Tutorials > How to use Logrotate to manage log files

How to use Logrotate to manage log files

Published on: 16 January 2020

Linux Logrotate

Logrotate is a software pre-installed in most Linux distributions, which allows you to manage long-term saving and organization of log files.

The applications in the system often record a log of disc operations or problems. If not periodically deleted, these files can grow in size, fill the disk, and cause malfunctions.

Logrotate is the most common solution for periodically checking log files and automatically managing their rotation, compression and elimination when a certain size and/or age is exceeded.

Basic configurations

Logrotate allows to define some basic parameters that will be used by all the subsequent configurations of the file in the path /etc/logrotate.conf:

# Set a weekly rotation

weekly


# Set the number of rotations to save

rotate 4
              

# make new log file

create
              

# Include all configurations files

include /etc/logrotate.d

In this extract of logrotate.conf, besides applying all the parameters described above, reading all the configurations present in the /etc/logrotate.d directory is also recommended. By doing so, you can divide each configuration by application and/or context.

Logrotate configurations define a rule set for 1 or more files:

[FILE] [FILE?] [FILE?] {

    [SETTINGS]

}

A classic example is that of the configuration of / var / log / messages:

/var/log/messages {
                 

    # Save 5 rotations

    rotate 5
                 

    # Rotating files every week 

    weekly 
                 

    postrotate 

        /usr/bin/killall -HUP syslogd

    endscript

}

In the above example , only the message file is taken into account. . and its rotation is set every week, p to a maximum of 5. Therefore, at the end of the fifth rotation, the the log files:

-rw-r----- 1 root  adm 1215 Jul 29 06:47 messages

-rw-r----- 1 root  adm 3895 Jul 28 06:49 messages.1

-rw-r----- 1 root  adm 454 Jul 21 06:37 messages.2.gz

-rw-r----- 1 root  adm 506 Jul 15 06:40 messages.3.gz

-rw-r----- 1 root  adm 456 Jul 7 06:41 messages.4.gz

Some of the most important settings are:

  • daily, monthly, weekly, yearly: indicates how often to rotate the log file

  • compress, nocompress: whether or not to compress old file rotations

  • maxage: After how many days the old rotations are eliminated

  • size: Sets the rotation only if the indicated files are larger than the specified size. Suffixes can be used to indicate the size format (eg "k" for kilobytes, "M" for megabytes)

  • rotate: Number of rotated logs that have to be saved before being permanently removed. If set to 0, the log files will be cleared without being rotated.

In case you want to set the same rules for multiple files, you can append multiple paths, by separating them with a comma. For example:

/var/log/custom_log, /var/log/alternative_log_file, /var/log/another_log {
                 

      …
                 

}

This configuration will be used for the custom_log file, alternative_log_file and another_log.

Alternatively you can use file masks such as:

/var/custom/logs/*, /var/log/custom_log {
                 

      # This configuration will rotate all the files in the directory. 

      # /var/custom/logs/* e il file /var/log/custom_log
                 

      ...

}

Using the dateext setting

The dateext setting allows you to add the rotation date to the file name, so that data of the logs can be easily recognized .

/var/log/custom.log {

    size 100M

    dateext

    rotate 3

    compress

    maxage 100

}

The configuration indicated above will archive the custom.log file as soon as it reaches 100M, up to a maximum of 3 times or after 100 days. Through the compress option, the archived file will also be compressed in gzip format. 

Once rotated, the file names will have the rotation date as shown below:

# ls /var/log

-rw-r--r--  1 user user 8980 2019-06-09 22:10 custom.log-20180609.gz

-rwxrwxrwx 1 user user    0 2019-06-09 22:11 custom.log

Emailing logs

Logrotate allows you to run customized scripts when certain events occur, such as after each log rotation, by using the postrotate / endscript keywords.

One possible use could be to send the logs via email when completing the rotation. To proceed, first, create a script to send the files to your email address:

#!/bin/bash
                 

# Get all logs

tar -cvf /tmp/logpack.tar /var/log/messages*
                 

# Send logs as attachment 

echo "Log" | mail -s "log" [email protected] -A /tmp/logpack.tar

Save the file above in your home directory, for example /home/map.com username_s//endend.sh and make sure you enable the necessary permissions through:

# sudo chmod u+x /home/user/sendlog.sh

Now, edit the logrotate configuration file as follows:

/var/log/messages {
                 

    ...

    

    postrotate 
                 

        …
                 

        /home/user/sendlog.sh

    endscript

}

Save the configuration to apply the changes.

Once completed, you will receive an email with the log archive described above at each log rotation.