Setup logrotate to rotate your logs

From Brian Nelson Ramblings
Jump to: navigation, search

Use logrotate to Manage Log Fiiles

logrotate is a tool for managing log files created by system processes. This tool automatically compresses and removes logs to maximize the convenience of logs and conserve system resources, and allows users extensive control over how log rotation is processed.

Running Log Rotate

Running logrotate as a cronjob ensures that logs will be rotated regularly as configured. Logs will only be rotated when logrotate runs, regardless of configuration. For example, if you configure logrotate to rotate logs every day but logrotate only runs every week, the logs will only be rotated every week.

For most daemon processes, logs should be rotated by the root user. In most cases, logrotate is invoked from a script in the /etc/cron.daily/ directory. If one does not exist, create a script that resembles the following in the /etc/cron.daily/ folder:

File: /etc/cron.daily/logrotate

#!/bin/sh
logrotate /etc/logrotate.conf

You may also use an entry in the root user's crontab.

Understanding logrotate.conf

The configuration file for log rotation begins with a number global directives that control how log rotation is applied globally. Most configuration of log rotation does not occur in the /etc/logrotate.conf file, but rather in files located in the /etc/logrotate.d directory. Every daemon process or log file will have its own file for configuration in this directory. The /etc/logrotate.d configurations are loaded with the following directive in logrotate.conf

File: logrotate.conf

include /etc/logrotate.d

Configuration settings for rotation of specific logs is instantiated in a block structure:

File: logrotate.conf

   /var/log/mail.log {
   weekly
   rotate 5
   compress
   compresscmd xz
   create 0644 postfix postfix
}

The size and rotation of /var/log/mail.log is managed according to the directives instantiated between the braces. The above configuration rotates logs every week, saves the last five rotated logs, compresses all of the old log files with the xz compression tool, and recreates the log files with permissions of 0644` and postfix as the user and group owner. These specific configuration options override global configuration options which are described below.

Configure Log Rotation

File: logrotate configuration

rotate 4

The rotate directive controls how many times a log is rotated before old logs are removed. If you specify a rotation number of 0, logs will be removed immediately after they are rotated. If you specify an email address using the mail directive as file, logs are emailed and removed.

File: logrotate configuration

mail brian@briansnelson.com

Your system will need a functioning MTA to be able to send email.

Configure Rotation Intervals

To rotate logs every week, set the following configuration directive:

File: logrotate configuration

weekly

When weekly is set, logs are rotated if the current week day is lower than the week day of the last rotation (i.e. Monday is less than Friday) or if the last rotation occurred more than a week before the present.

To configure monthly log rotation, use the following directive:

File: logrotate configuration

monthly

Logs with this value set will rotate every month on the first day of the month that logrotate runs, which is often the first day of the month.

For annual rotation:

File: logrotate configuration

yearly

Logs are rotated when the current year differs from the date of the last rotation.

To rotate based on size, use the following directive:

File excerpt:logrotate configuration

size [value]

The size directive forces log rotation when a log file grows bigger than the specified [value]. By default, [value] is assumed to be in bytes. Append a k to [value] to specify a size in kilobytes, or use M or G for megabytes or gigabytes.

Configure Log Compression

File: logrotate configuration

compress

The compress directive compresses all logs after they have been rotated. If this directive is placed in the global configuration, all logs will be compressed. If you want to disable a globally enabled compression directive for a specific log, use the nocompress directive.

File: logrotate configuration

compresscmd xz

By default, logrotate compresses files using the gzip command. You can replace this with another compression tool such as bzip2 or xz as an argument to the compresscmd directive.

Delay Log File Compression

File: logrotate configuration

delaycompress

In some situations it is not ideal to compress a log file immediately after rotation when the log file needs additional processing. The delaycompress directive above postpones the compression one rotation cycle.

Maintain Log File Extension

In typical operation, logrotate will append a number to a file name so the access.log file would be rotated to access.log.1. To ensure that an extension is maintained, use the following directive.

File: logrotate configuration

extension log

This ensures that access.log will be rotated to access.1.log. If you enable compression, the compressed log will be located at access.1.log.gz.

Control Log File Permissions

If your daemon process requires that a log file exist to function properly, logrotate may interfere when it rotates logs. As a result, it is possible to have logrotate create new empty log files after rotation. Consider the following example:

File: logrotate configuration

create 640 www-data users

In this example, a blank file is created with the permissions 640 (owner read/write, group read, other none) owned by the user www-data and in the users group. This directive specifies options in the form: "create [mode(octal)] [owner] [group]".