Skip to main content

Setting Up Logrotate on Centos/RedHat Linux


1. Introduction
Logrotate is a utility designed for administrators who manage servers producing a high volume of log files to help them save some disk space as well as to avoid a potential risk making a system unresponsive due to the lack of disk space. Normally, a solution to avoid this kind of problem is to setup a separate partition or logical volume for a /var mount point. However, logrotate may also be a viable solution to this problem especially if it is too late to move all logs under different partition. In this article we will talk about usage and configuration of logrotate on RedHat / CentOS Linux server.
2. What is Logrotate
Logrotate provides an ability for a system administrator to systematically rotate and archive any log files produced by the system and thus reducing a operating system's disk space requirement. By default logrotate is invoked once a day using a cron scheduler from location /etc/cron.daily/
# ls /etc/cron.daily/

cups  logrotate  makewhatis.cron  mlocate.cron  prelink  readahead.cron  rhsmd  tmpwatch
3. Configuring Logrotate
Logrotate's configuration is done by editing two separate configuration files:
·         /etc/logrotate.conf
·         service specific configuration files stored in /etc/logrotate.d/.
The main logrotate.conf file contains a generic configuration. Here is a default logrotate configuration file logrotate.conf:
     1  weekly
     2  rotate 4
     3  create
     4  dateext
     5  include /etc/logrotate.d
     6  /var/log/wtmp {
     7      monthly
     8      create 0664 root utmp
     9          minsize 1M
    10      rotate 1
    11  }
·         Line 1 - weekly configuration option ensures a weekly rotation of all log-files defined in main configuration file and in /etc/logrotate.d/ directory.
·         Line 2 - rotate 4 ensures that logrotate keeps a 4 weeks backup of all log files
·         Line 3 - create option instructs logrotate to create new empty log files after each rotation
·         Line 4 - dateext appends an extension to all rotated log files in form of date when each particular log file was processed by logrotate
·         Line 5 - include all other configuration from directory /etc/logrotate.d
·         Line 6 -  11 contains a specific service log rotate configuration
As opposed to logrotate.conf a directory /etc/logrotate.d/ contains a specific service configuration files used by logrotate. In the next section we will create a sample skeleton logrotate configuration.
3.1. Including new service logs to logrotate
 In this section we will add new log file into a logrotate configuration. Let's say that we have a log file called:
/var/log/linuxtechtips.log
sitting in our /var/log directory that needs to be rotated on daily basis. First we need to create a new logrotate configuration file to accommodate for our new log file:
$ vi /etc/logrotate.d/linuxtechtips
Insert a following text into /etc/logrotate.d/linuxtechtips:
/var/log/linuxtechtips.log {

    missingok
    notifempty
    compress
    size 20k
    daily
    create 0600 root root
}
Here is a line by line explanation of the above logrotate configuration file:
TIP: If you wish to include multiple log files in a single configuration file use wildcard. For example /var/log/mylogs/*.log will instruct logrotate to rotate all log files located in /var/log/mylogs/ with extension .log.
·         missingok - do not output error if logfile is missing
·         notifempty - donot rotate log file if it is empty
·         compress - Old versions of log files are compressed with gzip(1) by default
·         size - Log file is rotated only if it grow bigger than 20k
·         daily - ensures daily rotation
·         create - creates a new log file wit permissions 600 where owner and group is root user
 The logrotate utility as quite versatile as it provides many more configuration options. Below, I will list few other configuration options for log rotate. To get a complete list, consult logrotate's manual page:
$ man logrotate
·         copy  - Make a copy of the log file, but don’t change the original at all.
·         mail <email@address> - When a log is rotated out-of-existence, it is mailed to address.
·         olddir <directory> - Logs are moved into <directory> for rotation.
·         postrotate/endscript - The lines between postrotate and endscript are executed after the log file is rotated.
3.2. Testing a new Logrotate configuration
Once you have created a new logrotate configuration file within /etc/logrotate.d:
# cat /etc/logrotate.d/linuxtechtips 

