How to Use logrotate Command
What is logrotate?
Logrotate is a tool for managing log files created by system processes. It automatically compresses and removes logs to maximize log convenience and conserve system resources. Users have extensive control over how and when log rotation is processed.
Use Logrotate
The behavior of logrotate is determined by options set in a configuration file, typically located at /etc/logrotate.conf:
logrotate /etc/logrotate.conf
In addition to the system-wide log rotation configuration, you can also configure logrotate on a per-user basis. If your deployment requires non-privileged users to rotate their own logs, each can create distinct configuration files.
Run logrotate as a cronjob
Run logrotate as a cronjob to ensures that logs will be rotated as regularly as configured. Logs will only be rotated when logrotate runs, regardless of configuration. For example, if you configure logrotate to rotate logs every day, but logrotate only runs every week, the logs will only be rotated every week.
For most daemon processes, logs should be rotated by the root user. In most cases, logrotate is invoked from a script in the /etc/cron.daily/ directory. If one does not exist, create a script that resembles the following in the /etc/cron.daily/ folder:
You may also use an entry in the root user’s crontab.
Understand logrotate.conf
The configuration file for log rotation begins with a number of global directives that control how log rotation is applied globally. However, most log rotation configuration occurs in files located in the /etc/logrotate.d/ directory, rather than in the /etc/logrotate.conf file. Each daemon process or log file will have its own configuration file in this directory. The /etc/logrotate.d/ configurations are loaded using the following directive in logrotate.conf:
Configuration settings for the rotation of specific logs are declared in a block structure:
/var/log/mail.log {
weekly
rotate 5
compress
delaycompress
missingok
notifempty
create 0644 postfix postfix
postrotate
/usr/bin/killall -HUP syslog-ng > /dev/null 2>&1 || true
endscript
}
The above configuration rotates logs every week, saves the last five rotated logs, compresses all old log files using the xz compression tool, and recreates the log files with 0644 permissions and postfix as the user and group owner. These specific configuration options override global configuration options, which are described below.
Remove or Email Old Logs with Rotate Count
The rotate directive controls how many times a log is rotated before old logs are removed. If you specify a rotation number of 0, logs will be removed immediately after they are rotated. Additionally, if you specify an email address using the mail directive, logs will be emailed before they are removed.
Your system will need a functioning Mail Transfer Agent to be able to send email.
Configure Log Rotation Intervals
To rotate logs every week, use the following configuration directive:
When weekly is set, logs are rotated if the current weekday is earlier than the weekday of the last rotation (i.e., Monday is earlier than Friday) or if the last rotation occurred more than a week before the present.
To configure monthly log rotation, use the following directive:
Logs with this value will rotate every month that logrotate runs.
For annual rotation:
Logs are rotated when the current year differs from the year of the last rotation.
To rotate based on size, use the following directive:
The size directive forces log rotation when a log file grows larger than the specified [value]. By default, [value] is assumed to be in bytes. Append a k to [value] to specify a size in kilobytes, M for megabytes, or G for gigabytes. For example, size 100k or size 100M are valid directives.
Compress Rotated (Old) Logs
The compress directive compresses all logs after they have been rotated. If this directive is placed in the global configuration, all logs will be compressed. If you want to disable a globally enabled compression directive for a specific log, use the nocompress directive.
By default, logrotate compresses files using the gzip command. You can replace this with another compression tool such as bzip2 or xz as an argument to the compresscmd directive.
Delay Log File Compression
In some situations it is not ideal to compress a log file immediately after rotation when the log file needs additional processing. The delaycompress directive above postpones the compression one rotation cycle.
Maintain Log File Extension
Logrotate will append a number to a file name so the access.log file will be rotated to access.log.1. To ensure that an extension is maintained, use the following directive:
If you enable compression, the compressed log will be named access.1.log.gz.
Control Log File Permissions
If your daemon process requires a log file to exist in order to function properly, logrotate may interfere with log rotation. To avoid this, you can have logrotate create new, empty log files after rotation. Consider the following example:
In this example, a blank file is created with the permissions 640 (owner read/write, group read, other none), owned by the user www-data and in the users group. This directive specifies options in the form: create [mode(octal)] [owner] [group].
Running Commands Before or After Rotation
logrotate can run commands before and after rotation in order to ensure that routine tasks associated with log rotation, such as restarting or reloading daemons and passing other kinds of signals, are performed.
Prerotate - Running Commands Before Log Rotation
To run a command before rotation begins, use a directive similar to the following:
prerotate
command
endscript
For example, the command touch /srv/www/example.com/application/tmp/stop runs before rotating the logs. Ensure that there are no errant directives or commands on the lines that contain prerotate and endscript. Remember that all lines between these directives will be executed.
Postrotate - Running Commands After Log Rotation
To run a command or set of commands after log rotation, consider the following example:
postrotate
command
endscript
postrotate is identical to prerotate except that the commands are run after log rotation.
For a more comprehensive listing of possible directives, run man logrotate.