Rotating Logs Using logrotate Command in Linux

Introduction to Linux Logrotate Command

The logrotate command in Linux is a utility designed to simplify the management of log files. It allows system administrators to automate the process of rotating logs, compressing them to save disk space, and deleting old log files to maintain a clean and organized log directory.

One of the primary advantages of logrotate is its ability to perform these tasks on a scheduled basis. By defining rotation policies in the logrotate configuration file, administrators can ensure that log files are regularly rotated and maintained according to their specified criteria.

The logrotate command is typically executed through a cron job, making it a powerful tool for log file management in Linux systems.

Installing logrotate in Linux

In most Linux distributions, logrotate comes pre-installed, so you don't need to install it separately. However, if it's not already present on your system, you can install it using the package manager specific to your distribution.

For example, on Debian-based systems like Ubuntu, you can use the following command to install logrotate:

On Red Hat-based systems like CentOS or Fedora, you can use the following command:

Once installed, you can proceed with configuring logrotate according to your requirements.

Configuring logrotate in Linux

Configuration File

The main configuration file for logrotate is located at /etc/logrotate.conf. This file contains global directives and settings that apply to all log files managed by logrotate.

You can also create configuration files for specific log files or applications within the /etc/logrotate.d/ directory. These files allow you to define custom rotation policies for each log file separately.

Configuration File Directives

Let's take a look at some essential directives used in logrotate configuration files:

• rotate:
  Specifies the number of log files to keep before old ones are removed. For example, rotate 7 will keep seven rotated log files before deleting the older ones.
• weekly/daily/monthly:
  Determines the rotation frequency. You can choose to rotate logs weekly, daily, or monthly.
• compress:
  Enables log compression using gzip. Compressed logs save disk space but require decompression to view their contents.
• delaycompress:
  Delays compression until the next rotation cycle. This directive is useful for services that may still write to the log file after rotation.
• size:
  Specifies the maximum size for log rotation. For example, size 10M will rotate the log file once it reaches 10 megabytes.
• postrotate:
  Defines a command or script to run after log rotation completes. This directive is useful for tasks such as restarting a service that writes to the log file.

These directives provide flexibility in defining rotation policies tailored to your specific needs. By customizing these settings, you can ensure that log files are rotated and maintained to suit your system requirements.

logrotate Syntax

The syntax for the logrotate command follows this pattern:

Here, <config-file> refers to the logrotate configuration file you want to use for log rotation.

By default, logrotate reads the main configuration file at /etc/logrotate.conf. However, you can specify a different configuration file using the -f option:

Using the -v option, you can enable verbose output, which provides detailed information about log rotation activities:

Options

The logrotate command supports several options that allow you to customize its behavior:

• -d, --debug:
  Prints debug messages to assist with troubleshooting logrotate issues.
• -f, --force:
  Forces log rotation, even if the log file doesn't require rotation based on the defined criteria.
• -m, --mail :
  Sends an email notification using the specified command after log rotation completes.
• -s, --state :
  Specifies a custom state file. The state file keeps track of the log files' status and rotation history.
• -v, --verbose:
  Enables verbose output, providing detailed information about log rotation activities.

These options allow you to fine-tune logrotate's behavior according to your specific requirements and preferences.

Verifying Log Rotation Status

To check the status and details of log rotation, you can use the --status option with the logrotate command:

This command displays information about the last rotation date, the number of rotations performed, and the size of the log files. It provides a quick overview of the log rotation activities and helps you ensure the rotation policies are applied correctly.

Linux logrotate Examples

To illustrate the practical usage of logrotate, let's explore a few examples:

Example - 1: Rotating a Single Log File

Suppose we want to rotate the log file /var/log/application.log weekly and keep a maximum of four rotated files. We can create a separate configuration file, such as /etc/logrotate.d/application, with the following contents:

Save the file and run logrotate with this configuration:

Example - 2: Compressing Rotated Log Files

If we want to compress the rotated log files to save disk space, we can modify the previous configuration file as follows:

After making the change, run logrotate again to apply the updated configuration:

Example - 3: Running Pre-rotation and Post-Rotation Script

Suppose we have a web server running, and we want to reload its configuration after log rotation. We can achieve this by adding a postrotate directive in the configuration file:

Here, the postrotate directive specifies the command or script to execute after log rotation completes. In this case, it reloads the Apache HTTP server configuration by running /usr/sbin/service httpd reload.

After modifying the configuration, run logrotate again to apply the changes:

In addition to the postrotate directive, logrotate also supports a prerotate directive. This directive allows you to specify a command or script to run before log rotation occurs. This can be useful for performing tasks such as stopping a service before rotating its log file. Here's an example:

In this example, the prerotate script stops the myapp service before log rotation, and the postrotate script starts the service again after rotation completes.

Example - 4: Custom Logrotate Configuration Files

In addition to the main logrotate configuration file and the individual configuration files in /etc/logrotate.d/, you can create custom configuration files in other locations. To use a custom configuration file, specify its path when executing the logrotate command:

This allows for greater flexibility in organizing and managing logrotate configurations based on your system's specific requirements.

Example - 5: Specifying Multiple Log Files in a Configuration

You can specify multiple log files within a single configuration file. This can be useful when you want to apply the same rotation policies to multiple log files or when you want to define different rotation policies for specific log files. Simply list the log files one after another, each with its own set of directives:

Example - 6: Using Wildcards in Logrotate Configuration

Logrotate supports the use of wildcards to match multiple log files with similar names. This feature allows for dynamic rotation of logs based on a common pattern. For example:

In this example, logrotate will match all log files in the /var/log/ directory that start with "application" and end with ".log". This pattern can encompass multiple log files and adapt to log file naming conventions changes.

Example - 7: Using Size-Based Log Rotation

By using the size directive in logrotate, you can specify the maximum size at which log rotation should occur. This is particularly useful for managing log files that grow rapidly and can quickly consume disk space. Here's an example:

In this example, log rotation will be triggered when the log file size reaches 100 megabytes. Adjust the size threshold according to your system's requirements.

Example - 8: Handling Logs with Different Permissions or Ownerships

If you have log files with different permissions or ownerships, logrotate allows you to preserve those settings during rotation. By default, logrotate uses the same permissions and ownership as the original log file. However, you can override this behavior by using the create directive. Here's an example:

In this example, the create directive ensures that new log files created during rotation have permissions set to 0644 and are owned by the root user and root group. Adjust the permissions and ownership values based on your specific requirements.

Example - 9: Using logrotate with Systemd Timer Units

In modern Linux distributions that use systemd, you can use systemd timer units to schedule logrotate execution instead of cron. This allows for more precise control and easier management of log rotation tasks. You can create a systemd timer unit that triggers logrotate at specific intervals. Here's an example:

Save this file as logrotate-app.timer in the /etc/systemd/system/ directory. Then, enable and start the timer:

This sets up a weekly timer for logrotate, which you can customize by modifying the OnCalendar directive.