1.About Log rotate
The logrotate program is a log file manager. It is used to regularly cycle (or rotate) log files by removing the oldest ones from your system and creating new log files. It may be used to rotate based on the age of the file or the file’s size, and usually runs automatically through the cron utility. .
- It is installed by default on Linux
- Runs as daily cron job and the cron script located in /etc/cron.daily directory
- Configuration file is /etc/logrotate.conf
- While installing RPM’s, the applications put log rotation configuration in /etc/logrotate.d/ for its specific application logs. Log rotate daemon scans this directory for specific configuration files for specific application/service logs rotation method
- Configurations under /etc/logrotate.d/ will override the options specified in /etc/logrotate.conf
- Pre rotate and Post rotate scripts can be used
- The logrotate program may also be used to compress log files and to configure e-mail to users when they are rotated
2. Setting up log rotate
To set rotate options for /var/log/messages and whatever the files which need rotation, edit /var/logrotate.d/syslog. This file contains the configuration for all the logs which controlled by syslog daemon.
Or create new file with the following syntax
FULL_PATH_OF_THE_FILES_TO_BE_ROTATED
{
OPTION1
OPTION2
…..
….
}
Verify the default options in /etc/logrotate.conf and comment them if required.
Here is the sample configuration file for rotating /var/log/messages and other log files based on size
/var/log/warn /var/log/messages /var/log/allmessages /var/log/localmessages /var/log/firewall
{
nocompress
rotate 1
missingok
notifempty
size 10M
create 640 root root
sharedscripts
postrotate
/etc/init.d/syslog reload
endscript
}
In the above configuration, when the logrotate daemon executed as cron job, it will look for the file to rotate (/var/log/messages and other files) and size of that file (10M) specified in configuration file /var/logrotate.d/syslog
If the specified size reached, it will execute the prerotate script which does an incremental backup of that log file and rotates it.
3. Options which can be used in configuration file.
compress | This is used to compress the rotated log file with gzip. |
nocompress | This is used when you do not want to compress rotated log files. |
copytruncate | This is used when processes are still writing information to open log files. This option copies the active log file to a backup and truncates the active log file. |
nocopytruncate | This copies the log files to backup, but the open log file is not truncated. |
create mode owner group | This rotates the log file and creates a new log file with the specified permissions, owner, and group. The default is to use the same mode, owner, and group as the original file. |
nocreate | This prevents the creation of a new log file. |
delaycompress | When used with the compress option, the rotated log file is not compressed until the next time it is cycled. |
nodelaycompress | This overrides delaycompress. The log file is compressed when it is cycled. |
errors address | This mails logrotate errors to an address. |
ifempty | With this, the log file is rotated even if it is empty. This is the default forlogrotate. |
notifempty | This does not rotate the log file if it is empty. |
mail address | This mails log files that are cycled to an address. When mail log files are cycled, they are effectively removed from the system. |
nomail | When mail log files are cycled, a copy is not mailed. |
olddir directory | With this, cycled log files are kept in the specified directory. This directory must be on the same filesystem as the current log files. |
noolddir | Cycled log files are kept in the same directory as the current log files. |
prerotate/endscript | These are statements that enclose commands to be executed prior to a log file being rotated. The prerotate and endscript keywords must appear on a line by themselves. |
postrotate/endscript | These are statements that enclose commands to be executed after a log file has been rotated. The postrotate and endscript keywords must appear on a line by themselves. |
daily | This is used to rotate log files daily. |
weekly | This is used to rotate log files weekly. |
monthly | This is used to rotate log files monthly. |
rotate count | This specifies the number of times to rotate a file before it is deleted. A count of 0 (zero) means no copies are retained. A count of 5 means five copies are retained. |
tabootext [+] list | This directs logrotate to not rotate files with the specified extension. The default list of extensions is .rpm-orig, .rpmsave, v, and ~. |
size size | With this, the log file is rotated when the specified size is reached. Size may be specified in bytes (default), kilobytes (sizek), or megabytes (sizem). |
In the prerotate section we can specify any script which we would like to run before the log rotation and we also have postrotate option as well.
We can use the logrotate, to control the size of the various application log files (messages, audit.log, etc...) By creating a configuration file under /etc/logrotate.d/
It will be helpful in controlling the growth of file system
