Introduction
logrotate is designed to simplify the management of systems that generate large amounts of log files. It allows automatic rotation, compression, deletion and mailing of log files. Each log file can be processed daily, weekly, monthly or when it becomes too large.
Installation
Taking centos7 or ubuntu20.04 as an example, the system has installed logrotate by default. If it is not installed, you can also install logrotate through the following command.
# centos # Installation command sudo yum install logrotate #ubuntu # Installation command sudo apt install logrotate #Version confirmation logrotate --version
Command
[root@192 ~]# logrotate -? Usage: logrotate [OPTION...] <configfile> -d, --debug Don't do anything, just test (implies -v) -f, --force Force file rotation -m, --mail=command Command to send mail (instead of `/bin/mail') -s, --state=statefile Path of state file -v, --verbose Display messages during rotation -l, --log=STRING Log file --version Display version information Help options: -?, --help Show this help message --usage Display brief usage message
Configuration
By default, logrotate relies on cron to be executed regularly every day. The default configuration file is: /etc/logrotate.conf. You can customize the configuration file in the /etc/logrotate.d/ directory.
Configuration example:
# sample logrotate configuration file
compress
/var/log/messages {
rotate 5
weekly
postrotate
/usr/bin/killall -HUP syslogd
endscript
}
"/var/log/httpd/access.log" /var/log/httpd/error.log {
rotate 5
mail [email protected]
size 100k
sharedscripts
postrotate
/usr/bin/killall -HUP httpd
endscript
}
/var/log/news/* {
monthly
rotate 2
olddir /var/log/news/old
missingok
postrotate
kill -HUP 'cat /var/run/inn.pid'
endscript
nocompress
}
Parameter Description:
? compress: Log files of older versions use gzip for compression by default. compresscmd: Specifies which command to use to compress log files. Default is gzip. uncompresscmd: Specifies which command to use to decompress the log file. The default is gunzip. compressext: Specifies which extension to use on compressed log files (if compression is enabled). The default value follows the configured compression command. compressoptions: Command line options that can be passed to the compression program (if one is being used). The default value for gzip is "-9" (maximum compression) copy: Copy the log file without changing the original file. The create option will have no effect when using this option copytruncate: Truncate the original log file in place after creating the copy, instead of moving the old log file and choosing to create a new log file. It can be used when some programs cannot be told to close their log files and therefore may continue writing (appending) to the previous log file forever. Note that the time slice between copying a file and truncating it is very short, so some logging data may be lost. The create option will have no effect when using this option because the old log files remain in place. create: Immediately after rotation (before running the postrotate script), a log file (with the same name as the log file just rotated) will be created. daily: Log files are rotated every day. dateext: Archive older versions of log files, adding a daily extension (e.g. YYYYMMDD) instead of simply adding a number. The extension can be configured using the dateformat option. dateformat format_string: Specify the extension of dateext using a notation similar to the strftime function. Only the %Y %m %d and %s specifiers are allowed. The default value is -%Y%m%d. delaycompress: Delay the compression of the previous log file to the next cycle. This only works when combined with compress. extension ext: Log files with extension ext can be retained after rotation. If compression is used, the compression extension (usually .gz) appears after ext. ifempty: Rotates log files even if they are empty, overriding the notifempty option (ifempty is the default). include file_or_directory: Reads the file given as an argument as if it were included inline where the include directive appears. If a directory is given, most files in that directory will be read in alphabetical order before proceeding with processing of the included files. mail address: Files that have expired will be mailed to the specified address. If a specific log should not generate emails, you can use the nomail directive. mailfirst: When using the mail command, mail the files that have just been rotated instead of the files that are about to expire. maillast: When using the mail command, mail files that are about to expire, rather than files that have just been rotated (this is the default setting). maxage count: Delete rotated logs older than <count> days. This is only checked if the log file is to be rotated. If maillast and mail are configured, files will be mailed to the configured address. minsize size: When the log file grows larger than size bytes, the log file will be rotated, but not before an additional specified interval (daily, weekly, monthly, or yearly). missingok: If a log file is missing, continue with the next log file without issuing an error message. monthly: The log files are rotated the first time logrotate is run in a month (usually on the first day of the month). nocompress: Log files of older versions are not compressed. nocopy: Do not copy the original log file and leave it in place. (This overrides the copy option) nocopytruncate: Do not truncate the original log file in place after creating the copy (this overrides the copytruncate option). nocreate: No new log file will be created (this overrides the create option). nodelaycompress: Do not defer compression of the previous log file until the next loop cycle (this overrides the delaycompress option). nodateext: Do not archive older version log files with a date extension (this overrides the dateext option). nomail: Do not mail old log files to any address. nomissingok: Issue an error if the log file does not exist. This is the default setting. noolddir: The logs are rotated in the same directory where the logs normally reside (this overrides the olddir option). nosharedscripts: Runs prerotate and postrotate scripts for each rotated log file (this is the default and overrides the sharedscripts option). The absolute path to the log file is passed to the script as the first argument. If the script exits with an error, only the remaining operations are performed on the affected logs. noshred: Do not use shred when deleting old log files. notifempty: Do not rotate the log if it is empty (this overrides the ifempty option). olddir directory: The log is moved to the directory for rotation. The directory must be on the same physical device as the log file being rotated, and unless an absolute pathname is specified, the directory is assumed to be relative to the directory holding the log file. When using this option, all old version logs will end up in directory. This option may be overridden by the noolddir option. postrotate/endscript: The line between postrotate and endscript (both must appear alone on the line) is executed after the log file is rotated (using /bin/sh). These directives can only appear in log file definitions. Typically, the absolute path to the log file is passed to the script as the first argument. If sharedscripts is specified, the entire pattern will be passed to the script. prerotate/endscript: The line between prerotate and endscript (both must appear alone on the line) is executed before the log file is rotated (using /bin/sh), and only when the log is actually rotated. These directives can only appear in log file definitions. Typically, the absolute path to the log file is passed to the script as the first argument. If sharedscripts is specified, the entire pattern will be passed to the script. firstaction/endscript: The line between firstaction and endscript is executed (using /bin/sh) before all log files matching the wildcard pattern, before the private script is run, and only before at least one log is actually to be rotated ( Both must appear alone on the line). These directives can only appear in log file definitions. The entire pattern is passed to the script as the first argument. If the script exits with an error, no further processing occurs. See lastaction. lastaction/endscript: The line between lastaction and endscript will be executed after all log files matching the wildcard pattern have been rotated, after the postrotate script has run, and only after at least one log has been rotated (they both must appear individually on the line Medium) (using /bin/sh) once. These directives can only appear in log file definitions. The entire pattern is passed to the script as the first argument. If the script exits with an error, only an error message is displayed (since this is the last operation). See firstaction. rotate count: The log file will be rotated count times before being deleted or mailed to the address specified in the email command. If count is 0, older versions will be removed instead of rotated. size size: The log file will be rotated only if the log file is larger than size bytes. If size is followed by k, the size is assumed to be in kilobytes. If you use M, the size is in megabytes; if you use G, the size is in gigabytes. So size 100, size 100k, size 100M and size 100G are all valid. sharedscripts: Typically, run the prerotate and postrotate scripts for each rotated log, passing the absolute path to the log file as the first argument to the script. This means that a single script may be run multiple times against log file entries that match multiple files (such as the /var/log/news/* example). If sharedscripts is specified, the script is run only once, and the entire pattern is passed to them, no matter how many logs match the wildcard pattern. However, if there are no logs in the pattern that need to be rotated, the script will not run at all. If the script exits with an error, no remaining operations are performed on any logs. This option overrides the nosharedscripts option and implies the create option. shred: Use shred -u instead of unlink() to delete log files. This should ensure that the log is unreadable after scheduled deletion; this feature is turned off by default. See also noshred. shredcycles count: Ask GNU shred to overwrite the log file count times before deleting it. Without this option, shred's default value will be used. start count: This is the number used as the base for rotation. For example, if you specify 0, the log will be created with a .0 extension when rotating the log from the original log file. If 9 is specified, the log file will be created using .9, skipping 0-8. The file will still be rotated the number of times specified by the count directive. tabooext [+] list: The current taboo extension list has been changed (see the include directive for information on taboo extensions). If the extension list is preceded by + , the current list of forbidden extensions will be augmented, otherwise it will be replaced. At startup, the list of forbidden extensions includes .rpmorig, .rpmsave, ,v, .swp, .rpmnew, ~, .cfsaved, and .rhn-cfg-tmp-*. weekly: Rotate log files if the current working day is less than the last rotating working day or more than one week has passed since the last rotation. This is usually the same as rotating the logs on the first day of the week, but will work better if you don't run logrotate every night. yearly: The log file is rotated if the current year is different from the last rotated year. ?
Content Navigation: Computer Network Basics, Advanced, and Security Practices