How do I configure log rotation in Linux using logrotate?

This article explains Linux log rotation using logrotate. It details configuration via /etc/logrotate.d/, covering options like rotation frequency, file retention, compression, and troubleshooting. The main focus is effective log file management t

How to Configure Log Rotation in Linux Using Logrotate

Logrotate is a powerful tool in Linux for managing log file sizes and automating their rotation. It prevents log files from growing indefinitely, consuming disk space and potentially impacting system performance. The primary configuration file is /etc/logrotate.conf, which contains global settings, and individual log file configurations are typically placed in /etc/logrotate.d/. You can create a new configuration file within /etc/logrotate.d/ for each log file or group of log files you want to manage. Let's create a simple configuration file for a hypothetical log file /var/log/my_app.log:

<code>/var/log/my_app.log {
    daily
    rotate 7
    compress
    copytruncate
    missingok
    notifempty
}</code>

This configuration tells logrotate to:

• daily: Rotate the log file daily.
• rotate 7: Keep 7 rotated log files. Older files will be removed.
• compress: Compress rotated log files using gzip.
• copytruncate: Creates a new, empty log file after rotation. This ensures that the application continues logging without interruption. This is preferred over simply rotating the file.
• missingok: Ignore the log file if it doesn't exist. This prevents errors if the application isn't running.
• notifempty: Don't rotate the log file if it's empty. This prevents unnecessary rotations when the application isn't generating logs.

To apply this configuration, run logrotate -d /etc/logrotate.d/my_app.log (the -d flag runs in dry-run/testing mode) to see what changes logrotate would make, and then run logrotate /etc/logrotate.d/my_app.log to actually perform the rotation. You can also run logrotate without any arguments to process all configurations in /etc/logrotate.d/ and /etc/logrotate.conf. Remember to adjust the configuration options to fit your specific needs and log file size requirements.

What Are the Common Logrotate Configuration Options and Their Uses?

Besides the options used in the example above, logrotate offers several other valuable options:

• weekly, monthly, yearly: Specify the rotation frequency (instead of daily).
• rotate count: Specifies the number of rotated log files to keep.
• size size: Rotate the log file when it reaches a certain size (e.g., size 100M).
• dateext: Append a date to the rotated log file names (e.g., my_app.log.20241027).
• postrotate command: Execute a command after log rotation (useful for restarting services that use the log files).
• prerotate command: Execute a command before log rotation.
• sharedscripts: Use the same postrotate/prerotate scripts for multiple log files.
• delaycompress: Delay compression until the next rotation. This can improve performance if compression is time-consuming.
• create mode owner group: Create a new log file with specified permissions and ownership after rotation.

These options provide flexibility in managing log rotation schedules, file retention, and post-rotation actions, allowing for tailored configurations to suit various applications and system requirements. Refer to the man logrotate page for a comprehensive list of all available options and their detailed descriptions.

How Can I Troubleshoot Logrotate Issues If My Logs Aren't Rotating Correctly?

If log rotation isn't working as expected, several troubleshooting steps can help identify the problem:

1. Check the logrotate log file: Logrotate logs its actions to /var/log/logrotate.log (or a location specified by the log directive in /etc/logrotate.conf). Examine this log file for error messages or clues about why rotation failed.
2. Verify the configuration file: Carefully review your logrotate configuration file for syntax errors or incorrect settings. A simple typo can prevent logrotate from working correctly. Use the -d (dry-run) option with logrotate to test your configuration without actually performing rotations.
3. Check file permissions: Ensure that the logrotate process has the necessary permissions to read, write, and rotate the log files.
4. Examine the log file's ownership and permissions: Make sure the log file is owned by a user or group that the logrotate process can access.
5. Ensure logrotate is running: Check if the logrotate service is running and enabled. This usually involves checking the status of the service (e.g., systemctl status logrotate on systemd systems) and ensuring it's enabled to start automatically on boot.
6. Test with a simple configuration: Create a simple test configuration file to rule out problems with complex configurations.
7. Check for errors in the application logging: Problems within the application generating the log files can also prevent logrotate from functioning properly.

By systematically investigating these aspects, you can pinpoint the cause of the log rotation issues and implement the necessary corrections.

Can I Use Logrotate to Compress Rotated Log Files?

Yes, logrotate can compress rotated log files using the compress option in its configuration file. As shown in the first example, adding compress to your configuration will automatically compress the rotated log files using gzip. The compressed files will typically have a .gz extension. This helps reduce disk space usage, especially for applications generating large log files. Note that compression adds some overhead to the rotation process, so if performance is critical, you might consider using delaycompress to defer compression until the next rotation.

The above is the detailed content of How do I configure log rotation in Linux using logrotate?. For more information, please follow other related articles on the PHP Chinese website!