Bootstrap FreeKB - Linux Files - Understanding the /etc/logrotate.conf file
Linux Files - Understanding the /etc/logrotate.conf file

Updated:   |  Linux Files articles

Logrotate is a service on Linux to rotate log files. For example, let's say you have a log file named "foo.log" and you want to rotate the log file when the log file reaches 100 MB.

On a Debian distribution (Debian, Mint, Ubuntu) the apt-get info command can be used to determine if the logrotate service is installed. On a Red Hat distribution (CentOS, Fedora, Red Hat), the dnf info or yum info command can be used.

dnf info logrotate

 

If logrotate is not installed on your system, apt-get, dnf or yum can used to install the logrotate service.

dnf install logrotate

 

While it is entirely possible to define log rotation settings in the /etc/logrotate.conf file, this is not recommended. Instead, files below the /etc/logrotate.d directory are used to determine how log files are rotated.

For example, let's say the /etc/logrotate.d/foo file contains the following. What this does is to tell logrotate to rotate foo.log once the log reaches 100 MB, and to keep 10 rotated log files, and to create a new log file. Be aware that this is a very simplified example, just so that you can understand how logrotate works. A real configuration file will always have more than this. 

/var/log/foo.log {
  size 100M
  rotate 10
  create 0644 root root
}

 

To test things out, the logrotate command with the -d or --debug flag can be used.

logrotate --debug /etc/logrotate.d/foo

 

Something like this should be returned.

reading config file /etc/logrotate.d/foo
reading config info for /var/log/foo.log 

Handling 1 logs

rotating pattern: /var/log/foo.log  after 100M (10 rotations)

 

You can then use the -f or --force option to manually run a log rotation immediately. In this example, foo.log file is rotated immediately.

logrotate --force /etc/logrotate.d/foo

 

In this example, the rotate log file is foo.log.1.

[root@server1 ~]# ls /var/log
-rw-r--r--. 1 root root      0 Apr 13 13:10 foo.log
-rw-r--r--. 1 root root 383966 Mar 21 13:10 foo.log.1

 

A single log rotation file can be used to rotate multiple different log files. For example, the /etc/logrotate.d/syslog file on a Red Hat distribution commonly has the following.

  • sharedscripts – This is used so that the postrotate script will only be run once after the log files have been compressed so that postrotate does not run for each log which was rotated.
  • postrotate – This is used to run a command. In this example, the /bin/kill command is run. In this example, the /bin/kill command is using the -HUP flag is used to issue the kill command with the hang up signal to the PIDs listed in the /var/run/syslogd.pid file. The hang up signal tells the processes to restart. This is used so that the services using the log files, such as cron in this example, are restarted so that the services start using the newly rotated log file.
  • endscript – This flags the end of postrotate.
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
    sharedscripts
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

 

Following are common options used with logrotate.

  • hourly / daily / weekly / monthly – This means that the log file should be rotated once per hour, daily, weekly, or monthly.
  • rotate 4 – This means that 4 previous rotated log files will be retained.
  • dateext - This appends the date to the rotated log files.
  • include /etc/logrotate.d - This tells a package to use /etc/logrotate.d/ for it's custom log rotation file.
  • /var/log/SERVICE_NAME/*log – This is used to designate that the statements in the curly braces apply to the /var/log/SERVICE_NAME/*log files.
  • missingok – This is used for the scenario where the log file is missing.  If the log file is missing, we go to the next one, and an error message is not issued.
  • create 0644 root root – This is used to create a new log file after the old log file is rotated.  The syntax of this statement is <create> <mode> <owner> <group>.
  • notifyempty – This is used to not rotate the log file if the log file is empty.  This also overrides the ifempty option.
  • compress – This is used to compress the log file.  By default, gzip compression is used.

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 3df8a5 in the box below so that we can be sure you are a human.