Get updates via: rss | twitter | email

Logrotate

Written by
Date: 2020-03-31 13:15:00 00:00

Introduction

As a Linux sysadmin, you know that logs are part of the tools you have to solve problems, when there an error in the server, the only way to know what is happening are the logs.

As important as they are, you need to keep copies of them on your server, but not for ever, you have to decide how much information you need and keep the esential logs, and discard the rest, now, this should be done automatically. Here is where logrotate comes into play, logrotate keeps your log files in disk only for the days, months or whatever time you decide, and delete older log files.

Logrotate is a unix-like utility that manage the log files created by other processes, it can compress old log files, delete older ones, and create the empty new ones when rotating them.

Configuration

As with most Linux tools, the configuration file is at /etc/ folder, the specific file is /etc/logrotate.conf

Configuration options

The most used options in logrotate configuration file are:

size

Size is used to specify the threshold at which the log file will be rotated, when logrotate is run, it will the size of the file, and if is equal or greater than specified size it will be rotated. It can us k, M, or G to set the size.

size 100M

Will set the threshold to 100 Mbytes

daily, weekly, monthly

These options (only one can be used at a time), defines when the log file will be rotated, it is used instead of size, so, no matter the size the log file will be rotated once a day, a week, or a month.

weekly

Will rotate logs weekly

rotate

This is used together with a number that specifies the number of copies to be held on disk, so each time logrotate is run, the oldest copy is deleted, a new one is created and all others are rotated to the new position.

rotate 4

Will keep four copies of the log files on disk

compress

Compress the log files with gzip command

compress

create

Creates the new lof file with specified permissions and group and owner

create 0644 www-data www-data

Creates the log file owned by www-data and with 0644 permissions.

postrotate

All commands between postrotate and endscript will be executed after rotation.

postrotate 
   some commands
endscript

prerotate

All commands between prerotate and endscrip will be executed befor rotation.

prerotate
   some commands
endscript

missingok

Will instruct logrotate to not write an error if the log file is missing

notifempty

Do not rotate the file if it is empty, this is to be used when instead of size you use daily, weekly or monthly.

delaycompress

When some program cannot be told to immediately close it's logfile it delays the compression process

sharedscripts

This options indicates that there are different instances for the same server, Apache in this case, I have the same commands for different directories, and the options indicates that the postrotate section should be run just once per server, not per directory.

Configuration example

Now that we have some of the most used options let us see some examples:

In Ubuntu logrotate config files are organized in two parts: The main file, and a directory with specific sections for each server that generate log files

The main file is located at: /etc/logrotate.conf and looks like this in Ubuntu:

# General options unless overwritten later
weekly
rotate 4
create
include /etc/logrotate.d # Include all files in this directory, server specific files should be there
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}
/var/log/btmp {
    missingok
    monthly
    create 0660 root utmp
    rotate 1
}

These are the options I have for my Apache server log files, this is my /etc/logrotate.d/apache file.

/var/www/html/garron.me/log/*.log {

daily                     # Rotate the files daily
missingok                 # If there is no log file, is ok
rotate 14                 # Keep two weeks of info before deleting files
compress                  # Compress rotated log files
delaycompress             # Will delay the compress of file to give time to the server (Apache in this case) to stop writting
notifempty                # Will not rotate the log file if there is no data in it
create 640 root adm       # Will create the new file as root and on the adm group with 0640 permissions
sharedscripts             # Will run postrotate section just once, no matter how many times it appears on the config file
postrotate                # Will run the postorate commands, in this case it test if Apache is running reload it the server
            if /etc/init.d/apache2 status > /dev/null ; then \
                /etc/init.d/apache2 reload > /dev/null; \
            fi;
endscript
} If your site gets to few visits, you may change from daily to weekly, or set a size, in that case this might be the example.

/var/www/html/garron.me/log/*.log {

size 100M                 # Rotate once the file size is 100 Mega Bytes or bigger
missingok                 # If there is no log file, is ok
rotate 14                 # Keep 14 files before deleting
compress                  # Compress rotated log files
delaycompress             # Will delay the compress of file to give time to the server (Apache in this case) to stop writting
create 640 root adm       # Will create the new file as root and on the adm group with 0640 permissions
sharedscripts             # Will run postrotate section just once, no matter how many times it appears on the config file
postrotate                # Will run the postorate commands, in this case it test if Apache is running reload it the server
            if /etc/init.d/apache2 status > /dev/null ; then \
                /etc/init.d/apache2 reload > /dev/null; \
            fi;
endscript
}

Configure logrotate to run periodically with cronjob

The final step is to be sure that logrotate will run every day, in Ubuntu you will surely find a logrotate file in the /etc/cron.daily/ directory, and it will contain this data:

#!/bin/sh

# Clean non existent log file entries from status file
cd /var/lib/logrotate
test -e status || touch status
head -1 status > status.clean
sed 's/"//g' status | while read logfile date
do
    [ -e "$logfile" ] && echo "\"$logfile\" $date"	
done >> status.clean
mv status.clean status

test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf

If you need to manuall add logrotate to crontab, you can read this and add this line to cronjob

59 23 * * * /usr/sbin/logrotate /etc/logrotate.conf