Guide to Log Rotation in Linux

Amaresh Pelleti

Log rotation is an essential task in Linux system administration for managing log files efficiently and preventing them from consuming excessive disk space. In this guide, we’ll explore the log rotation process using the logrotate tool and provide examples of common configurations.

1. Logrotate Configuration:

The primary configuration file for log rotation is /etc/logrotate.conf. Additional configurations can be stored in individual files within the /etc/logrotate.d/ directory.

Example (/etc/logrotate.conf):

# Global options
weekly
rotate 4
create
include /etc/logrotate.d

2. Logrotate Directives:

  • rotate: Specifies the number of log files to keep before deleting the oldest one.
  • weekly, daily, monthly: Specifies the frequency of log rotation.
  • create: Creates a new empty log file after rotation.
  • compress: Compresses rotated log files using gzip.
  • delaycompress: Postpones compression until the next rotation cycle.
  • missingok: Ignores missing log files.
  • notifempty: Does not rotate an empty log file.
  • dateext: Appends the date to rotated log files.

3. Logrotate for Specific Log Files:

Create additional configuration files in /etc/logrotate.d/ for specific log files or directories.

Example (/etc/logrotate.d/nginx):

/var/log/nginx/*.log {
    weekly
    rotate 4
    create
    compress
    delaycompress
    notifempty
    missingok
}

4. Manually Run Logrotate:

Execute logrotate manually for testing or troubleshooting.

sudo logrotate -v /etc/logrotate.conf

5. Verify Log Rotation:

After log rotation, verify that the log files have been rotated correctly.

ls -l /var/log

6. Troubleshooting:

  • Check Cron Jobs: Ensure that the logrotate cron job is configured and running.
  • Check Configuration Syntax: Run logrotate -d to check the syntax without rotating logs.

7. Additional Tips:

  • Custom Scripts: Include custom scripts to execute before or after log rotation.
  • Size-Based Rotation: Use size directive to rotate logs based on file size.

8. Example: Nginx Log Rotation with Size-Based Rotation:

/var/log/nginx/*.log {
    weekly
    rotate 4
    create
    compress
    delaycompress
    notifempty
    missingok
    size 100M
    postrotate
        service nginx reload
    endscript
}

This example demonstrates log rotation for Nginx logs on a weekly basis, compresses logs, and triggers a reload of the Nginx service after rotation.

Log rotation is crucial for maintaining system health and managing disk space effectively. Customize log rotation configurations based on the specific needs and characteristics of your system and applications.