Use logrotate to configure log rotation
The logrotate utility is designed to manage log files to prevent increasing their size. For example, you can compress, delete, and send log files to another server when specified conditions are met. For more information about logrotate, see the GitHub logrotate documentation.
The frequency of log rotation can take the following values:
-
hourly— log files are rotated every hour; -
daily— log files are rotated every day; -
weekly— log files are rotated every week; -
monthly— log files are rotated every month; -
yearly— log files are rotated every year.
By default, log files are rotated weekly.
The logrotate configuration is stored in the following paths:
-
/etc/logrotate.conf — the main configuration file that contains default parameters;
-
/etc/logrotate.d — directory that includes additional configuration files.
Main configuration parameters
The table below contains main parameters that can be set in the configuration files.
| Parameter | Description |
|---|---|
size <number> |
Determines the size of a log file above which it is rotated. You can specify the log file size in KB ( |
create <mode> <owner> <group> |
Allows you to create a new log file with the specified permissions, user, and group after rotation |
missingok |
Allows you to go on to the next step in the absence of a specified log file without issuing an error message |
nomail |
Allows not sending a rotated log file via email |
notifempty |
Allows not rotating an empty log file |
rotate <count> |
Determines the number of rotations, i.e. the number of rotated log files. For example, when the number of rotations equals |
sharedscripts |
Leads to one-time execution of scripts that added in a configuration file, no matter how many log files match a wildcard pattern, for example, |
postrotate <command> endscript |
Leads to execution of commands written between these parameters using the Bourne shell after log rotation. It can be useful for such tasks as restarting a service to ensure a new log file is used for event data recording |
Install and configure logrotate
Depending on the operating system and package manager you use, follow the steps below to install and configure logrotate:
-
Install logrotate:
-
Add the following lines to the /etc/logrotate.conf file:
-
for the inclusion of additional parameters from the /etc/logrotate.d directory to the configuration file:
include /etc/logrotate.d
-
for adding a user with
rootprivileges:# use the root group by default, since this is the owning group # of /var/log/syslog. su root root
You can edit the file via the
viorvimcommand:$ sudo vi /etc/logrotate.confThe content of the logrotate.conf file should look like this:
# see "man logrotate" for details # rotate log files weekly weekly # use the root group by default, since this is the owning group # of /var/log/syslog. su root root # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp minsize 1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 } # system-specific logs may be also be configured here.
-
Create a configuration file
As an example, consider the process of creating the logrotate configuration files:
-
for Nginx;
-
for Status Server;
-
for Backend Server (below is an example of the audit.log rotation).
To add a configuration file in the /etc/logrotate.d directory:
-
Create the configuration file via the
viorvimcommand:-
for Nginx:
$ sudo vi /etc/logrotate.d/nginx -
for Status Server:
$ sudo vi /etc/logrotate.d/status-server -
for Backend Server:
$ sudo vi /etc/logrotate.d/audit
-
-
Add a log rotation configuration to the file.
Here is an example of the nginx configuration file:/opt/adcm/log/nginx/*.log { su root root size 200M create 0644 missingok nomail notifempty rotate 5 sharedscripts postrotate docker exec -it adcm sh -c '/usr/sbin/nginx -s reopen' endscript }Where:
-
/opt/adcm/log/nginx/*.logis the location of log files with the .log extension that should be rotated. -
size 200Mis a log file size. When the size of the log file exceeds the configured value, the log file is rotated. -
create 0644is the parameter for creating a new log file with0644permission after rotation, meaning that the file’s owner can read and write, and all others (group and users) can only read the file. -
rotate 5is a number of rotated log files that have to be saved in logrotate. Each log file contains events for a period of the rotation frequency. -
docker exec -it adcm sh -c '/usr/sbin/nginx -s reopen'is the command for reopening the Nginx executable files in the ADCM container and recording the Nginx events to a new log file.
Here is an example of the status-server configuration file:/opt/adcm/log/status.log { su root root size 200M create 0644 missingok rotate 5 sharedscripts postrotate docker exec -it adcm sh -c 'killall -USR1 runstatus' endscript }Where
docker exec -it adcm sh -c 'killall -USR1 runstatus'is the command for sending theUSR1signal to running processes to close a rotated log file and continue recording events to a new log file.
Here is an example of the audit configuration file:/opt/adcm/log/audit.log { size 1k create 0644 missingok nomail rotate 7 sharedscripts }NOTEIn a similar way, you can create configuration files to rotate the following log files: adcm.log, adcm_debug.log, ldap.log, and cron_task.log. -
Check the configuration file
After you add a file to the /etc/logrotate.d directory, make sure logrotate is working properly by running logrotate in the verbose mode that allows you to get detailed information about what logrotate is doing:
$ sudo logrotate -v /etc/logrotate.d/nginxreading config file /etc/logrotate.d/nginx Allocating hash table for state file, size 15360 B Handling 1 logs rotating pattern: /opt/adcm/log/nginx/*.log 10 bytes (5 rotations) empty log files are not rotated, old logs are removed considering log /opt/adcm/log/nginx/access.log log does not need rotating (log size is below the 'size' threshold) considering log /opt/adcm/log/nginx/error.log log needs rotating rotating log /opt/adcm/log/nginx/error.log, log->rotateCount is 5 dateext suffix '-20241002' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' renaming /opt/adcm/log/nginx/error.log.5 to /opt/adcm/log/nginx/error.log.6 (rotatecount 5, logstart 1, i 5), old log /opt/adcm/log/nginx/error.log.5 does not exist renaming /opt/adcm/log/nginx/error.log.4 to /opt/adcm/log/nginx/error.log.5 (rotatecount 5, logstart 1, i 4), old log /opt/adcm/log/nginx/error.log.4 does not exist renaming /opt/adcm/log/nginx/error.log.3 to /opt/adcm/log/nginx/error.log.4 (rotatecount 5, logstart 1, i 3), old log /opt/adcm/log/nginx/error.log.3 does not exist renaming /opt/adcm/log/nginx/error.log.2 to /opt/adcm/log/nginx/error.log.3 (rotatecount 5, logstart 1, i 2), old log /opt/adcm/log/nginx/error.log.2 does not exist renaming /opt/adcm/log/nginx/error.log.1 to /opt/adcm/log/nginx/error.log.2 (rotatecount 5, logstart 1, i 1), old log /opt/adcm/log/nginx/error.log.1 does not exist renaming /opt/adcm/log/nginx/error.log.0 to /opt/adcm/log/nginx/error.log.1 (rotatecount 5, logstart 1, i 0), old log /opt/adcm/log/nginx/error.log.0 does not exist log /opt/adcm/log/nginx/error.log.6 doesn't exist -- won't try to dispose of it renaming /opt/adcm/log/nginx/error.log to /opt/adcm/log/nginx/error.log.1 creating new /opt/adcm/log/nginx/error.log mode = 0644 uid = 100 gid = 0 running postrotate script