Setting up logrotate on Centos 7

Yesterday, I met with problem of low capacity /var/log/ partition. Some logs were too big and logrotate is the perfect tool to handle this problem. It is a software designed for reduce amount of space for every log file we have. And it can be done with some ways.
Logrotate Description: logrotate  is  designed  to  ease  administration of systems that generate large numbers of log files.  It allows automatic rotation, compression, removal, and mailing of log files.  Each log file may be handled daily, weekly, monthly, or when  it  grows too large.
Normally,  logrotate  is  run as a daily cron job.  It will not modify a log multiple times in one day So in few words, logrotate is reducing space usage on disk by log files.

Logrotate configuration

Configuration of logrotate is made in one main file: /etc/logrotate.conf and other service specific configuration files which are stored in /etc/logrotate.d/
So main sample configuration is:

# see "man logrotate" for details
# rotate log files weekly specified in /etc/logrotate.d/
weekly
# keep 4 weeks of all log files
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed by gzip
compress
# RPM packages drop log rotation information into this directory
#there are all other configurations of services and their logs to rotate
include /etc/logrotate.d

Some samples and real log files configurations

So, we can add a new logs file into /var/log/  by this way:

echo "this is a sample log file" > /var/log/vasil.log
#this create a log file vasil1.log of size 5MB
dd if=/dev/zero of=/var/log/vasil1.log bs=1M count=5

Next, we create a new configuration files which are stored in destination explained above:

vim /etc/logrotate.d/vasil
###
/var/log/vasil.log {
 missingok
 notifempty
 compress
 minsize 1M
 daily
 create 0600 root root
}
vim /etc/logrotate.d/vasil1
###
/var/log/vasil1.log {
 missingok
 notifempty
 compress
 minsize 1M
 daily
 create 0600 root root
}

And som explanation of variables:

  • missingok – do not output error if logfile is missing
  • notifempty – do not rotate log file if it is empty
  • compress – Old versions of log files are compressed with gzip by default
  • minsize – Log file is rotated only if it is bigger than 1M
  • daily – ensures daily rotation
  • create – creates a new log file with permissions 600 where owner and group is root user

If you want more options and their explanation, look into manual:

man logrotare

Look at list of /var/log for our log files. We can see, that we have one log vasil.log with size 26b and vasil1.log with size 5MB.

ls -lah /var/log/va*
-rw-r--r--. 1 root root 5.0M Mar  3 13:21 /var/log/vasil1.log
-rw-r--r--. 1 root root   26 Mar  3 13:21 /var/log/vasil.log

Now, we can debug our configuration via this command:

logrotate -d /etc/logrotate.d/vasil1
or
logrotate -d /etc/logrotate.d/vasil

So, if we want to run logrotate manualy and see, what is happend, run the following command. But be aware because it rotate all your logs, defined in /etc/logrotate.d/

logrotate -f /etc/logrotate.conf

And we can see both log files compressed and two new empty log files created:

 ls -lah /var/log/va*
-rw-------. 1 root root    0 Mar  3 13:23 /var/log/vasil1.log
-rw-r--r--. 1 root root 5.0K Mar  3 13:21 /var/log/vasil1.log-20170303.gz
-rw-------. 1 root root    0 Mar  3 13:23 /var/log/vasil.log
-rw-r--r--. 1 root root   44 Mar  3 13:21 /var/log/vasil.log-20170303.gz

We can look into our compressed log file by this command:

zcat /var/log/vasil.log-20170303.gz
this is a sample log file

Or we can use gunzip to uncompress them by command gzip.
When we use logrotate, sometimes we need restart an application or service. Logrotate can do that by script called “postrotate”. This script can be used in configuration file like httpd. When log are rotated,  script reload service to use new empty log file.

cat /etc/logrotate.d/httpd
/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
    endscript
}

So I hope, that this how to helps somebody 🙂 Have a fun.

Total Page Visits: 8441 - Today Page Visits: 2