Actions

Linux logrotate

From Ever changing code

In this example I will how to configure specific rotation settings for /var/log/messages log file

Configuration file logrotate.conf

The main configuration file is /etc/logrotate.conf, it has include /etc/logrotate.d statement to include application logs rather then system logs.

$ sudo vi /etc/logrotate.conf
#see "man logrotate" for details
weekly    #rotate log files weekly
rotate 4  #keep 4 weeks worth of backlogs
create    #create new (empty) log files after rotating old ones
dateext   #use date as a suffix of the rotated file
#compress #uncomment this if you want your log files compressed
 
include /etc/logrotate.d #RPM packages drop log rotation 
                         #information into this directory
#no packages own wtmp and btmp -- we'll rotate them here
 /var/log/wtmp {
     monthly
     create 0664 root utmp
     minsize 1M
     rotate 1
 }
 
 /var/log/btmp {
     missingok
     monthly
     create 0600 root utmp
     rotate 1
 }

logrotate Tomcat catalina.out file

$ sudo vi /etc/logrotate.d/tomcat #this file is read by 'include /etc/logrotate.d'
/{PATH_TO_CATALINA_FILE}/catalina*.* {
  daily
  rotate 7
  compress
  missingok
  size 100M
  copytruncate #truncates the original log file in place after creating a copy,
               #instead of moving the old log file and optionally creating a new one.
}

syslog rotation config

/var/log/messages log files have been rotated by general logrotate config file /etc/logrotate.d/syslog

[root@host1]# cat /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages #needs removing from multiple log rotation config
/var/log/secure
/var/log/spooler {
  sharedscripts
  postrotate
      /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
  endscript
}

root messages rotation config

Create a new config file in /etc/logrotate.d/messages for rotating /var/messages file

[root@host1]# sudo vi /etc/logrotate.d/messages
/var/log/messages {
  weekly     #required if forcing to run from -vf
  rotate 4   #required if forcing to run from -vf
  missingok
  dateext
  compress
  postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
  endscript 
}

Logrotate operations

/usr/sbin/logrotate -d /etc/logrotate.conf  #dry run, it show planned actions
/usr/sbin/logrotate    /etc/logrotate.conf  #log rotate everything

Force to rotate only a single file log

Force to rotate only /var/log/messages logs. -v verbose, -f force

/usr/sbin/logrotate -vf /etc/logrotate.d/messages

Logrotate options

compress 
This is used to compress the rotated log file with gzip, before postrotate
nocompress 
This is used when you do not want to compress rotated log files.
copytruncate 
This is used when processes are still writing information to open log files. This option copies the active log file to a backup and truncates the active log file.
nocopytruncate 
This copies the log files to backup, but the open log file is not truncated.
create mode owner group 
This rotates the log file and creates a new log file with the specified permissions, owner, and group. The default is to use the same mode, owner, and group as the original file.
nocreate 
This prevents the creation of a new log file.
missingok - don't return error if the log file is missing
delaycompress 
When used with the compress option, the rotated log file is not compressed until the next time it is cycled.
nodelaycompress 
This overrides delaycompress. The log file is compressed when it is cycled.
errors address 
This mails logrotate errors to an address.
ifempty 
With this, the log file is rotated even if it is empty. This is the default for logrotate.
notifempty 
This does not rotate the log file if it is empty.
mail address 
This mails log files that are cycled to an address. When mail log files are cycled, they are effectively removed from the system.
nomail 
When mail log files are cycled, a copy is not mailed.
olddir directory 
With this, cycled log files are kept in the specified directory. This directory must be on the same filesystem as the current log files.
noolddir 
Cycled log files are kept in the same directory as the current log files.
prerotate/endscript 
These are statements that enclose commands to be executed prior to a log file being rotated. The prerotateand endscript keywords must appear on a line by themselves.
postrotate/endscript 
These are statements that enclose commands to be executed after a log file has been rotated. The postrotateand endscript keywords must appear on a line by themselves.
daily 
This is used to rotate log files daily.
weekly 
This is used to rotate log files weekly.
monthly 
This is used to rotate log files monthly.
rotate count 
This specifies the number of times to rotate a file before it is deleted. A count of 0 (zero) means no copies are retained. A count of 5 means five copies are retained.
tabootext [+] list 
This directs logrotate to not rotate files with the specified extension. The default list of extensions is .rpm-orig, .rpmsave, v, and ~.
size size 
With this, the log file is rotated when the specified size is reached. Size may be specified in bytes (default), kilobytes (sizek), or megabytes (sizem).

References