logrotate - rotates, compresses, and mails system logs

mail

logrotate

Flags

Flag Usage
-d debug mode : (implies -v : verbose mode) no changes will be made to the logs or to the state file
-f
force log rotation :
/usr/sbin/logrotate -f /etc/logrotate.d/serviceName; echo $?
If things don't work as expected (and since logrotate generates no logs), try this again with -d to view error messages :
/usr/sbin/logrotate -df /etc/logrotate.d/serviceName 2>&1 | grep error
with -d, log rotation is simulated.
-s stateFile
--state stateFile
  • To prevent parallel execution, logrotate acquires a lock on a state file (defaults to /var/lib/logrotate.status). If it cannot be acquired, logrotate will exit with value 3.
  • -s tells logrotate to use an alternate state file. This is useful if logrotate is being run as a different user for various sets of log files.

Configuration directives :

Directive Usage
compress compress old versions of logfiles with gzip
compresscmd /bin/bzip2 compress logs with /bin/bzip2 instead of the default gzip
Should be used with compressext, otherwise compressed files get a .gz extension.
compressext .bz2 give compressed files a .bz2 extension
copytruncate
To be used when the program writing into the logfile is not able to close and release it.
create a copy of the logfile, then truncate the original logfile.
There is a very small time slice between copying the file and truncating it, so some logging data might be lost.
create mode user group immediately after rotation (before the postrotate script is run), create a new logfile with :
  • the same name as the logfile just rotated
  • mode permissions
  • belonging to user:group
dateext When rotating logs, instead of appending numbers to successive rotations (from 1 (newest) to n (oldest)), append the log rotation date (default format : YYYYMMDD)
While rotated logs are re-numbered at each rotation, logs with dates are not renamed.
ifempty rotate the log file even if it is empty (default value)
missingok don't issue an error if the log file is missing
notifempty do not rotate the log file when it is empty
olddir path/to/directory move logs into path/to/directory for rotation
  • path/to/directory
    • is assumed to be relative to the directory holding the logs unless an absolute path is specified
    • must be on the same physical device as the log file being rotated (except if : )
  • when not rotating logs as root, don't forget to (source) :
    1. add the user rotating the logs to the log group
    2. let path/to/directory belong to the log group
rotate n Rotate log files n times before removing them. In other words : keep n rotation intervals (days / weeks / months / ...) of logs.

Rotation intervals and conditions (source) :

daily
Each rotated file is listed in the state file (/var/lib/logrotate.status) with the date of its latest rotation. If current date > date in state file, the file is rotated (source).
weekly
logs are rotated if the current week day is lower than the week day of the last rotation (i.e. Monday is less than Friday) or if the last rotation occurred more than a week before the present
monthly
logs are rotated every month on the first day of the month that logrotate runs, which is often the first day of the month
yearly
logs are rotated when the current year differs from the date of the last rotation
size
logs are rotated based on their size rather than on a periodic schedule : size n[kMG]

Usage

To rotate logs (or any kind of file, such as .tar backups), you just have to :
  1. Create a new /etc/logrotate.d/serviceName configuration file
  2. Then edit it like :
    /path/to/serviceName/*log {
	daily
	rotate 10
	compress
	create 644 stuart admins
	missingok
	olddir /path/to/serviceName/rotatedLogs
	}
    • you can list several patterns sharing the same log rotation specification :
      /var/log/tomcat8/catalina.out /var/log/tomcat8/*log {
	
	}
    • patterns like /var/log/tomcat8/*/*log are also supported
  3. Save and exit. Nothing to restart / reload

logrotate itself is fired by cron :

find /etc/cron* -name logrotate 
/etc/cron.d/logrotate
/etc/cron.daily/logrotate

Latest round (source) :

The date of the latest rotation can be found with :
grep serviceName /var/lib/logrotate/status
Looks like the 1st rotation must wait at least 24 hours before being processed.