This is a quick overview of `logrotate` which... umm... rotates log files. This was written for CentOS/RHEL 5.5. ## Pertinent Files & Directories | File/Dir | Purpose | |-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------| | `/usr/sbin/logrotate` | The command itself. | | `/etc/cron.daily/logrotate` | Bash script that executes the `logrotate` command every day. | | `/etc/logrotate.conf` and `/etc/logrotate.d/` | Rotation defaults if they are not defined for specific daemons. You can add rotate configs to this file, or put them in `/etc/logrotate.d` | | `/var/lib/logrotate.status` | Show when the specified log files were last rotated. | ## Logrotate Options Quite simple, really. The `man` page elucidates all available options. Here's a quick table of what the most commonly used ones do. | Option | Purpose | |---------------------------------|------------------------------------------------------------------------------------------------------------------------------------| | `rotate ` | Keep specified number of logfiles before they are deleted and/or emailed to admin | | `size=` | Rotate logs when they reach this size. | | | This is done ''without regard'' for the last rotated time. | | | Use `minsize ` if you'd like to balance both time and size. | | | Bytes are used without a specifier. 100k, 100M are also fine. | | `daily` | Rotate daily. This is the default minimum granularity, unless you move `/etc/cron.daily/logrotate` to `/etc/cron.hourly/logrotate` | | `weekly` | Rotate weekly | | `monthly` | Rotate monthly | | `notifempty` | Don't rotate if empty (the reverse, `ifempty`, is default) | | `missingok` | If log file is missing for some reason, move on without error | | `compress` | Compress logfile after rotation. | | | Default is `gzip` with `-9` (maximum) compression. | | | The choice of compression program can be changed with `compresscmd` (e.g. `compresscmd bzip2`). | | | To pass options (like compression level), use `compressoptions`. | | | To change extension of compressed file, use `compressext` | | `dateext` | Use YYYYMMDD format instead of just tacking on numbers (like `.0`, `.1` and so on) to the rotated files. | | `mail ` | Email recipient the file that will be deleted after a rotation cycle | | `create ` | Create logfiles with the specified permissions and owner:group attributes. | | `olddir ` | Move all but the newest log file to this directory (nice to keep things organized) | ### Other (kinda important) options You'll see these used with Apache, for instance. | Option | Purpose | |-----------------|------------------------------------------------------------------------------------------------------------------------------| | `prerotate` | Execute the a script ''before'' rotating a log. Should end this with `endscript`. | | `postrotate` | Execute the a script ''after'' rotating a log. Should end this with `endscript`. | | `sharedscripts` | Make sure that the script(s) specified in `prerotate` and/or `postrotate` run just ''once'' (i.e. not for ''every'' logfile) | | `delaycompress` | Don't compress yesterday's logfile (if daily... you get the picture) | ## Example Here's a real-world application of the above. I want to rotate an already huge log of OpenVPN connections (\~32M in size) like so: * I want to maintain **60 days** worth of logs * Logfile **size doesn't matter** to me * The files should be rotated in **YYYYMMDD** format * They should be **compressed** (the default `gzip -9` is fine) * They should be **organized**; older logfiles should be **in a separate directory** The logfile is at `/var/log/openvpn/connections.log`. Here's the configuration file I created for the above. It's `/etc/logrotate.d/openvpn`: /var/log/openvpn/connections.log {     daily     rotate 60     dateext     compress     olddir /var/log/openvpn/old     nomail     missingok     notifempty     delaycompress     create 640 root root } To test this, I run: logrotate -d /etc/logrotate.d/openvpn The `-d` switch runs it in verbose, debug, dry-run mode (i.e. nothing actually happens.) ## Other Stuff ### Leopard and Snow Leopard These use a new utility called `newsyslog`. It is invoked every minute by: /System/Library/LaunchDaemons/com.apple.newsyslog.plist The config file for this is `/etc/newsyslog.conf` and is kinda nicer than `logrotate`'s config :) ## Sources - [Logrotate Examples](http://www.thegeekstuff.com/2010/07/logrotate-examples/) - [Using logrotate to manage log files](http://linuxers.org/howto/howto-use-logrotate-manage-log-files) - [Rotating Linux log files](http://www.ducea.com/2006/06/06/rotating-linux-log-files-part-2-logrotate/)