How To Rotate Log Files In Linux?

Logs are created by different services like HTTP, FTP, ssh, etc. What do we with these logs? May be nothing but when the times came it will be important to get detailed information about the error, security event etc from log files. Logs are created all times and always grows up. How can we handle to prevent these logs files to fill our disks? Here came the rotate operation or daemon. We can rotate and compress our logs file easily with a simple configuration. Also, information about rotated logs can be emailed to specified recipient.

Default Configuration File

Logrotate default configuration file resides /etc/logrotate.conf . Below is default  configuration details

# see "man logrotate" for details 
# rotate log files weekly 
weekly 
 
# keep 4 weeks worth of backlogs 
rotate 4 
 
# create new (empty) log files after rotating old ones 
create 
 
# use date as a suffix of the rotated file 
dateext 
 
# uncomment this if you want your log files compressed 
#compress 
 
# RPM packages drop log rotation information into this directory 
include /etc/logrotate.d 
 
# no packages own wtmp and btmp -- we'll rotate them here 
/var/log/wtmp { 
    monthly 
    create 0664 root utmp 
        minsize 1M 
    rotate 1 
} 
 
/var/log/btmp { 
    missingok 
    monthly 
    create 0600 root utmp 
    rotate 1 
} 
 
# system-specific logs may be also be configured here.

There are explanations about configuration directives.

Default Configuration File
Default Configuration File

Enable Compression For Rotated Files

Rotating log files create new log file and old files can be compressed to gain disk space like below.

compress

Uncomment compress line or add a new line

Change BackLog

How much time we will store old logs? We can set it with count like below.

rotate 4

This will rotate or save log files for 4 weeks if rotation is done weekly. If rotation is done daily it will hold old logs for 4 days.

Specify New Rotate Configuration

We can create a new and different rotate configuration for different logs. New rotate configuration is hold in /etc/logrotate.d/

$ ls /etc/logrotate.d/ 
chrony  glusterfs  iscsiuiolog  libvirtd.qemu  numad  psacct  sssd    wpa_supplicant 
cups    httpd      libvirtd     mariadb        ppp    samba   syslog  yum

As we see there is a lot of logrotate configuration for different logs like samba, httpd, etc.

Leave a Comment