Log - logrotate app

Data System Architecture


logrotate 1) is an application running as a linux service that allows:

Each log file may be handled daily, weekly, monthly, or when it grows too large.

Usage example

All configuration file via the main configuration

logrotate /etc/logrotate.conf

A specific configuration file

logrotate  /etc/logrotate.d/nginx

Configuration file


logrotate reads everything about the log files it should be handling from the series of configuration files.

Sample logrotate configuration file:

# global options
# logs are compressed after they are rotated.

"/var/log/httpd/access.log" /var/log/httpd/error.log {
rotate 5
mail [email protected]
size 100k
# could be weekly or monthly
/usr/bin/killall -HUP httpd


  • Deleted files property:
    • rotate 5 specify that the file will go through five rotations before being removed.
    • mail [email protected] - mail log file (uncompressed) to [email protected] before delete
    • compress, nocompress
    • create 0600 root root
  • Rotate trigger:
    • size 100k specifiy that log file is rotated whenever it grows over 100k in size
    • weekly define the rotation period (one by week)
    • monthly define a monthly period (one by month)
  • Script:
    • postrotate and endscript define a postrotate script code of block that will be run once once for each rotated log before the old version of the log has been compressed.
    • sharedscripts means that the postrotate script will only be run once (after the old logs have been compressed)

See logrotate for more syntax element


On a line basis where the first character is a #

Default Configuration File

Default state file.

# rotate log files weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones

# use date as a suffix of the rotated file

# uncomment this if you want your log files compressed

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    create 0664 root utmp
    minsize 1M
    rotate 1

/var/log/btmp {
    create 0600 root utmp
    rotate 1


if errors occur for more than one file, the log files are not compressed.

Syntax Command options

Usage: logrotate [OPTION...] <configfile>
  -d, --debug               Don't do anything, just test (implies -v)
  -f, --force               Force file rotation
  -m, --mail=command        Command to send mail (instead of `/bin/mail')
  -s, --state=statefile     Path of state file
  -v, --verbose             Display messages during rotation
  -l, --log=STRING          Log file
  --version                 Display version information

Help options:
  -?, --help                Show this help message
  --usage                   Display brief usage message




with the following Ansible template task

- name: Create logrotate entry for /var/log/myapp.log
  template: src=templates/logrotate_myapp.j2 dest=/etc/logrotate.d/myapp owner=root group=root mode=0644
/var/log/myapp.log {
  rotate 7


Error: skipping “/var/log/*.log” because parent directory has insecure permissions

When using logrotate, you may get this kind of error:

error: skipping "/var/log/*.log" because parent directory has insecure permissions 
(It's world writable or writable by group which is not "root") 
Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

To resolve this error, you have 2 solutions:

  • change the group of the directory to root
  • or add the su directive (equivalent to the su command) that tells the user and the the group to proxy

Example for nginx, if you create a nginx user and nginx group

/var/log/nginx/*.log {
    su nginx nginx
    create 0640 nginx nginx

Discover More
Data System Architecture
Log - Rotation

log Rotation See logrotate application
Network - tcpdump

tcpdump is : a command-line packet analyzer and libpcap, a portable C/C++ library for network traffic capture (sniffer). It prints out a description of the contents of packets on a network interface...

Share this page:
Follow us:
Task Runner