by closing it, moving it and opening a new one every time it gets too big.

Arthur Ulfeldt
A: 

As of coreutils 7.0, there is a truncate command.

Peter Eisentraut
Is that a command-line option? Or a C function? The man pages seem to imply the latter. Not that I'm averse to writing a wrapper, just for my understanding.
Hobo
There has always (for some value of always) been a C function truncate(). As of coreutils 7.0, there is also a program truncate, which presumably wraps the C function.
Peter Eisentraut