Logrotate main purpose is to easy administrator of Linux logs. It is very talented tool it can

Automatic rotation

Compression

Removal

Mailing Logs

Logrotate can be configured and run accordingly with configuration files. We will look all of them in this tutorial in detail.

Configuration File

Logrotate generally works as a daemon. The logrotate binary is located /usr/sbin/logrotate . The configuration file is located at /etc/logrotate.conf . Here is the default logrotate configuration file content.

# see "man logrotate" for details # rotate log files weekly weekly # use the syslog group by default, since this is the owning group # of /var/log/syslog. su root syslog # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp, or btmp -- we'll rotate them here /var/log/wtmp { missingok monthly create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0660 root utmp rotate 1 } # system-specific logs may be configured here

This file is the main configuration. There is also a directory names /etc/logrotate.d which holds multiple logrotate configuration files for multiple and generally different jobs.

If we list files under logrotate.d we can see there are some configurations about asterisk, dpkg, ufw etc.

$ ls /etc/logrotate.d/

Set Log File Size

The most used configuration is setting when the logs will be rotated as size reach. We will set size parameter with size option and the specifier. In the following example we will set size 5k.

/var/log/auth.log { create 700 pof pof size 1k }

We have also used the create expression which will set the archived file permission with user and group name.

Enable Compression

Another useful feature of the logrotate is compression archived files. Which will make archive files less in size. The compression ratio may change according to compression algorithm like gz,bzip,zip etc. Default compression algorithm is gzip. In the example we wimply define compression

/var/log/auth.log { compress }

Add Date To Log File Name

While looking a lot of log files in a single directory finding log files according date can be very hard. Logrotate provides date mechanism to add log file date to the end of the log file name. For example if the log file name is auth.log the new file name with date will be auth-20170308.gz

This date feature can be enabled like below.

/var/log/auth.log { dateext }

Specify Rotate Period Monthly/Daily/Weekly

Rotate period can be specified with different metrics. Specifying as calender date is one way. Logrotate can archive log files in monthly, daily, weekly periods.

Monthly

/var/log/auth.log { monthly }

Weekly

/var/log/auth.log { weekly }

Daily

/var/log/auth.log { daily }

Run Scripts After Rotate

After rotating and archiving log files we can trigger some scripts for various jobs. For example I want to get email about log rotation. We can specify script file with postrotate option. The script file must be set as executable to run. In this example after rotation is completed the mailme.sh script will be run.

/var/log/auth.log { postrotate /usr/bin/mailme.sh }

Remove Old Log Files

What will be the rotated log file archives? They will grow and grow in time. Then they will fill up whole disk and the server will be down. This was the bad scenario If we do not setup number of logs those will be stored. Logrotate have a mechanism which will remove log file archives other than spefied count. In this example we will only want to store last 5 log archives and remove others. We will use rotate option for this information.

/var/log/auth.log { rotate 5 }

Another way to remove old archives is setting number of days the log archives will be stored. when a log archive reach specified date it will be deleted. We will use maxage options for this. In the example we will want to remove archive files older than 50 days.

/var/log/auth.log { maxage 50 }

Specify Compression Command

In previous examples we have set compression. But we have not defined any algorithm and tool to compress. We can specify the compression tool and related parameters different than default. We will use compresscmd and compressext to set compression tool and extension explicitly. In this example we want to use bzip2 for compression.

/var/log/auth.log { compress compresscmd /bin/bzip2 compressext .bz2 }