Logs are created by different services like HTTP, ftp, ssh etc. What do we with these logs? May be nothing but when the times came it will be important to get detailed information about error, security event etc from log files. Logs are created all times and always grows up. How can we handle to prevent these logs files to fill our disks. Here came the rotate operation or daemon. We can rotate and compress our logs file easily with simple configuration. Also information about rotated logs can be emailed to specified recipient.
Default Configuration File
Logrotate default configuration file resides /etc/logrotate.conf . Below is default configuration details
# see "man logrotate" for details
# rotate log files weekly
# keep 4 weeks worth of backlogs
# create new (empty) log files after rotating old ones
# use date as a suffix of the rotated file
# uncomment this if you want your log files compressed
# RPM packages drop log rotation information into this directory
# no packages own wtmp and btmp -- we'll rotate them here
create 0664 root utmp
create 0600 root utmp
# system-specific logs may be also be configured here.
There are explanations about configuration directives.
Enable Compression For Rotated Files
Rotating log files create new log file and old files can be compressed to gain disk space like below.
Uncomment compress line or add new line
How much time we will store old logs? We can set it with count like below.
This will rotate or save log files for 4 week if rotation is done weekly. If rotation is done daily it will hold old logs for 4 days.
Specify New Rotate Configuration
We can create new and different rotate configuration for different logs. New rotate configuration is hold in /etc/logrotate.d/
$ ls /etc/logrotate.d/
chrony glusterfs iscsiuiolog libvirtd.qemu numad psacct sssd wpa_supplicant
cups httpd libvirtd mariadb ppp samba syslog yum
As we see there are a lot of logrotate configuration for different logs like samba, httpd etc.