Logrotate

From Nick's Personal Wiki
Revision as of 03:38, 27 March 2026 by Nick (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

"logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automaticrotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large." - From the logrotate man page(8).

Running Logrotate Manually

To perform a dry-run of a logrotate job: 

sudo logrotate -d /etc/logrotate.d/service

To force a rotation of a logrotate job: 

sudo logrotate -f /etc/logrotate.d/service

It's always good to verify that logrotate worked and that old logs have been rotated/removed by: 

ls -la /var/log/service/


Running Logrotate Automatically/Scheduled (Logrotate.d)

Config Files

Logrotate runs using files located at: 

/etc/logrotate.d/servicename

Apps and services hosted on a system that generate logs will likely have entries in this directory (or they can be created within this directory) to manage the generation/disposal/handling of logs.

You can configure how long files are kept, how many files are kept, if files should be compressed, what to do with files that no longer need to be kept, and much more.


Logrotate.d Arguments / Options

Some examples of the options that can be used in these Logrotate config files are:

When to Rotate Log Files

hourly             # Uncommon, requires additional changes to the cron configuration for logrotate to function hourly
daily 
weekly [weekday]   # Defaults to every Sunday if no [weekday] is provided, where Sunday is 0, Monday is 1, etc
monthly [monthday] # Defaults to the first day of the month if no [monthday] is provided
yearly             # Only runs when the year has changed between rotations
minutes [minutes]  # rotates logs after X minutes
size [size]        # Rotates logs after log file has exceeded ''size'', can use Xk, XM, XG units to provide size

How Long to Retain Log Files

How many versions of log files to keep 

rotate [#]

Compression

Whether the log files should be compressed 

nocompress         # This is default if unspecified
compress

Whether the most recent version should be compressed 

nodelaycompress    # This is default if unspecified, overwrites 'delaycompress'
delaycompress      # Delays compression of most recent log file by 1 cycle

Missing Logs

Whether it's alright that there is NO log file to be rotated 

nomissingok        # Issues an error if log file is missing, this is default if unspecified
missingok          # Does NOT issue an error if log file is missing

Empty Logs

Whether the log should be rotated when the log is present, but it is empty 

ifempty            # Rotates the file even if it is empty, this is the default if not specified, overwrites notifempty
notifempty         # Does NOT rotate the file if it is empty, overwrites ifempty

Creating New Logs

Creating a new log file, with same name as rotated file, for the service to use after the logs have been rotated, with provided octal permissions, owner, and group 

create [###] [OWNER] [GROUP]

Note: Any/All of these arguments can be omitted. Missing arguments will inherit their values from the log files being rotated.

Sharedscripts / Postrotate Scripts

Additional commands can be executed after logrotate has finished rotating logs, and those can be passed via: 

sharedscripts
postrotate
    echo "Hello World! :)" > /Some/File/Location 
endscript

Or more commonly, to restart the service in question 

sharedscripts
postrotate
    /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
endscript

Example Logrotate.d/service File

For an example of what these might look like in practice, a basic logrotate file for Nginx is provided below: 

/var/log/nginx/*.log {
daily                                                                     # Rotates logs daily
rotate 7                                                                  # Keeps 7 versions, in this case 7 days' worth of versions
compress                                                                  # Compresses old versions with Gzip to save space
delaycompress                                                             # Does NOT compress the most recent version / waits 1 cycle (in this case 1 day) before compressing
missingok                                                                 # No error is generated if a log file is missing
notifempty                                                                # Does NOT rotate the log if the log file is empty
create 640 httpd root                                                     # Creates a new log file with the provided permissions, owner, and group
sharedscripts                                                             # Instead of running postrotate script once per file, it runs when all files are finished rotating
postrotate                                                                # Executed after logrotate has finished
    /bin/kill -USR1 'cat /run/nginx.pid 2>/dev/null' 2>/dev/null || true
endscript                                                                 # Marks the end of the postrotate script
}
Retrieved from "https://nlear.xyz/wiki/index.php?title=Logrotate&oldid=213"