logrotate - rotates, compresses, and mails system logs

logrotate

Flags :

Flag Usage
-d debug mode : (implies -v : verbose mode) no changes will be made to the logs or to the state file
-f
force log rotation :
/usr/sbin/logrotate -f /etc/logrotate.d/serviceName; echo $?
If things don't work as expected (and since logrotate generates no logs), try this again with -d to view error messages :
/usr/sbin/logrotate -df /etc/logrotate.d/serviceName 2>&1 | grep error
with -d, log rotation is simulated.

Configuration directives :

Directive Usage
compress compress old versions of logfiles with gzip
compresscmd /bin/bzip2 compress logs with /bin/bzip2 instead of the default gzip
Should be used with compressext, otherwise compressed files get a .gz extension.
compressext .bz2 give compressed files a .bz2 extension
copytruncate
To be used when the program writing into the logfile is not able to close and release it.
create a copy of the logfile, then truncate the original logfile.
There is a very small time slice between copying the file and truncating it, so some logging data might be lost.
create mode user group immediately after rotation (before the postrotate script is run), create a new logfile with :
  • the same name as the logfile just rotated
  • mode permissions
  • belonging to user:group
dateext When rotating logs, instead of appending numbers to successive rotations (from 1 (newest) to n (oldest)), append the log rotation date (default format : YYYYMMDD)
While rotated logs are re-numbered at each rotation, logs with dates are not renamed.
ifempty rotate the log file even if it is empty (default value)
missingok don't issue an error if the log file is missing
notifempty do not rotate the log file when it is empty
olddir /path/to/directory store rotated logs into /path/to/directory
rotate n Rotate log files n times before removing them. In other words : keep n rotation intervals (days / weeks / months / ...) of logs.

Rotation intervals and conditions (source) :

daily
Each rotated file is listed in the state file (/var/lib/logrotate.status) with the date of its latest rotation. If current date > date in state file, the file is rotated (source).
weekly
logs are rotated if the current week day is lower than the week day of the last rotation (i.e. Monday is less than Friday) or if the last rotation occurred more than a week before the present
monthly
logs are rotated every month on the first day of the month that logrotate runs, which is often the first day of the month
yearly
logs are rotated when the current year differs from the date of the last rotation
size
logs are rotated based on their size rather than on a periodic schedule : size n[kMG]

Usage :

To rotate logs (or any kind of file, such as .tar backups), you just have to :
  1. Create a new /etc/logrotate.d/serviceName configuration file
  2. Then edit it like :
    /path/to/serviceName/*log {
    	daily
    	rotate 10
    	compress
    	create 644 stuart admins
    	missingok
    	olddir /path/to/serviceName/rotatedLogs
    	}
    • you can list several patterns sharing the same log rotation specification :
      /var/log/tomcat8/catalina.out /var/log/tomcat8/*log {
      	
      	}
    • patterns like /var/log/tomcat8/*/*log are also supported
  3. Save and exit. Nothing to restart / reload

logrotate itself is fired by cron :

find /etc/cron* -name logrotate
/etc/cron.d/logrotate
/etc/cron.daily/logrotate

Latest round (source) :

The date of the latest rotation can be found with :
grep serviceName /var/lib/logrotate/status
Looks like the 1st rotation must wait at least 24 hours before being processed.