On Linux, most services and programs that run in the background, such as Apache, Nginx, Postfix, and others, write information about their status, results, and errors to log files. The standard location of logs, or as they are also called – logs – is in the /var/log folder.
By analyzing the logs, you can understand what is not working, why the error occurred and how to solve the problem. But that lies one problem. The size of the logs is constantly growing and they take up more and more disk space, so it is necessary to clean the logs in time and delete obsolete entries so that they do not interfere with normal work. You can do this manually from time to time or set up cron scripts, but there is an even easier option – the logrotate utility. This article will look at setting up logrotate and how to use it.
How does Logrotate work?
The Logrotate utility is designed to automate log processing. It can perform the necessary actions with them depending on certain conditions and compliance rules. For example, you can compress logs into an archive or send them to another server when they reach a certain size, age, or other parameters.
You can set up a condition check on a daily, weekly, or monthly basis. This allows you to create a log rotation scheme that is convenient for you and your server. Also, log rotation can be useful on a home computer, but here it is not as important as on servers, where up to hundreds of thousands of lines daily can be written to Apache logs alone.
Configuring Logrotate
Logrotate is a popular utility, so most distributions come with it by default. You can verify that the program is installed on your distribution by trying to install it. For example, on CentOS:
sudo yum install logrotate
Or on Ubuntu and distributions based on it:
sudo apt install logrotate
Now, even if the utility has not been installed, you will install it. All basic program settings are located in the /etc/logrotate.conf file, additional settings regarding rules and other features can be placed in the /etc/logroate.d/ folder. You can place all logroatae settings directly in the main configuration file, it will be more correct if the settings for each individual service are in a separate file, in the /etc/logrotate.d/ folder.
In order for the configuration files from this folder to be loaded by the program, you need to add the following line to the main configuration file:
vi /etc/logrotate.conf
Just make sure it’s already there. First, let’s look at the main directives that we will apply during configuration. Here, the directives do not look quite usual, the directive itself determines what needs to be done and when, and if necessary, additional parameters are passed to it. To specify how often to check for matching conditions, the following directives are used:
- hourly – every hour;
- daily – every day;
- weekly – every week;
- monthly – every month;
- yearly – every year.
The main directives for managing and processing logs:
- rotate – indicates how many old logs should be stored, the number is passed in the parameters;
- create – indicates that an empty log file should be created after moving the old one;
- dateext – adds rotation date before old log title;
- compress – indicates that the log should be compressed;
- delaycompress – do not compress the last and penultimate log;
- extension – save the original log file after rotation if it has the specified extension;
- mail – send email after rotation is completed;
- maxage – rotate logs if they are older than specified;
- missingok – do not throw an error if the log file does not exist;
- olddir – move old logs to a separate folder;
- postrotate/endscript – execute arbitrary commands after rotation;
- start – number from which the numbering of old logs will be started;
- size – log size when it will be moved;
These are the main directives that we will use. The main configuration file contains the global configuration, directives that will apply to all logs unless their action has been canceled. Each log that is subject to rotation is described as follows:
log_file_address {
directives
}
Now let’s create a rsyslog.conf file in the /etc/logrotate.d/ folder and put the settings for this log rotation in it:
These settings mean that the logs will be rotated daily and we will keep the last three logs, older copies will be automatically deleted. The minimum size for rotation is 10 megabytes, rotation will not be performed if the log does not take more than 10 megabytes. Compression will be used for all logs except the last and penultimate ones. In exactly the same way, you can set up log rotation for any of the logs. You need to create such a section for each of the logs that you want to manage.
Now it remains to test how our configuration works. To do this, run the logrotate utility with the -d option. It will output whatever it is about to do, but it won’t change the files on disk. We have a /var/log/messages file, 40 MB in size, let’s see what the utility will do:
logrotate -d /etc/logrotate.d/rsyslog.conf
As you can see, the program detects the log file and splits it into several parts. You can verify that logrotate will run as expected by checking the cron schedule:
ls /etc/cron.daily/
Logrotate setup is completed, and all you have to do is to describe how logs will be rotated for each of the logs that take up a lot of space.
Findings
In this article, we looked at how logrotate centos or any other Linux distribution is configured. The operation of the utility does not differ much depending on distributions. If you have a server with a heavy load, you definitely need to set up a log rotation. I hope this information was helpful to you.