How to Configure Logrotate

It’s always important to keep your server logs around for as long as it makes business sense. You’ll need them for auditing system access, discovering abuses, or to identify root causes to problems, among other reasons. The challenge, though, is that depending on the service being provided and the amount of traffic received, your logs are capable of growing to gargantuan sizes, consuming every last bit of disk space available.

Logrotate allows us to better manage our logs to prevent from consuming too much disk space. Depending on the schedule you decide on, your logs can be rotated every day, week, or month. Each rotation renames your existing log file, usually by appending a ‘.’ and number to the end, and then creates a new file. To preserve storage the logs that have been rotated can be compressed using Gzip.

Thankfully, most major Linux distributions, like Ubuntu, automatically rotates most logs found under /var/log.

Installation

Logrotate is installed by default on most recent distributions.  As of this writing that means Ubuntu 15.10 and CentOS 7 – 1511. However, if you find that your installation does not include it, it can easily be installed through Yum or Apt.

Create a Log Rotate Configuration

Logrotate configuration files are stored under /etc/logrotate.d. When the logrotate cron job runs, it will look execute any configuration found in that directory.

The following example is that of a default Apache2 log from a CentOS 7 server. We can use it as a template for our own application logs, separate from the default ones.

/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
    endscript
}

Here’s an explanation of the settings used above.

Logrotate supports many more options than what’s listed above. To see a complete list, you can man logrotate or visit linuxcommand.org logrotate page. Here are a few options you may find useful.

 

Test Your Configuration

As with anything, before you roll your configuration into production you will want to test it to ensure everything works. Logrotate includes a feature that allows us to run a configuration, in debug mode, without it doing any work. If there are errors discovered in the syntax or some other issues, you will be notified.

sudo logrotate -d /etc/logrotate.d/myapp.conf

The output will look similar to the example below. The output displays the discovered logs based on the location /var/httpd/*log, and what was done for each log. None of the logs were rotated since I ran the test on a server that was newly built. However, if the logs had more content and were aged a little more, we would see a message indicating our logs were rotated. For now, we can take this as our configuration file syntax is correct.

empty log files are not rotated, old logs are removed
considering log /var/log/httpd/access_log
  log does not need rotating
considering log /var/log/httpd/error_log
  log does not need rotating
not running postrotate script, since no logs were rotated