Learn everything about logrotate utility in Linux. This post explains what is it, why to use it and its configuration steps.
What is logrotate?
First of all, but obvious introduction to logrotate tool. It is utility which rotate, compress, purge, email logs once they match specified criteria like size, age defined in configuration. In short, its an automated log management tool.
It offers service (log specific) policies which can be set and it will handle logs accordingly. Conditions to trigger logrotate can be set on size basis or time basis like daily, weekly or monthly.
Why to rotate logs ?
Another obvious question is why to rotate logs? Logs are files which grows over time. Since they keeps on filling over time. If you dont maintain them they will end up filling your mount point which you never want to see in production!
Means, to save your disk space logs should be rotated. Logs are always useful for troubleshooting but yes you dont need pretty old logs keeping your disk space on toss! Logs can be purged, compress or moved manually. But to save your time from manual tasks you can automate log management using this tool.
Logrotate Installation:
Lets walk through logrotate configuration. How to install it, how to configure it as per your requirement etc.
First of all, you need to install logrotate utility on your machine like below (Red Hat, CentOS, Fedora):
For Debian, ubuntu use : apt-get install logrotate
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | # yum install logrotate Loaded plugins: amazon-id, rhui-lb, security Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package logrotate.x86_64 0:3.7.8-26.el6_7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================= Package Arch Version Repository Size ============================================================================================================================================================= Installing: logrotate x86_64 3.7.8-26.el6_7 rhui-REGION-rhel-server-releases 58 k Transaction Summary ============================================================================================================================================================= Install 1 Package(s) Total download size: 58 k Installed size: 87 k Is this ok [y/N]: y Downloading Packages: logrotate-3.7.8-26.el6_7.x86_64.rpm | 58 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : logrotate-3.7.8-26.el6_7.x86_64 1/1 Verifying : logrotate-3.7.8-26.el6_7.x86_64 1/1 Installed: logrotate.x86_64 0:3.7.8-26.el6_7 Complete! |
Confirm its installed
1 2 3 4 | # rpm -q logrotate logrotate-3.7.8-26.el6_7.x86_64 |
Once logrotate is confirmed installed move on to configurations.
Logrotate configuration :
/etc/logrotate.conf is main configuration file. Individual service specific configuration files can be kept under directory /etc/logrotate.d
To use these service specific individual config files you must include below line in /etc/logrotate.conf
1 2 3 | include /etc/logrotate.d |
Lets configure logrotate to manage /var/log/messages (syslog in Linux). To keep things clean, its recommended to create individual configs under /etc/logrotate.d. We will create rotate_syslog.conf file under this directory and add below code.
1 2 3 4 5 6 7 8 9 | /var/log/messages { daily rotate 3 size 10M compress delaycompress } |
Now understand each filed specified in conf file –
- daily : Rotate logs on daily basis
- rotate 3 : Means keep last 3 rotated logs. Older copies to be purged.
- size 10M : Min size for rotation is 10MB i.e. logs wont be rotated unless they grow more than 10MB
- compress : Compress rotated logs
- delaycompress : Do not compress current log and last rotated log.
Above all options in config file tells logrotate to rotate (/var/log/messages) logs when they grow over 10MB. After rotation keep any extra logs than last 3 one. Also compress logs except current and last rotated one. Check for size daily and if found >10MB then rotate.
logroate testing :
We will dry run above config file to check how it will work in actual run. -d option dry runs utility but dont rotate logs in actual. We have 21MB /var/log/messages file on machine.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | # logrotate -d /etc/logrotate.d/rotate_syslog.conf reading config file /etc/logrotate.d/rotate_syslog.conf reading config info for /var/log/messages Handling 1 logs rotating pattern: /var/log/messages 10485760 bytes (3 rotations) empty log files are rotated, old logs are removed considering log /var/log/messages log needs rotating rotating log /var/log/messages, log->rotateCount is 3 dateext suffix '-20170224' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' previous log /var/log/messages.1 does not exist renaming /var/log/messages.3.gz to /var/log/messages.4.gz (rotatecount 3, logstart 1, i 3), renaming /var/log/messages.2.gz to /var/log/messages.3.gz (rotatecount 3, logstart 1, i 2), renaming /var/log/messages.1.gz to /var/log/messages.2.gz (rotatecount 3, logstart 1, i 1), renaming /var/log/messages.0.gz to /var/log/messages.1.gz (rotatecount 3, logstart 1, i 0), renaming /var/log/messages to /var/log/messages.1 removing old log /var/log/messages.4.gz error: error opening /var/log/messages.4.gz: No such file or directory |
In above output you can see, it rotate logs, compress them (gz extensions), renames them to maintain iterations, try to purge older than 3 logs
When I dry run on file with 9MB size, it gave me below output :
1 2 3 4 5 6 7 8 9 10 11 12 | # logrotate -d /etc/logrotate.d/rotate_syslog.conf reading config file /etc/logrotate.d/rotate_syslog.conf reading config info for /var/log/messages Handling 1 logs rotating pattern: /var/log/messages 10485760 bytes (3 rotations) empty log files are rotated, old logs are removed considering log /var/log/messages log does not need rotating |
Since we specified 10MB size to rotate log and our file is less than 10MB, logrotate reported no need to rotate logs!
You can observe logrotate entry being added to /etc/cron.daily directory too.
1 2 3 4 5 6 7 8 9 10 11 12 13 | # cd /etc/cron.daily # ll total 32 -rwx------. 1 root root 118 Jun 10 2015 cups -rwx------. 1 root root 180 Jul 9 2015 logrotate -rwxr-xr-x. 1 root root 905 Nov 16 2012 makewhatis.cron -rwx------. 1 root root 189 Jan 26 2015 mlocate.cron -rwxr-xr-x. 1 root root 2126 Jul 19 2013 prelink -rwxr-xr-x. 1 root root 563 Oct 21 2013 readahead.cron -rwx------. 1 root root 256 Jun 9 2015 rhsmd -rwxr-xr-x. 1 root root 416 Oct 14 2015 tmpwatch |
logroatete available options :
Below is list of logrotate options which can be used in configuration files along with their meaning.
- daily,monthly, weekly : when to rotate logs (if conditions meets)
- rotate N : Purge all older logs keeping last N rotated logs on server
- size X : Rotate logs when they grow more than X size
- compress : Compress rotated logs using gzip (there are more options to choose compression commands, extensions etc if you want)
- delaycompress : Dont compress current and last rotated log file
- copy : Make a copy of current log file
- create mode user group : After rotation create empty log file with permission (mode), user and group specified
- dateext : Append date to rotated file names
- mail : Mail rotated logs to email before deletion (more optiosn available with this)
- ifempty : Rotate log even if its empty
- maxage N : Rotate logs older than N days
- maxsize N : Rotate when they grown beyond N size even before run-time daily, weekly or monthly.
There are many other options available which can be used. I have listed here only frequently used ones. Detailed list can be obtained in man page of logrotate.
All above outputs are from RHEL6 box. Let me know if you have any queries in comments or if you are looking for specific options to rotate logs with your requirement.
Got any feedback? Comment here!