Logrotate is a service on Linux to rotate log files. For example, let's say you have a log file named "foo.log" and you want Linux to automatically rotate the log file when the log file reaches 100 MB. First, use apt-get or yum to determine if logrotate is installed on your system.
apt-get info logrotate
yum info logrotate
if logrotate is not installed on your system, you can use apt-get or yum to install logrotate.
apt-get install logrotate
yum install logrotate
Once installed, create a file that will control how the "foo.log" file gets rotated.
Add the following markup in the /etc/logrotate.d/foo file. What this does is to tell logrotate to rotate foo.log once the log reaches 100 MB, and to keep 10 rotated log files, and to create a new log file. Be aware that this is a very simplified example, just so that you can understand how logrotate works. A real configuration file will always have more than this.
create 0644 root root
Now, once foo.log reaches 100 MB, logrotate will rotate foo.log. To test things out, you can use the -f or --force option to manually run a log rotation immediately. In this example, foo.log file is rotated immediately.
logrotate --force /etc/logrotate.d/foo
In this example, the rotate log file is foo.log.1.
[root@server1 ~]# ls /var/log
-rw-r--r--. 1 root root 0 Apr 13 13:10 foo.log
-rw-r--r--. 1 root root 383966 Mar 21 13:10 foo.log.1
The global log rotation settings are in the /etc/logrotate.conf file. The custom logrotate file will take precedence over the system wide /etc/logrotate.conf file.
Following are common options used with logrotate.
- hourly / daily / weekly / monthly – This means that the log file should be rotated once per hour, daily, weekly, or monthly.
- rotate 4 – This means that 4 previous rotated log files will be retained.
- dateext - This appends the date to the rotated log files.
- include /etc/logrotate.d - This tells a package to use /etc/logrotate.d/ for it's custom log rotation file.
- /var/log/SERVICE_NAME/*log – This is used to designate that the statements in the curly braces apply to the /var/log/SERVICE_NAME/*log files.
- missingok – This is used for the scenario where the log file is missing. If the log file is missing, we go to the next one, and an error message is not issued.
- create 0644 root root – This is used to create a new log file after the old log file is rotated. The syntax of this statement is <create> <mode> <owner> <group>.
- notifyempty – This is used to not rotate the log file if the log file is empty. This also overrides the ifempty option.
- compress – This is used to compress the log file. By default, gzip compression is used.
- sharedscripts – This works in conjunction with the postrotate and endscript options. This means that the postrotate script will only be run once after the old log files have been compressed. This is helpful so that the postrotate does not run for each log which is rotated.
- postrotate – This work in conjunction with the sharedscripts and endscript options. This flags the beginning of the postrotate/endscript section. This is used to tell logrotate what to do with log files that have been rotated, but have not yet been compressed. This works in conjunction with the next line that starts with /bin/kill. The next command is what is done with the files that have been rotated but not yet compressed. The next command is executed using /bin/sh.
- endscript – This work in conjunction with the sharedscripts and postrotate options. This flags the end of the postrotate/endscript section.