Toolbox Aid

August 12th, 2024 10:41 AM Mr. Q Categories: Command

Overview

Log rotation is the process of automatically managing the growth of log files. In Linux, the logrotate utility is commonly used to handle log rotation. It helps to compress, rename, delete, and manage log files, ensuring that they don’t consume excessive disk space and that the system maintains a manageable number of logs.

Key Concepts

1. Log Files

• Log files are records generated by various services and applications on a Linux system. These logs typically reside in the /var/log/ directory.

1. Log Rotation

• The process of renaming or compressing old log files and creating new ones. This keeps log files from growing indefinitely and consuming too much disk space.

1. logrotate

• The logrotate utility automates the process of log rotation. It is configured via the /etc/logrotate.conf file and additional configuration files located in the /etc/logrotate.d/ directory.

Basic Configuration

1. Global Configuration

• The global configuration file for logrotate is /etc/logrotate.conf. It contains default settings that apply to all logs unless overridden by specific configurations.
• Example of /etc/logrotate.conf:
  bash weekly # Rotate logs weekly rotate 4 # Keep 4 weeks' worth of logs create # Create new log files after rotation compress # Compress rotated log files include /etc/logrotate.d # Include additional configurations

1. Per-Application Configuration

• Specific configurations for individual applications are usually stored in /etc/logrotate.d/. Each file in this directory corresponds to a specific application or service.
• Example of a per-application configuration:
  bash /var/log/apache2/*.log { daily rotate 7 compress delaycompress missingok notifempty create 640 root adm sharedscripts postrotate /etc/init.d/apache2 reload > /dev/null endscript }
• Explanation:
  • /var/log/apache2/*.log: Applies rotation to all log files in the specified directory.
  • daily: Rotate logs daily.
  • rotate 7: Keep 7 days’ worth of logs.
  • compress: Compress old log files.
  • delaycompress: Compress the logs one cycle after they are rotated.
  • missingok: Do not issue an error if the log file is missing.
  • notifempty: Do not rotate the log if it is empty.
  • create 640 root adm: Create a new log file with the specified permissions after rotation.
  • sharedscripts: Run post-rotation script only once, not for each log file.
  • postrotate ... endscript: Commands to run after the logs are rotated.

Manual Log Rotation

• You can manually rotate logs using the logrotate command with a specified configuration file:

  sudo logrotate -f /etc/logrotate.conf

• -f: Forces log rotation even if it isn’t necessary according to the log’s rotation criteria.

Important Options in logrotate

• weekly/daily/monthly: Specifies the frequency of log rotation.
• rotate N: Specifies the number of old logs to keep.
• compress/nocompress: Compresses or does not compress rotated logs.
• missingok: Ignores errors if a log file is missing.
• notifempty: Does not rotate empty log files.
• create mode owner group: Creates a new log file with specified permissions.
• sharedscripts: Ensures that scripts run only once after log rotation, even if multiple logs are rotated.

Automating Log Rotation

• Cron Job
• The logrotate utility is typically run daily by a cron job. You can verify this by checking the cron job configuration:
  bash cat /etc/cron.daily/logrotate

Summary

Log rotation is essential for maintaining system performance and disk space by preventing log files from growing too large. The logrotate utility automates this process, providing flexible configuration options that can be tailored to the needs of individual applications and system services. Properly configured log rotation ensures that log files are managed efficiently, without manual intervention.