When an application under a Linux operating system environment is running, background processes linked to that application are initiated. Events linked with the execution of these applications are recorded on a log file (generated by the applications and/or background processes).
Since log files are constantly generated; especially on a busy system like a server environment, it is necessary to keep them in check.
For a Linux system that is not running too many applications, log files can be easily and manually trimmed on timed schedules. However, such a log files management approach is not applicable to enterprise/production-ready Linux systems.
Logrotate takes care of automatic rotation and compression of growing log files to ensure that we save on the system’s available disk space.
This article will walk us through the installation and basic usage of the Logrotate utility in managing log files in the Linux system.
How to Install Logrotate in Linux
The Logrotate log files management utility is pre-installed on major Linux distributions. If you do not have it installed on your Linux system, reference the following installation instructions.
$ sudo apt install logrotate [On Debian, Ubuntu and Mint] $ sudo yum install logrotate [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux] $ sudo emerge -a app-admin/logrotate [On Gentoo Linux] $ sudo pacman -S logrotate [On Arch Linux] $ sudo zypper install logrotate [On OpenSUSE]
Understanding the Logrotate Configuration
The main Logrotate configuration file, stores the default log rotation info and other settings.
$ ls -l /etc/logrotate.conf $ cat /etc/logrotate.conf
The main Logrotate configuration directory is where any installed Linux packages need assistance with log rotation, they will put their logrotate configurations inside this directory. As presented by the above screen capture, system tools like apt, dpkg, and ufw are already listed.
$ ls -l /etc/logrotate.d
For instance, based on the above screen capture, we could view the apt package manager’s Logrotate configuration file info in the following manner:
$ cat /etc/logrotate.d/apt
Based on the above output, two different log files (term.log and history.log) are represented.
- rotate 12 option ensures that 12 old log files are retained.
- monthly option ensures that log rotation is made once a month.
- compress option ensures that the rotated log files are compressed (mostly via gzip resulting in
.gzfiles). - missingok option does not associate an error message with a missing log file.
- notifempty option ensures that empty log files are not rotated.
Creating Sample Logrotate Configuration File
Here, we are going to look at two scenarios:
1. Adding Configuration File in /etc/logrotate.d/ Directory
Supposing we have a fictional webserver app installed on our system called sample-app and we want to configure its log rotation. We will first create its new log configuration file inside /etc/logrotate.d directory.
$ sudo nano /etc/logrotate.d/sample-app
Here is a sample configuration file that could handle these logs:
/var/log/sample-app/*.log {
daily
missingok
rotate 14
compress
notifempty
create 0640 www-data www-data
sharedscripts
postrotate
systemctl reload sample-app
endscript
}
Next, create its log directory.
$ mkdir /var/log/sample-app
Once log rotation completes, a new log file is created with permission 0640 for owner www-data and group www-data. The sharedscripts flag ensures that the succeeding scripts are executed once per run.
The script inside the block postrotate to endscript is executed after successful log rotations and before the generated logs are compressed.
To dry run and test the above Logrotate configuration, we will execute:
$ sudo logrotate /etc/logrotate.conf --debug
Despite the app not existing, Logrotate was able to assess its configuration file state. In the above case, generated and compressed logs are to be stored in /var/log/sample-app.
2. Creating an Independent Logrotate Configuration
An app can be running as our system user e.g dnyce. We could assume that its generated logs are stored in /home/dnyce/logs/ directory.
The Logrotate config file should reside in the Home directory:
$ nano /home/dnyce/logrotate.conf
Then paste in the following configuration:
/home/dnyce/logs/*.log {
hourly
missingok
rotate 24
compress
create
}
The above logs will be generated hourly.
Let us create the associated logs directory.
$ cd ~ $ mkdir logs $ touch logs/access.log
Time to test it:
$ logrotate /home/dnyce/logrotate.conf --state /home/dnyce/logrotate-state --verbose
The --verbose details the actions associated with Logrotate. In the above setup, nothing was rotated since Logrotate is seeing the file for the first time. The Logrotate state file will however show recorded info about the run.
$ cat /home/dnyce/logrotate-state
To set up Logrotate to automatically run on an hourly basis for the current system user, open user crontab:
$ crontab -e
add the following entry on the user’s crontab.
14 * * * * /usr/sbin/logrotate /home/dnyce/logrotate.conf --state /home/dnyce/logrotate-state
In about an hour’s time, the $HOME/logs directory should be populated with a rotated and compressed log file.
We should now be able to configure and rotate log files for both root and non-root users via Logrotate in Linux.
