Logrotate is a software designed to facilitate the management of log files generated by the various software running on the machine, such as PHP, MySQL, Nginx and Apache. In this regard, you may be interested in the guide on how to read the web server log .
Logrotate allows automatic rotation, compression, removal and emailing of log files. Each log file can be managed daily, weekly, monthly or simply when it gets too large. In this guide I’ll explain all the values that can be set in the Logrotate configuration.
Index:
- Installation
- How Logrotate works
- How log rotation works
- Command line options
- Configuration file
- The directives of logrotate
If logrotate is already installed on our machine, you can see the results of its operation by opening a shell and running:
$ ls -l /var/log
in this way you can see how the system logs are periodically rotated and compressed automatically according to the rules that we will see shortly.
Installation
Typically logrotate is installed by default on every Debian system, such as Ubuntu. If not, install it via shell:
During the installation, three files and a directory will be created, among others, on the basis of which the behavior of logrotate will be determined:
How Logrotate works
The operation of this software is simple: every day the script /etc/cron.daily/logrotate is executed by the cron daemon, which takes care of making rotations based on the contents of the file / var / lib / logrotate / status and the present settings in the configuration files /etc/logrotate.conf .
This configuration file contains, among other things, a directive that tells logrotate to also read the files contained in the /etc/logrotate.d/ directory and treat them as additional configuration files.
To facilitate management, therefore, the logrotate configuration is divided by default between the logrotate.conf file and the files in logrotate.d ; the important thing to always keep in mind is that everything can be seen as a single large configuration file that starts with the logrotate.conf lines, continues with the contents of the logrotate.d files (and any other file / directory specified with the option “ include “) and ends with the last lines of logrotate.conf .
Logrotate’s configuration logic is based on concatenating files, which explains why the order in which the configuration lines are written is particularly important.
Normally, logrotate runs as a daily cron job . It will not modify a log multiple times in a day, unless the policy for that log is based on the size of the log and logrotate is run multiple times each day, or unless the -f or –force ( options explained below).
You can provide any number of configuration files. The newer configuration files may override the options provided in the previous files, so the order in which the logrotate configuration files are listed is important. Normally, a single configuration file should be used which includes any other necessary configuration files. See below how to use the include directive . If a directory is provided, each file in that directory is used as a configuration file.
Pay attention to the fact that the files in logrotate.d are in all respects the configuration files of logrotate and not just related to a particular log file. A global option, that is, contained outside the curly brackets, applies to all subsequent files. Unless you have a compelling reason to do so, all files located in /etc/logrotate.d/ don’t and shouldn’t have directives outside the curly brackets.
How log rotation works
Rotation involves deleting the last rotated file while its place is taken by the penultimate file and so on. For example, if at the beginning you have the log file “evemilano_log” with three weekly rotations you will have:
1st week
- evemilano_access.log is rotated and renamed to evemilano_access.log.1
- A new evemilano_log file is created
Result: evemilano_access.log, evemilano_access.log.1
2nd week
- evemilano_access.log.1 is renamed to evemilano_access.log.2
- evemilano_access.log is renamed to evemilano_access.log.1
- A new evemilano_access.log file is created
Result: evemilano_access.log, evemilano_access.log.1, evemilano_access.log.2
3rd week
- evemilano_access.log.2 is renamed to evemilano_access.log.3
- evemilano_access.log.1 is renamed to evemilano_access.log.2
- evemilano_access.log is renamed to evemilano_access.log.1
Result: evemilano_access.log, evemilano_access.log.1, evemilano_access.log.2, evemilano_access.log.3
successive rotations
- evemilano_access.log.3 is renamed to evemilano_access.log.4 and is deleted
- evemilano_access.log.2 is renamed to evemilano_access.log.3
- evemilano_access.log.1 is renamed to evemilano_access.log.2
- evemilano_access.log is renamed to evemilano_access.log.1
Result: evemilano_access.log, evemilano_access.log.1, evemilano_access.log.2, evemilano_access.log.3
Command line options
Turn on debug mode and imply -v. In debug mode, no changes will be made to the logs or the logrotate status file.
Tells logrotate to force rotation, even if not necessary. It may be useful to do this after adding new entries to a logrotate configuration file or if the old log files have been manually removed, as the new files will be created and logging will continue successfully.
Tells logrotate which command to use when sending logs by mail. This command should take two arguments: 1) the subject of the message and 2) the recipient. The command must then read a standard message and send it to the recipient. The default mail command is / bin / mail -s .
Instructs logrotate to use an alternate state file. It is useful if logrotate is running as a different user for various sets of log files. The default status file is /var/lib/logrotate.status .
Print a short usage message.
Print a help message.
Turn on verbose (verbose) mode.
Configuration file
Logrotate gets all the information about the log files it needs to manage from the set of configuration files specified on the command line. Each configuration file can set global options (local definitions override global ones and subsequent definitions override previous ones) and specify log files to rotate. A simple configuration file looks like this:
The first few lines set the global options; in the example, the registers are compressed after being rotated. Note that comments can appear anywhere in the configuration file as long as the first non-whitespace character on the line is a # .
The second section of the configuration files defines how to manage the log file / var / log / messages . The log will go through five weekly rotations before being removed. After the log file has been rotated (but before the old version of the log has been compressed), the command / sbin / killall -HUP syslogd will be executed .
The third section defines the parameters for /var/log/httpd/access.log and / var / log / httpd / error.log . These logs are rotated whenever they grow in size and exceed 100k and old log files are sent (uncompressed) to www@my.org after doing 5 rotations, rather than being removed. Sharedscripts indicates that the postrotate script will only run once (after the previous registers have been compressed), not once for each register that is rotated. Note that double quotes around the first file name at the beginning of this section allow logrotate to rotate logs with spaces in the name. Normal shell rules apply, with ‘ ,“ And \ supported.
The last section defines the parameters for all files in / var / log / news. Each file is rotated on a monthly basis. This is considered a single rotation directive, and if errors occur for more than one file, the log files are not compressed.
Use wildcard characters with caution. If you specify *, logrotate rotates all files, including those previously rotated. One way around this is to use the olddir directive or a more precise wildcard (like * .log).
We now briefly describe the main files used by logrotate.
/etc/cron.daily/logrotate
This script has the following content: The purpose of the script is to check for the existence of logrotate and then run it with the settings contained in the /etc/logrotate.conf file. Due to its location, this script is run by the cron daemon every day. The minute and time of its execution are determined by the / etc / crontab file , in particular by the line:
In this example we see how the scripts contained in /etc/cron.daily are executed every day at 6.25am.
Make sure the machine is turned on when Cron launches daily scripts; otherwise these scripts, and therefore also logrotate, will not be executed leading to the undesirable effect of having log files of abnormal size. To avoid this problem, you may need to edit the / etc / crontab file or install Anacron .
/etc/logrotate.conf
This is Logrotate’s main configuration file. Its job is to inform logrotate about all configuration options to be used for all specified log files. Lines starting with the “#” character are seen as comments.
Use comments often to describe what changed (and maybe even the date of the change). They may seem like a waste of time but you will thank you for writing them when you read the configuration months later.
The directive:
is used to specify the path where the other additional configuration files for logrotate are located. The normal flow of the file is interrupted, you read the files in logrotate.de then resume from the line following “include”. Of course, all the “includes” you want can be added.
The “include ‘option is especially useful for specifying a custom file or directory. This way you can insert your own configurations without changing the logrotate.conf file too much or without adding files to logrotate.d.
Since this file is read first, the options contained in logrotate.conf (but found before “include”) apply to all log files that have a configuration section in the same logrotate.conf or files contained in /etc/logrotate.d.