An introduction to periodic(8)

This post provides an introduction to the periodic(8) utility on FreeBSD and explains how it can be configured to redirect its output to either a user or to a file.

Background

The periodic(8) utility is run regularly via /etc/crontab – it is responsible for running a set of scripts that perform system mainenance tasks. The periodic(8) utility groups the scripts into three categories: daily, weekly, and monthly scripts. These scripts are executed by calling periodic daily, periodic weekly, and periodic monthly respectively.

The scripts that are executed can be found in the /etc/periodic/(daily|weekly|monthly) directories. An additional set of scripts are executed via the periodic security command and they can be found in the /etc/periodic/security directory.

By default the daily, weekly and monthly commands indirectly run security-related scripts by calling periodic security. The output of the scripts are sent as mail to root but this can be configured to another user or to an absolute path.

Redirect output to user

We can configure periodic(8) through the /etc/periodic.conf file, and we can define variables that control where the output of the daily, weekly, and monthly scripts are sent. By default the output is sent to the root user, but let's change that to a separate user account called periodic (this account would have to be created first):

daily_output="periodic"
weekly_output="periodic"
monthly_output="periodic"

The daily, weekly, and monthly commands run the security scripts via /etc/periodic/(daily|weekly|monthly)/450.status-security but the output of the security scripts is controlled by a separate set of variables that should also be updated:

daily_status_security_output="periodic"
weekly_status_security_output="periodic"
monthly_status_security_output="periodic"

Redirect output to file

An alternative to mailing output to one or more users is to send the output to a file. This can be done by setting the (daily|weekly|monthly)_output variables to an absolute path. This approach avoids sending mail to a user and instead writes the output to a file:

daily_output="/var/log/daily.log"
weekly_output="/var/log/weekly.log"
monthly_output="/var/log/monthly.log"

Similar to how we can redirect the output of the daily, weekly, and monthly scripts to a file, we can also redirect the output of the security scripts to a file:

daily_status_security_output="/var/log/daily-security.log"
weekly_status_security_output="/var/log/weekly-security.log"
monthly_status_security_output="/var/log/monthly-security.log"

Conclusion

In closing I'd like to suggest a few links for further reading. They cover certain information I wasn't able to include and I highly recommend taking a look: