Logrotate is a system utility that controls the automatic rotation and compression of log files. If files have not been rotated, compressed and periodically deleted during long-term server operation, they may sooner or later take up all available memory space.
Logrotate is installed by default on Ubuntu 16.04 and is configured to handle log rotation for all installed packages and applications.
Logrotate version check:
logrotate --version
The output of the command will be
root@kvmde67-19464:~# logrotate --version
logrotate 3.8.7
The default configuration of Logrotate is stored in two paths:
- The file /etc/logrotate.conf stores some of the default configurations. It also contains archiving templates for non-system files.
- File /etc/logrotate.d/ is designed to store third-party parameters that the administrator sets himself. Rotation templates for system utilities are stored here.
Let's take a look at the Logrotate configuration file /etc/logrotate.d for the apt package manager:
cat /etc/logrotate.d/apt
The output of the command will be
root@kvmde67-19464:~# cat /etc/logrotate.d/apt
/var/log/apt/term.log {
rotate 12
monthly
compress
missingok
notifempty
}
/var/log/apt/history.log {
rotate 12
monthly
compress
missingok
notifempty
}
This file contains configuration blocks for two different log files in /var/log/apt/: term.log and history.log. Both blocks have the same options. Any options not specified in these configuration blocks inherit the default values or values set in /etc/logrotate.conf
Parameters set for apt logs:
- rotate 12 - specifies that the utility saves the last twelve logs;
- monthly - update once a month;
- compress - archive command, by default the standard Linux utility gzip is used, if you want to change it to another one then specify the keys after the command;
- missingok - do not write an error message if the log file is missing;
- notifempty - do not rotate empty log file.
Two options can be used to manage log files for applications:
- Create a new Logrotate configuration file and place it in /etc/logrotate.d/. It will run daily as the root user along with all other standard LogRotate tasks.
- Create a new configuration file and run it with the default LogRotate settings in Ubuntu
Create configuration in /etc/logrotate.d/
As an example, let's configure updates for a server that writes logs to the access.log and error.log files located in /var/log/example-app/
To add the configuration directory /etc/logrotate.d/, open a new file:
sudo nano /etc/logrotate.d/example-app
/var/log/example-app/*.log {
daily
missingok
rotate 14
compress
notifempty
create 0640 www-data www-data
sharedscripts
postrotate
systemctl reload example-app
endscript
}
Description of the directives:
- create 0640 www-data www-data - this command will create a new empty log file after rotation with specified permissions (0640), owner ( www-data) and groups (www-data);
- sharedscripts - this option means that any scripts added to the configuration will only run once per run after the files have been compressed, not for each individual updated file. Because our configuration will match two log files (access.log and error.log), the script specified in postrotate will only run once;
- postrotate to endscript - the script in this block will be run after the log file is updated. In the example, the application is reloaded
After configuring it according to the requirements, you can run the test with the command:
sudo logrotate /etc/logrotate.conf --debug
This will bring up the logrotate utility, pointing to the standard configuration file in debug mode.
The console will display information about which files the logrotate is processing at the moment. The standard Logrotate configuration will be performed once a day, including new configuration.
Creating a LogRotate configuration
In this example, we have an application running under user newuser, generating logs that are stored in the /home/newuser/logs/ directory. We need to make these logs rotate hourly, so we have to install it outside the /etc/logrotate.d structure presented in Ubuntu.
Let's create a configuration file in our directory using a text editor
nano /home/newuser/logrotate.conf
Then insert the following configuration:
/home/newuser/logrotate.conf
/home/newuser/logs/*.log {
hourly
missingok
rotate 24
compress
create
}
Save and close the file
This configuration will rotate the files hourly, compressing and saving the twenty-four old logs and creating a new log file to replace the rotated one.
It is necessary to customize the configuration to suit your application.
Let's make a log file to check that it works:
cd ~
mkdir logs
touch logs/access.log
Since the logs belong to newuser we don't need to use sudo. However, we do need to specify a status file. This file records what logrotate saw and did last time, so it knows what to do the next time it runs
We will ask Logrotate to put the status file directly in our home directory for this example. We can specify anywhere that is available and convenient:
logrotate /home/newuser/logrotate.conf --state /home/newuser/logrotate-state --verbose --force
Output
reading config file /home/newuser/logrotate.conf
Handling 1 logs
rotating pattern: /home/newuser/logs/*.log hourly (24 rotations)
empty log files are rotated, old logs are removed
considering log /home/newuser/logs/access.log
log does not need rotating
-verbose will print detailed information about what Logrotate is doing. This is the first time LogRotate has seen this log file, so as far as we know, the file is zero hours old and should not be subject to rotation.
If we look at the status file, we can see that Logrotate has recorded startup information:
cat /home/newuser/logrotate-state
Output
logrotate state -- version 2
"/home/newuser/logs/access.log" 2020-05-18-16:0:0
Logrotate noted that it had seen the logs and when it last looked at their rotation. If you run the same command, one hour later, the log is rotated as expected.
If you want to force LogRotate to rotate the log file, then you must use the -force flag:
logrotate /home/newuser/logrotate.conf --state /home/newuser/logrotate-state --verbose --force
Next, you need to configure a cron job to run Logrotate every hour. Open a user's crontab:
crontab -e
This opens a text file. The file probably already has some comments explaining the expected basic syntax
Move the cursor to a new blank line at the end of the file and add the following:
14 * * * * * /usr/sbin/logrotate /home/newuser/logrotate.conf --state /home/newuser/logrotate-state
This task will run at the 14th minute of every hour, every day.