How to setup and use Logrotate in Linux?

Logs provide a wealth of diagnostic information about your computer and the applications installed on your system. Everything from kernel events to user actions are logged by Linux. All the log files are stored in a directory called /var/log/. This directory contains logs of the operating system itself, services and applications installed and running on your system.

The given image shows the content of /var/log directory.

Logs can be very helpful in identifying the issue and the reason for system or service failure. These are analyzed while troubleshooting the system by the system admin.

Over time new information gets logged and the size of the log file on a system increases if not managed properly after a certain time your system may get out of space. You can prevent this by using log rotation.

What is log rotation?

The log rotation is a process in which new log files are created and old ones get archived or removed. For example, a log file dpkg.log is renamed as dpkg.log.1, and a new dpkg.log file is created. Older log files are compressed and appear like dpkg.log.1.gz, dpkg.log.2.gz, and so on.

The log rotation is facilitated by a utility in Linux called logrotate. It archives and removes the older log files from your system and prevents them from filling up the disk space.

How to install logrotate in Linux

Your system may already have this utility installed. If it is not in your system then on the basis of distribution that you are using, execute one of the given commands to install logrotate.

On Debian/Ubuntu/Linux Mint, use –

sudo apt install logrotate

If you are using RHEL/CentOS/Fedora then use –

sudo yum install logrotate

If it asks for confirmation press y and then enter.

You can verify the installation by using the given command.

logrotate

This will display the given output.

Logrotate configuration files

A cron job runs daily and starts logrotate utility. It goes through various log files rotates them and purges older log files as defined in the configuration file of logrotate. There are two main configuration sources of logrotate –

/etc/logrotate.conf

This is the main configuration file of logrotate utility. It contains default settings and facilitates log rotation to non-system package logs. You can see this in the image below.

In this configuration file, there are five lines that are not commented (not preceded by a # symbol) and these are –

weekly – This means the utility will rotate the log files on a weekly basis

su root adm – This shows the root user and adm group owns the log files

rotate 4 – That means it will keep a backup of 4 weeks of log files after which it will get removed to free the disk space

create – This indicates the creation of new log files after the rotation of older ones

include /etc/logrotate.d – It pulls the configuration of applications that are listed in the /etc/logrotate.d directory

/etc/logrotate.d

This directory contains logrotate configuration of installed packages on a system. You can view the list of packages by using the given command.

ls -l /etc/logrotate.d/

You can see the output in the given image –

You can see the configuration of a specific package by using the given command.

For example to see the logrotate configuration of dpkg use –

cat /etc/logrotate.d.dpkg

Where,

monthly – This implies the rotation of log file once a month

rotate 12 – 12 old log files will be backed up

compress – Rotated file will be compressed with default gzip compression

delaycompress – Using delaycompress, we can keep the recent log file uncompressed until the next rotation cycle.

missignok – This will suppress error message in case the log file is missing

notifempty – Ignore file rotation if the file is empty

create 644 root root – Create a new log file as soon as log rotation is completed this will create the file with permission 644 with user and group ownership of root

Adding new service logs to logrotate

Suppose we have an application running that is generating logs and it gets stored at /var/log/explinux.log now we need to rotate this file on a daily basis.

First, we need to create a new logrotate configuration file to accommodate our new log file.

vi /etc/logroatate.d/explinux

And enter the given text into this file.

/var/log/explinux.log {
    daily
    missingok
    notifempty
    compress
    size 20k
    create 0600 root root
}

For adding more options in this file you can see the man page of logrotate by using the given command.

man logrotate

Testing new logrotate configuration

You have created the new log rotate configuration file in /etc/logrotate.d/ you can see this by using –

cat /etc/logrotate.d/explinux

Now create a sample log file if not created –

echo "This is new log file" > /var/log/explinux.log

Now you can force logrotate to rotate all logs by using option -f with logrotate command –

logrotate -f /etc/logrotate.conf

This will rotate all your log files stored in /etc/logrotate.d directory.

You can see the rotated log file by using –

ls /var/log

The rotated file will look something like explinux.log.2021209.gz.

Conclusion

In this article, you have learned how to use logrotate utility to manage log files on a Linux system. Now if you have a query then write us in the comments below.

Leave a Comment