Manage Log Rotation Using Logrotate in Linux
Posted on May 14th, 2019
As we know a system will generate several logs, the administration of such files can be greatly simplified and sorted using logrotate. Logrotate is designed to simplify the administration of systems that generate a large number of log files. This allows automatic rotation, compression, removal, and mailing of log files which is generated on the system. Each log file can be handled daily, weekly, monthly, or when it grows too large, according to the administrators wish. Normally, logrotate is run as a daily cron job.
As we know the log location directories in a Linux system is /var/log. According to the Filesystem Hierarchy Standard, most of the services running in the system are written to a file inside the /var/log directory or one of its subdirectories.
Such files are known as logs or log files and are the key to examining how the system is operating. Logs are also the first source of information where administrators and engineers look into while troubleshooting an issue. An example of the /var/log/ directory is listed below.
[root@log]#ll /var/log
-rw-r–r–. 1 root root 0 May 14 03:24 boot.log
-rw-r–r– 1 root root 0 May 8 03:33 boot.log-20180508
-rw-r–r– 1 root root 0 May 9 03:18 boot.log-20180509
-rw-r—– 1 mailnull mail 106764527 May 7 03:39 exim_mainlog-20180507.gz
-rw-r—– 1 mailnull mail 108881409 May 13 03:15 exim_mainlog-20180513.gz
-rw-r—– 1 mailnull mail 121790261 May 20 03:18 exim_mainlog-20180520.gz
-rw-r—– 1 mailnull mail 128447966 May 27 03:34 exim_mainlog-20180527.gz
If logs were kept forever in the system, it might eventually end up filling the filesystem where /var/log resides. In order to prevent that, the system administrator can use a nice utility called logrotate to clean up the logs on the system on a periodic basis.
In few words, logrotate will rename or compress the main log file when a condition is met (more about that in a minute) so that the next event occurs it is recorded on an empty log file.
In addition to this, it will remove “old” log files and will keep the most recent log files.
Installing Logrotate in Linux
1) Install logrotate using default package manager.
# yum install logrotate -y
2) The configuration file is located at /etc/logrotate.conf. Let’s insert the following contents into the configuration file to set the log rotate.
#vi /etc/logrotate.d/apache2.conf
/var/log/apache2/* {
weekly
rotate 3
size 10M
compress
delaycompress
}
The first line indicates that the directives inside the block apply to all logs files inside /var/log/apache2: The second line indicates it will attempt to rotate the log files on a weekly basis. Other possible values are daily and monthly. The third line indicates that only 3 rotated logs should be kept. Thus, the oldest file will be removed on the fourth subsequent run. The fourth line indicates that the minimum size for the rotation to take place to 10M. In other words, each log will not be rotated until it reaches 10MB. The fifth line indicates the type of the format which the log files have to be. compress and delaycompress are used to tell that all rotated logs, with the exception of the most recent one, should be compressed.
3) To see what logrotate is actually executing by running the following command.
# logrotate -d /etc/logrotate.d/apache2.conf
If you need any further help, please do reach our support department.