In a Linux system and pretty much all systems – log files are crucial when it comes to examining and troubleshooting errors. They provide important clues as to what could have gone wrong with various system services prior to failure.
Any service installed on your Linux systems such as Apache web server or MySQL database server generates log files that are usually stored in the /var/log directory. If you check the contents of this directory, you will see contents similar to what we have below:
Over time, as additional information gets logged, the log files increase in size and take up more space on your hard drive. Before you even know it, the log files will have ballooned in size, gobbling up much of your hard drive space, and if you are not careful, you can easily run out of disk space.
With that in mind, it becomes prudent to keep the log files to a manageable size and delete old log entries that hog precious disk space. And this is where the log rotation comes in.
What is log rotation ?
Log rotation is a process that creates new log files and archives & removes old ones to save on disk space. The process renames a current log file. For example, apport.log becomes apport.log.1 and a new apport.log log file is created to log new log entries. Older log files are usually compressed and appear as apport.log.2.gz, apport.log.3.gz, apport.log.4.gz, and so on.
The log rotation process is facilitated using a utility called logrotate. This is a tool that facilitates the rotation of log files and archival & removal of old ones to free up disk space. In summary, logrotate accomplishes the following:
- Creation of new log files after rotating old ones.
- Archival of old log files.
- Purging of older log files that have been rotated to save on space.
Log rotation is usually activated when the size of log files grows and exceeds a certain limit.
How logrotate utility works
Before we examine the workings of the logrotate utility, ensure that logrotate is installed on your system. To do that, issue the command:
For Debian / Ubuntu System:
$ sudo apt-get install logrotate -y
For CentOS / RHEL / Fedora System:
$ sudo yum install logrotate -y
$ sudo dnf install logrotate -y
Run below command to check logrotate version,
[email protected]:~$ logrotate --version
Default mail command: /usr/bin/mail
Default compress command: /bin/gzip
Default uncompress command: /bin/gunzip
Default compress extension: .gz
Default state file path: /var/lib/logrotate/status
ACL support: yes
SELinux support: yes
From the output, we can clearly see that we have logrotate version 3.14.0. By default, logrotate comes preinstalled in modern Linux distributions and hence no need to install it.
Logrotate configuration files
Logrotate runs daily as a cron job, going through various log files, rotating them, and purging older log files as defined in the configuration file. There are two main configuration sources that you need to pay close attention to:
/etc/logrotate.conf – This is the main configuration file for the logrotate tool. It contains default settings and facilitates log rotation for non-system package logs. More notably, it uses an ‘include‘ directive for pulling configurations located in the ‘…