/var/log/linuxtechtips.log {
    missingok
    notifempty
    compress
    size 20k
    daily
    create 0600 root root
}
create some sample log file ( if not existent ! ):
# echo "rotate my log file" > /var/log/linuxtechtips.log
Once your log file is in place force logrotate to rotate all logs with -f option.
# logrotate -f /etc/logrotate.conf
Warning: The above command will rotate all your logs defined in /etc/logrotate.d directory.
Now visit again your /var/log/directory and confirm that your log file was rotated and new log file was created:
# cat /var/log/linuxtechtips.log

rotate my log file
# logrotate -f /etc/logrotate.conf 
# cat /var/log/linuxtechtips.log
file /var/log/linuxtechtips.log-20130409.gz 
/var/log/linuxtechtips.log-20130409.gz: gzip compressed data, from Unix, last modified: Tue Apr  9 12:43:50 2013
# zcat /var/log/linuxtechtips.log-20130409.gz 
rotate my log file
As you can see the new empty log file linuxtechtips.log was created and old linuxtechtips.log file was compressed with gzip and renamed with date extension.
TIP: In order to see a content of your compressed log file you do not need to decompress it first. Use zcat or zless commands which will decompress your log file on fly.
4. Conclusion
As it was already mentioned previously, the best way to avoid your system being clogged by log files is to create a separate partition/logical volume for your /var/ or even better /var/log directory. However, even then logrotate can help you to save some disk space by compressing your log files. Logrotate may also help you to archive your log files for a future reference by creating an extra copy or by emailing you any newly rotated log files. For more information see logrotate's manual page:
$ man logrotate


Comments

Popular posts from this blog

Virtual Box and Alt/Tab Keys

I use virtual box for all my testing activities. It comes too often that I have a virtual box VM window open & I want to switch to my host machine to see some stuff like tutorials etc.. If you press the alt+tab combination it just works inside the VM & doesn't switches to host machine. In these scenarios you can press the host key once ( not hold it ) & then whatever you press goes to host machine. So in general where host key is the default Right Ctrl, just press Right Ctrl once & now press the alt+tab & it will switch you out to host machine. This is really helpful when you have the VM windows open or you're working on seamless mode. Hope it help others too.

CentOS / Redhat : Configure CentOS as a Software Router with two interfaces

Linux can be easily configured to share an internet connection using iptables. All you need to have is, two network interface cards as follows: a) Your internal (LAN) network connected via eth0 with static ip address 192.168.0.1 b) Your external WAN) network is connected via eth1 with static ip address 10.10.10.1  ( public IP provided by ISP ) Please note that interface eth1 may have public IP address or IP assigned by ISP. eth1 may be connected to a dedicated DSL / ADSL / WAN / Cable router: Step # 1: Enable Packet Forwarding Login as the root user. Open /etc/sysctl.conf file # vi /etc/sysctl.conf Add the following line to enable packet forwarding for IPv4: net.ipv4.conf.default.forwarding=1 Save and close the file. Restart networking: # service network restart Step # 2: Enable IP masquerading In Linux networking, Network Address Translation (NAT) or Network Masquerading (IP Masquerading) is a technique of transce...

AMD Radeon™ HD 7670M on Ubuntu 12.04

Update:   Recently I install kubuntu 13.10 and there is no problem with graphics. It just works  fine out of the box. I've seen many blog posts on how to make AMD HD7670M work on Ubuntu 12.04, specially when its in switchable graphics board like Dell Inspiron 15R 5520. I tried many things to make it work so that I could use the cinnamon desktop on ubuntu & other things too.. But to my surprise even the drivers from AMD site didn't work. Then I tried a combination of those blog posts I read & somehow I became successful in running the full graphics including compiz settings inside My Ubuntu Machine. Following are the steps I followed & it worked... 1. Create a backup of your xorg configuration file: sudo cp /etc/X11/xorg.conf /etc/X11/xorg.conf.BAK 2. Remove/purge current fglrx and fglrx-amdcccle : sudo apt-get remove --purge fglrx* 3. Install the driver: sudo apt-get install fglrx fglrx-amdcccle 4. Install additiona...