How To Manage Log Files Using Logrotate In Linux

Manage Log Files Using Logrotate In Linux

A few days ago, we have published a guide that described how to setup centralized Rsyslog server on CentOS system. Today, in this guide, we are going to see about Logrotate, which is used to simplify the administration of log files. This utility is very useful, especially for systems that produces large volume of log files everyday. As its name implies, LogRotate rotates the logs entirely out of your system at regular interval time. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.

Manage Log Files Using Logrotate

Install Logrotate

Logrotate s available in the default repositories of most Linux distributions.

On Arch Linux, and its derivatives, you need to run the following command to install it.

sudo pacman -S logrotate

On RPM based systems, such as RHEL, CentOS, Scientific Linux, you can install it using command:

sudo yum install logrotate

On Debian, Ubuntu:

sudo apt-get install logrotate

On SUSE, openSUSE:

sudo znf install logrotate

Configure Logrotate

The main configuration file of LogRotate is /etc/logrotate.conf. Here is the default contents of this file in my Arch system. This file output might look bit different on other Linux distributions.

cat /etc/logrotate.conf

Sample output:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# restrict maximum size of log files
#size 20M

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# Logs are moved into directory for rotation
# olddir /var/log/archive

# Ignore pacman saved files
tabooext + .pacorig .pacnew .pacsave

# Arch packages drop log rotation information into this directory
include /etc/logrotate.d

/var/log/wtmp {
 monthly
 create 0664 root utmp
 minsize 1M
 rotate 1
}

/var/log/btmp {
 missingok
 monthly
 create 0600 root utmp
 rotate 1
}

Let us see what each option does in the above configuration file.

  • weekly – It rotates the logs every week.
  • rotate 4 –  By default, LogRotate keeps the four weeks (one month, obviously) worth of log files. Since, it rotates all log files after a particular period of time, you might need to keep a backup of important log files if you don’t want to lose them.
  • size 20M – Rotates the log files if they reached the size of 20MB. By default, this option is disabled. To enable it, just uncomment it.
  • create – Creates new log files once the after rotating the old log files. This option is enabled by default.
  • compress – Compresses the log files. Also, it doesn’t compress logs by default. If you want to compress the logs, uncomment this line.
  • /etc/logrotate.d/ – This directory contains application-specific log rules files.
  • missing ok – If the log file is missing, Logrotate will go on to the next one without issuing an error message.

Logrotate segments the log files, and compresses the logs based on the rules that are specified under /etc/logrotate.d/ directory.

Let us take a look at this directory contents.

ls /etc/logrotate.d/

Sample output would be:

lirc  samba

As you see in the above output, it contains various rules files for all logs managed by LogRotate. To view a specific application log rule, for example samba, run:

cat /etc/logrotate.d/samba

Sample output:

/var/log/samba/log.smbd /var/log/samba/log.nmbd /var/log/samba/*.log {
 notifempty
 missingok
 sharedscripts
 copytruncate
 postrotate
 /bin/kill -HUP `cat /var/run/samba/*.pid 2>/dev/null` 2>/dev/null || true
 endscript
}

Here,

  • notifempty – Indicates the log files will not be rotated if it is empty.
  • copytruncate – Truncate the original log file in place after creating a copy.
  • postrotate/endscript – The lines between postrotate and endscript are executed after the log file is rotated.
  • sharedscript – The scripts are only run once, no matter how many logs match the wildcarded pattern.

You can also create your own log rules files in /etc/logrotate.d/ directory and define your own rules.

Cron runs the logroate utility daily in search of log files to rotate. You can specify automatic log rotation rules in /etc/cron.daily/logrotate file to avoid manual user intervention. It will perform the log rotation every single day at a specific time.

To verify whether the logs files are rotating or not, run:

cat /var/lib/logrotate.status

Sample output:

logrotate state -- version 2
"/var/log/samba/log.smbd" 2016-5-12-11:0:0
"/var/log/lircd" 2016-6-15-10:0:0
"/var/log/httpd/*log" 2016-5-12-11:0:0
"/var/log/wtmp" 2016-5-6-10:0:0
"/var/log/samba/*.log" 2016-5-12-11:0:0
"/var/log/btmp" 2017-4-1-11:36:53
"/var/log/samba/log.nmbd" 2016-5-12-11:0:0

For more details, run the logrotate by entering the following command:

logrotate --help

Or,

man logrotate

That’s all for now folks. Logrotate is simple, yet useful log rotation tool that simplifies the log management. You don’t need to struggle with complex configuration and installation steps. Everything is self-explanatory. If you’re managing a system that produces large number of log files, you can rotate them periodically using Logrotate.

Cheers!

Resources:

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You may also like...