‘Logrotate’ your Linux Log Files
A log file grows without limits unless some action is taken. Growing log files pose many problems since larger files are very difficult to manipulate and file systems can run out of space…
Advisor: Swayam Prakasha
Swayam has been working in information technology for several years, concentrating on areas such as operating systems, networking, network security, electronic commerce, internet services, LDAP and web servers. Swayam has authored a number of articles for trade publications, and he presents his own papers at industry conferences.
A log file grows without limits unless some action is taken. Growing log files pose many problems since larger files are very difficult to manipulate and file systems can run out of space. Thus there is a need for a solution to prevent the log files from growing beyond a certain size…
Most Linux systems come with a tool called ‘logrotate’ and it is very handy in many situations. It will help the easy administration of systems that usually generate a large number of log files. Using this tool, we can rotate the log files, compress the log files, remove the log files, mail the log files etc. Rotating a log file means taking a copy to a back-up file and creating a new log file. We can then remove the back-up logs when they are out of date. We do not have to have any special privileges to run this logrotate. It is usually installed to run nightly as a cron job. For each service we install, we need to have a configuration file which tells logrotate how to rotate the log files for that specific program. In simple words, logrotate involves regular (typically nightly or weekly) moving of an existing log file to some other file name and then starting afresh with an empty log file. A part of a typical logrotate configuration file is given below.
# see “man logrotate” for details
# rotate log files weekly
# keep 4 weeks worth of backlogs
# create new (empty) log files after rotating old ones
# uncomment this if you want your log files compressed
The beauty of the logrotate tool lies in the fact that it allows us to handle each log file daily, weekly, monthly or whenever it grows too large. With logrotate, one can keep logs longer with less disk space.
The practice is to run logrotate as a daily cron job. Thus it is not needed to modify a log file several times in any day. If we have a program that keeps a log file and if that log files grows with each passing day, then logrotate can help up in cleaning it up for you. When called, logrotate reads the following two files:
a. The logrotate configuration file /etc/logrotate.conf.
b. The files in the logrotate configuration directory – /etc/logrotate.d. Note that most of the services (Apache web server, MySQL etc) installed on your system create a configuration file in /etc/logrotate.d.
The logrotate can be executed with many command line arguments. If no command line arguments are given, then logrotate will print version and copyright information along with a short usage summary. If it encounters any errors while rotating logs, it will exit with a non-zero status. Logrotate comes with many command line options and some of these are pretty useful. The following are some of the popular used options with logrotate:
-v – Turn the verbose mode on.
-d – Debug mode is enabled.
-f – Forcibly rotate the log files, even if it is not necessary.
— usage – This option prints a short message, giving information on its usage.
Configuration file format
The format of the log rotate configuration file is defined by the manpage for
logrotate. In a nutshell, the format is
<global configuration options>
<definition for logfile 1>
<definition for logfile 2>
<definition for logfile 3>
As mentioned earlier, logrotate comes with a default configuration files and it is ‘logrorate.conf’ located at /etc. It is a normal practice to place the service-specific configuration files in the /etc/logrotate.d directory.
Now let’s see how we can use logrotate for rotating the log files…