How to Rotate Logs With Logrotate in Linux

When an application under a Linux operating system environment is running, background processes linked to that application are initiated. Events linked with the execution of these applications are recorded on a log file (generated by the applications and/or background processes).

Since log files are constantly generated; especially on a busy system like a server environment, it is necessary to keep them in check.

For a Linux system that is not running too many applications, log files can be easily and manually trimmed on timed schedules. However, such a log files management approach is not applicable to enterprise/production-ready Linux systems.

Logrotate takes care of automatic rotation and compression of growing log files to ensure that we save on the system’s available disk space.

This article will walk us through the installation and basic usage of the Logrotate utility in managing log files in the Linux system.

How to Install Logrotate in Linux

The Logrotate log files management utility is pre-installed on major Linux distributions. If you do not have it installed on your Linux system, reference the following installation instructions.

$ sudo apt install logrotate         [On Debian, Ubuntu and Mint]
$ sudo yum install logrotate         [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux]
$ sudo emerge -a app-admin/logrotate  [On Gentoo Linux]
$ sudo pacman -S logrotate           [On Arch Linux]
$ sudo zypper install logrotate      [On OpenSUSE]    

Understanding the Logrotate Configuration

The main Logrotate configuration file, stores the default log rotation info and other settings.

$ ls -l /etc/logrotate.conf
$ cat /etc/logrotate.conf
Logrotate Configuration File
Logrotate Configuration File

The main Logrotate configuration directory is where any installed Linux packages need assistance with log rotation, they will put their logrotate configurations inside this directory. As presented by the above screen capture, system tools like apt, dpkg, and ufw are already listed.

$ ls -l /etc/logrotate.d
Logrotate Configuration Directory
Logrotate Configuration Directory

For instance, based on the above screen capture, we could view the apt package manager’s Logrotate configuration file info in the following manner:

$ cat /etc/logrotate.d/apt 
Apt Log Info
Apt Log Info

Based on the above output, two different log files (term.log and history.log) are represented.

  • rotate 12 option ensures that 12 old log files are retained.
  • monthly option ensures that log rotation is made once a month.
  • compress option ensures that the rotated log files are compressed (mostly via gzip resulting in .gz files).
  • missingok option does not associate an error message with a missing log file.
  • notifempty option ensures that empty log files are not rotated.

Creating Sample Logrotate Configuration File

Here, we are going to look at two scenarios:

1. Adding Configuration File in /etc/logrotate.d/ Directory

Supposing we have a fictional webserver app installed on our system called sample-app and we want to configure its log rotation. We will first create its new log configuration file inside /etc/logrotate.d directory.

$ sudo nano /etc/logrotate.d/sample-app

Here is a sample configuration file that could handle these logs:

/var/log/sample-app/*.log {
	daily
	missingok
	rotate 14
	compress
	notifempty
	create 0640 www-data www-data
	sharedscripts
	postrotate
		systemctl reload sample-app
	endscript
}

Next, create its log directory.

$ mkdir /var/log/sample-app

Once log rotation completes, a new log file is created with permission 0640 for owner www-data and group www-data. The sharedscripts flag ensures that the succeeding scripts are executed once per run.

The script inside the block postrotate to endscript is executed after successful log rotations and before the generated logs are compressed.

To dry run and test the above Logrotate configuration, we will execute:

$ sudo logrotate /etc/logrotate.conf --debug
Create Logrotate Configuration File
Create Logrotate Configuration File

Despite the app not existing, Logrotate was able to assess its configuration file state. In the above case, generated and compressed logs are to be stored in /var/log/sample-app.

2. Creating an Independent Logrotate Configuration

An app can be running as our system user e.g dnyce. We could assume that its generated logs are stored in /home/dnyce/logs/ directory.
The Logrotate config file should reside in the Home directory:

$ nano /home/dnyce/logrotate.conf

Then paste in the following configuration:

/home/dnyce/logs/*.log {
	hourly
	missingok
	rotate 24
	compress
	create
}

The above logs will be generated hourly.

Let us create the associated logs directory.

$ cd ~
$ mkdir logs
$ touch logs/access.log

Time to test it:

$ logrotate /home/dnyce/logrotate.conf --state /home/dnyce/logrotate-state --verbose
Create Independent Logrotate Configuration
Create Independent Logrotate Configuration

The --verbose details the actions associated with Logrotate. In the above setup, nothing was rotated since Logrotate is seeing the file for the first time. The Logrotate state file will however show recorded info about the run.

$ cat /home/dnyce/logrotate-state 
Show Logrotate Info
Show Logrotate Info

To set up Logrotate to automatically run on an hourly basis for the current system user, open user crontab:

$ crontab -e 

add the following entry on the user’s crontab.

14 * * * * /usr/sbin/logrotate /home/dnyce/logrotate.conf --state /home/dnyce/logrotate-state
Create Cron for Logrotate
Create Cron for Logrotate

In about an hour’s time, the $HOME/logs directory should be populated with a rotated and compressed log file.

We should now be able to configure and rotate log files for both root and non-root users via Logrotate in Linux.

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.