FreeKB - Understanding the /etc/logrotate.conf file in Linux
Understanding the /etc/logrotate.conf file in Linux

Home > Search

Logrotate is a service on Linux to rotate log files. Log files typically reside in the /var/log directory. In this example, messages is the current log file, and there are four rotated log files.

[root@server1 ~]# ls /var/log
-rw-------. 1 root root 437120 Apr 13 13:10 messages
-rw-------. 1 root root 383966 Mar 21 13:10 messages-20170321
-rw-------. 1 root root 264099 Mar 27 13:10 messages-20170327
-rw-------. 1 root root 492221 Apr 02 13:10 messages-20170402
-rw-------. 1 root root 679469 Apr 10 13:10 messages-20170410


Use apt-get or yum to install logrotate.

[root@server1 ~]# apt-get install logrotate
[root@server1 ~]# yum install logrotate


The system wide or global log rotation settings are stored in the /etc/logrotate.conf file.

rotate 4
include /etc/logrotate.d
/var/log/wtmp {
  create 0644 root utmp
    minsize 1M
  rotate 1

/var/log/btmp {
  create 0600 root utmp
  rotate 1
  • hourly / daily / weekly / monthly – This means that the log file should be rotated once per hour, daily, weekly, or monthly.
  • rotate 4 – This means that 4 previous backlog files will be retained.
  • dateext - This appends the date to the rotated log files.
  • include /etc/logrotate.d - This tells a package to use /etc/logrotate.d/ for it's custom log rotation file.
  • /var/log/SERVICE_NAME/*log – This is used to designate that the statements in the curly braces apply to the /var/log/SERVICE_NAME/*log files.
  • missingok – This is used for the scenario where the log file is missing.  If the log file is missing, we go to the next one, and an error message is not issued.
  • create 0644 root root – This is used to create a new log file after the old log file is rotated.  The syntax of this statement is <create> <mode> <owner> <group>.


If you have a service on your system that you want to use custom settings rather than the default system wide setting, you can create a file in the /etc/logrotate.d/ directory and then add custom logrotate settings to the file. The custom logrotate file will take precedence over the system wide /etc/logrotate.conf file. By default, the installation of some services will automatically include a custom logrotate file in the /etc/logrotate.d/ directory. In this example, there is a custom logrotate file for apache and mariadb.

[root@server1 ~]# ls -l /etc/logrotate.d/
-rw-r--r--.  1  root  root  178  Nov 16 2016  apache
-rw-r--r--.  1  root  root  178  Nov 16 2016  mariadb


When viewing the content of one of the files in the /etc/logrotate.d/ directory, you should see a format similar to the below.

/var/log/SERVICE_NAME/*log {
  create 0644
  rotate 10
    /bin/kill -USR1 `cat /run/ 2>/dev/null` 2>/dev/null || true
  • notifyempty – This is used to not rotate the log file if the log file is empty.  This also overrides the ifempty option.
  • compress – This is used to compress the log file.  By default, gzip compression is used.
  • sharedscripts – This works in conjunction with the postrotate and endscript options. This means that the postrotate script will only be run once after the old log files have been compressed.  This is helpful so that the postrotate does not run for each log which is rotated.
  • postrotate – This work in conjunction with the sharedscripts and endscript options.  This flags the beginning of the postrotate/endscript section.  This is used to tell logrotate what to do with log files that have been rotated, but have not yet been compressed.  This works in conjunction with the next line that starts with /bin/kill.  The next command is what is done with the files that have been rotated but not yet compressed.  The next command is executed using /bin/sh.
  • /bin/kill –USR1 `cat /run/ 2>/dev/null` 2>/dev/null || true – This is the command that is executed on the postrotate files.  It basically kills the PID of the service.
  • endscript – This work in conjunction with the sharedscripts and postrotate options.  This flags the end of the postrotate/endscript section.


Manually run log rotate immediately

The logrotate command with the -f or --force option can be used to manually run a log rotation immediately. In this example, the Apache log file is rotated immediately.

[root@server1 ~]# logrotate -f /etc/logrotate.d/apache



The logrotate command with the -d or --debug option can be used to debug issues with logrorate. In this example, cups is debugged.

[root@server1 ~]# logrotate -d /etc/logrotate.d/cups


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.