About
logrotate 1) is an application running as a linux service that allows:
Each log file may be handled daily, weekly, monthly, or when it grows too large.
Usage example
All configuration file via the main configuration
logrotate /etc/logrotate.conf
A specific configuration file
logrotate /etc/logrotate.d/nginx
Configuration file
Syntax
logrotate reads everything about the log files it should be handling from the series of configuration files.
Sample logrotate configuration file:
# global options
# logs are compressed after they are rotated.
compress
"/var/log/httpd/access.log" /var/log/httpd/error.log {
rotate 5
mail [email protected]
size 100k
# could be weekly or monthly
sharedscripts
postrotate
/usr/bin/killall -HUP httpd
endscript
}
where:
- Deleted files property:
- rotate 5 specify that the file will go through five rotations before being removed.
- mail [email protected] - mail log file (uncompressed) to [email protected] before delete
- compress, nocompress
- create 0600 root root
- Rotate trigger:
- size 100k specifiy that log file is rotated whenever it grows over 100k in size
- weekly define the rotation period (one by week)
- monthly define a monthly period (one by month)
- Script:
- postrotate and endscript define a postrotate script code of block that will be run once once for each rotated log before the old version of the log has been compressed.
- sharedscripts means that the postrotate script will only be run once (after the old logs have been compressed)
See logrotate for more syntax element
Comment
On a line basis where the first character is a #
Default Configuration File
Default state file.
/etc/logrotate.conf
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
Error
if errors occur for more than one file, the log files are not compressed.
Syntax Command options
Usage: logrotate [OPTION...] <configfile>
-d, --debug Don't do anything, just test (implies -v)
-f, --force Force file rotation
-m, --mail=command Command to send mail (instead of `/bin/mail')
-s, --state=statefile Path of state file
-v, --verbose Display messages during rotation
-l, --log=STRING Log file
--version Display version information
Help options:
-?, --help Show this help message
--usage Display brief usage message
Management
Creation
Ansible
with the following Ansible template task
- name: Create logrotate entry for /var/log/myapp.log
template: src=templates/logrotate_myapp.j2 dest=/etc/logrotate.d/myapp owner=root group=root mode=0644
/var/log/myapp.log {
rotate 7
daily
compress
missingok
notifempty
}
Support
Error: skipping “/var/log/*.log” because parent directory has insecure permissions
When using logrotate, you may get this kind of error:
error: skipping "/var/log/*.log" because parent directory has insecure permissions
(It's world writable or writable by group which is not "root")
Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
To resolve this error, you have 2 solutions:
- change the group of the directory to root
- or add the su directive (equivalent to the su command) that tells the user and the the group to proxy
Example for nginx, if you create a nginx user and nginx group
/var/log/nginx/*.log {
su nginx nginx
create 0640 nginx nginx
....
}