Yesterday, I met with problem of low capacity /var/log/ partition. Some logs were too big and logrotate is the perfect tool to handle this problem. It is a software designed for reduce amount of space for every log file we have. And it can be done with some ways.
Logrotate Description: logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.
Normally, logrotate is run as a daily cron job. It will not modify a log multiple times in one day So in few words, logrotate is reducing space usage on disk by log files.
Logrotate configuration
Configuration of logrotate is made in one main file: /etc/logrotate.conf and other service specific configuration files which are stored in /etc/logrotate.d/
So main sample configuration is:
# see "man logrotate" for details # rotate log files weekly specified in /etc/logrotate.d/ weekly # keep 4 weeks of all log files rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed by gzip compress # RPM packages drop log rotation information into this directory #there are all other configurations of services and their logs to rotate include /etc/logrotate.d
Some samples and real log files configurations
So, we can add a new logs file into /var/log/ by this way:
echo "this is a sample log file" > /var/log/vasil.log #this create a log file vasil1.log of size 5MB dd if=/dev/zero of=/var/log/vasil1.log bs=1M count=5
Next, we create a new configuration files which are stored in destination explained above:
vim /etc/logrotate.d/vasil
###
/var/log/vasil.log {
missingok
notifempty
compress
minsize 1M
daily
create 0600 root root
}
vim /etc/logrotate.d/vasil1
###
/var/log/vasil1.log {
missingok
notifempty
compress
minsize 1M
daily
create 0600 root root
}
And som explanation of variables:
- missingok – do not output error if logfile is missing
- notifempty – do not rotate log file if it is empty
- compress – Old versions of log files are compressed with gzip by default
- minsize – Log file is rotated only if it is bigger than 1M
- daily – ensures daily rotation
- create – creates a new log file with permissions 600 where owner and group is root user
If you want more options and their explanation, look into manual:
man logrotare
Look at list of /var/log for our log files. We can see, that we have one log vasil.log with size 26b and vasil1.log with size 5MB.
ls -lah /var/log/va* -rw-r--r--. 1 root root 5.0M Mar 3 13:21 /var/log/vasil1.log -rw-r--r--. 1 root root 26 Mar 3 13:21 /var/log/vasil.log
Now, we can debug our configuration via this command:
logrotate -d /etc/logrotate.d/vasil1 or logrotate -d /etc/logrotate.d/vasil
So, if we want to run logrotate manualy and see, what is happend, run the following command. But be aware because it rotate all your logs, defined in /etc/logrotate.d/
logrotate -f /etc/logrotate.conf
And we can see both log files compressed and two new empty log files created:
ls -lah /var/log/va* -rw-------. 1 root root 0 Mar 3 13:23 /var/log/vasil1.log -rw-r--r--. 1 root root 5.0K Mar 3 13:21 /var/log/vasil1.log-20170303.gz -rw-------. 1 root root 0 Mar 3 13:23 /var/log/vasil.log -rw-r--r--. 1 root root 44 Mar 3 13:21 /var/log/vasil.log-20170303.gz
We can look into our compressed log file by this command:
zcat /var/log/vasil.log-20170303.gz this is a sample log file
Or we can use gunzip to uncompress them by command gzip.
When we use logrotate, sometimes we need restart an application or service. Logrotate can do that by script called “postrotate”. This script can be used in configuration file like httpd. When log are rotated, script reload service to use new empty log file.
cat /etc/logrotate.d/httpd
/var/log/httpd/*log {
missingok
notifempty
sharedscripts
delaycompress
postrotate
/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
endscript
}
So I hope, that this how to helps somebody 🙂 Have a fun.