The logrotate
tool allows you to rotate the logs that are generated by applications and scripts
It keeps your log directories clutter-free and minimizes disk usage when correctly configured.
The logrotate
tool is installed by default, but I will include the installation instructions here for completeness. This recipe will show you how to rotate logs for rsyslog
. We will rotate the logs everyday, add an extension based on the date, compress them with a one-day delay, and keep them for 365 days. Perform the following steps:
logrotate
, perform the following command:~]# yum install -y logrotate
~]# systemctl restart crond
/etc/logrotate.d/syslog
with your favorite editor. The contents of this file are the following, by default:/var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler { sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript }
/var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler { compress daily delaycompress dateext missingok rotate 365 sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript }
The logrotate
tool is a script that is launched by cron everyday.
The directives added to the default logrotate
definition are compress
, daily
, delaycompress
, dateext
, missingok
, and rotate
.
The compress
directive compresses old versions of the log files with gzip. This behavior is somewhat changed by specifying delaycompress
. This causes us to always have the most recently rotated log file available uncompressed.
The daily
directive makes logrotate
execute the definition every day. The rotate
directive only keeps x
rotated log files before deleting the oldest. In this case, we have specified this to be 365, which means that while rotating daily, the logs are kept for 365 days.
The missingok
directive makes it alright for syslog
to not create a file, which, however unlikely, is possible.
The dateext
directive appends a date to the rotated file in the form of yyyymmdd
instead of a number, which is the default.
The /etc/logrotate.conf
file contains the defaults directives for all definitions. If you don't specifically use a directive within a definition for a file, the values in this file will be used if specified.
It would make sense to change the settings in this file so that all the definitions are affected, but this is not practical; not all log files are made equal. The syslog
service generates a lot of messages, and it would probably clutter up your system before long. However, yum, for instance, doesn't generate a lot of messages, and it keeps this log file readable for much longer than your syslog
files. This, by the way, is reflected in the definition for yum.
If you want to debug your new configuration, this can be achieved by executing the following to test just one configuration:
~# /usr/sbin/logrotate -v /etc/logrotate.d/<config file>
Alternatively, you can use the following to test everything:
~]# /usr/sbin/logrotate -v /etc/logrotate.conf
Here's an example:
~]# /usr/sbin/logrotate -v /etc/logrotate.d/syslog reading config file /etc/logrotate.d/syslog Handling 1 logs rotating pattern: /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler 1048576 bytes (no old logs will be kept) empty log files are rotated, old logs are removed considering log /var/log/cron log does not need rotating considering log /var/log/maillog log does not need rotating considering log /var/log/messages log does not need rotating considering log /var/log/secure log does not need rotating considering log /var/log/spooler log does not need rotating not running postrotate script, since no logs were rotated ~]#