Logs can be very useful, especially when troubleshooting an issue. It contains information about all the events for a service which includes Errors, Warnings and Informational messages.
Log file contents might not be readable easily, but it can help you to find out what went wrong on a system. Many log files are available in Linux for various purpose, including service logs, system logs, etc.
These logs files keep on growing in size over a period of time and hence create troubles when you are reviewing them as they continue to consume disk space on the system.
To properly manage logs, configure logrotate on your system, which rotate logs depending on the configuration preference.
Alternatively, you can write a shell script to monitors your Linux system logs.
What is Logrotate?
Logrotate is used to manage & rotate the logs based on the age of the file or the file size. It automatically archives old logs, deletes them after a certain number of logs and also creates a new log file according to the given configuration.
Each log file may be handled daily, weekly, monthly, or when it grows too large through cronjob. It is possible to send email to users when logs are rotated.
In general, log files are residing under /var/log
directory in Linux but it’s not limited and can be placed anywhere.
Important Logrotate files can be found in the following location’s:
- /etc/logrotate.conf : The main logrotate configuration file
- /etc/logrotate.d : It contains the application-specific configuration files.
- /etc/cron.daily/logrotate : Logrotate cron file which runs daily.
Make a note: By default every application drops their own configuration file at /etc/logrotate.d directory during installation, if the system already has Logrotate configured.
Installing Logrotate in Linux
On most Linux distributions, logrotate is installed by default but if it is not installed, it can be easily installed using the below commands:
On RHEL/CentOS 7 :
sudo yum install logrotate
On RHEL/CentOS 8 & Fedora :
sudo dnf install logrotate
On Debian/Ubuntu :
sudo apt install logrotate
On openSUSE :
sudo zypper install logrotate
On Arch Linux :
sudo pacman -S logrotate
Contents of logrotate configuration file
The following main configuration file contains instructions for how log files are to be rotated by default:
Details of the options of main configuration file are listed below:
- weekly – It rotates the log files once a week which is defined in /etc/logrotate.conf file, and in /etc/logrotate.d/ directory.
- su root adm – Log files can be archived using the ‘root’ user and ‘adm’ group to avoid issues with permissions.
- rotate 4 – It keeps a 4 weeks backup of all log files.
- create – It creates a new empty log file after each rotation
- dateext – It uses date as a suffix to the rotated file.
- compress – It is used to compress the rotated log file with gzip.
- include – It refers to all the configuration files from the ‘/etc/logrotate.d’ directory
Viewing the contents of the /etc/logrotate.d directory
As mentioned earlier, application-specific configuration files can be found in the following directory:
Adding new service log to logrotate
For demonstration purpose, we will add the new log file ‘2daygeek.log’ into a logrotate configuration.
To do so, the new configuration file must be created under the ‘/etc/logrotate.d’ directory with the required configuration because it contains the application-specific configuration files. This is a sample logrotate configuration file created by us with a few options (for testing purposes), but many configuration options are available for logrotate, and you can pick and use them based on your need by visiting the Man page of logrotate.
sudo vi /etc/logrotate.d/2daygeek /var/log/web/2daygeek.log { daily missingok notifempty compress size 50k create 0600 root root }
Details of the above configuration file:
- daily – Rotates once a day
- missingok – Ignoring output error if logfile is deleted.
- notifempty – Don’t rotate log file if it is empty
- compress – Enable compression when logs are rotated.
- size 50k – Log file is rotated only if it grows bigger than 50k
- create – It creates a new empty log file after each rotation
Please note: If you have multiple log files ‘/var/log/web/*.log’ in one directory, you can add them all with the wildcard option.
Once you have made changes, run the logrotate command manually in a debug mode and check for errors:
sudo logrotate -d /var/log/web/2daygeek.log
If the above command doesn’t show any errors, then go ahead and perform manual rotation by running the following command:
sudo logrotate -f /etc/logrotate.conf
It’s successfully rotated as can be seen in the output below:
ls -lh /var/log/web total 4.0K -rw------- 1 root root 0 Jan 28 11:12 2daygeek.log -rw-r--r-- 1 root root 45 Jan 28 11:10 2daygeek.log.1.gz
Run the below command to check if a particular log is rotated or not.
On RHEL based systems check the following file:
cat /var/lib/logrotate.status
On Debian based systems:
cat /var/lib/logrotate/status logrotate state -- version 2 "/var/log/syslog" 2021-1-28-11:13:26 "/var/log/nginx/error.log" 2021-1-15-0:0:0 "/var/log/dpkg.log" 2021-1-28-11:12:52 "/var/log/speech-dispatcher/debug-flite" 2020-12-2-0:0:0 "/var/log/unattended-upgrades/unattended-upgrades.log" 2021-1-28-11:12:52 "/var/log/unattended-upgrades/unattended-upgrades-shutdown.log" 2021-1-28-11:12:52 "/var/log/auth.log" 2021-1-28-11:13:26 "/var/log/apt/term.log" 2021-1-28-11:12:52 "/var/log/ppp-connect-errors" 2020-12-2-0:0:0 "/var/log/web/2daygeek.log" 2021-1-28-11:16:13
Conclusion
This article briefs how to configure logrotate in Debian and Red Hat based distributions.
If you found this article helpful, please do share with your friends and spread the knowledge. Please feel free to comment below if you have any queries/concerns. We will get back to you as soon as we can. Happy learning!