logrotate
The Linux utility logrotate renames and reuses system error log files on a periodic basis so that they don't occupy excessive disk space.
The /etc/logrotate.conf File
The /etc/logrotate.conf file is logrotate's general configuration file in which you can specify the frequency with which the files are reused:
You can specify either a weekly or daily rotation parameter. In the case below, the weekly option is commented out with a #, allowing daily updates. The rotate parameter specifies the number of copies of log files logrotate will maintain. In the case below, the 4 copy option is commented out with a #, while allowing 7 copies. The create parameter creates a new log file after each rotation.
Therefore, our sample configuration file will create daily archives of all the logfiles and store them for seven days. The files will have the following names, with logfile the current active version:
logfile
logfile.0
logfile.1
logfile.2
logfile.3
logfile.4
logfile.5
logfile.6
Sample Contents of /etc/logrotate.conf
# rotate log files weekly
#weekly
# rotate log files daily
daily
# keep 4 weeks worth of backlogs
#rotate 4
# keep 7 days worth of backlogs
rotate 7
# create new (empty) log files after rotating old ones
create
The /etc/logrotate.d Directory
Most Linux applications that use syslog put an additional configuration file in this directory to specify the names of the log files to be rotated. It is a good practice to verify that all new applications that you want to use the syslog log have configuration files in this directory. Here are some sample files that define the specific files to be rotated for each application.
The /etc/logrotate.d/syslog File (for General System Logging)
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler
/var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2>
/dev/null || true
endscript
}
The /etc/logrotate.d/apache File (for Apache)
/var/log/httpd/access_log /var/log/httpd/agent_log
/var/log/httpd/error_log /var/log/httpd/referer_log {
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null
|| true
endscript
}
The /etc/logrotate.d/samba File (for Samba)
/var/log/samba/*.log {
notifempty
missingok
sharedscripts
copytruncate
postrotate
/bin/kill -HUP `cat /var/lock/samba/*.pid 2> /dev/null` 2>
/dev/null || true
endscript
}
Activating logrotate
The logrotate settings in the last section will not take effect until you issue the following command:
[root@bigboy tmp]# logrotate -f
If you want logrotate to reload only a specific configuration file, and not all of them, issue the logrotate command with just that filename as the argument:
[root@bigboy tmp]# logrotate -f /etc/logrotate.d/syslog
Compressing Your Log Files
On busy Web sites the size of your log files can become quite large. Compression can be activated by editing the logrotate.conf file and adding the compress option.
#
# File: /etc/logrotate.conf
#
# Activate log compression
compress
The log files will then start to become archived with the gzip utility, each file having a .gz extension.
[root@bigboy tmp]# ls /var/log/messages*
/var/log/messages /var/log/messages.1.gz /var/log/messages.2.gz
/var/log/messages.3.gz /var/log/messages.4.gz /var/log/messages.5.gz
/var/log/messages.6.gz /var/log/messages.7.gz
[root@bigboy tmp]#
Viewing the contents of the files still remains easy because the zcat command can quickly output the contents to the screen. Use the command with the compressed file's name as the argument:
[root@bigboy tmp]# zcat /var/log/messages.1.gz
...
...
Nov 15 04:08:02 bigboy httpd: httpd shutdown succeeded
Nov 15 04:08:04 bigboy httpd: httpd startup succeeded
Nov 15 04:08:05 bigboy sendmail[6003]: iACFMLHZ023165:
to=<tvaughan@clematis4spiders.info>, delay=2+20:45:44,
xdelay=00:00:02, mailer=esmtp, pri=6388168,
relay=www.clematis4spiders.info. [222.134.66.34], dsn=4.0.0,
stat=Deferred: Connection refused by www.clematis4spiders.info.
[root@bigboy tmp]#
| 
