logrotate utility is designed to simplify the administration of log files on a system which generates a lot of log files. Logrotate allows for the automatic rotation compression, removal and mailing of log files. Logrotate can be set to handle a log file hourly, daily, weekly, monthly or when the log file gets to a certain size.
The Linux system installs
logrotate by default.
The primary configuration file for
logrotate which sets default parameters is
/etc/logrotate.conf; additional application-specific configuration files are included from the
/etc/logrotate.d directory. Values set in application-specific configuration files override those same parameters in the primary configuration file. See logrotate.conf(5) — Arch manual pages - https://man.archlinux.org/man/logrotate.conf.5 for configuration examples and a reference of available directives.
There are some frequent directives:
Old versions of log files are compressed with gzip(1) by default. See also nocompress.
Truncate the original log file in place after creating a copy, instead of moving the old log file and optionally creating a new one. It can be used when some program cannot be told to close its logfile and thus might continue writing (appending) to the previous log file forever. Note that there is a very small time slice between copying the file and truncating it, so some logging data might be lost. When this option is used, the create option will have no effect, as the old log file stays in place.
Log files are rotated every day.
Postpone compression of the previous log file to the next rotation cycle. This only has effect when used in combination with compress. It can be used when some program cannot be told to close its logfile and thus might continue writing to the previous log file for some time.
If the log file is missing, go on to the next one without issuing an error message. See also nomissingok.
Do not rotate the log if it is empty (this overrides the ifempty option).
Log files are rotated count times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather than rotated.
logrotate is usually run through the systemd service: logrotate.service.
To run logrotate manually:
To rotate a single log file:
See logrotate(8) - Linux man page - https://linux.die.net/man/8/logrotate for more details.
Debug or Verbose logrotate
To simulate running your configuration file (dry run):
logrotate --debug /etc/logrotate.d/mylog
To force running rotations even when conditions are not met, run:
logrotate -vf /etc/logrotate.d/mylog
Check logrotate cron
Normally, logrotate is run as a daily cron job by default.
It will not modify a log multiple times in one day unless the criterion for that log is based on the log’s size and logrotate is being run multiple times each day, or unless the -f or --force option is used.
Check logrotate status
Logrotate rotations are usually logged to /var/lib/logrotate/logrotate.status or /var/lib/logrotate.status (according to the operating system or the -s option allows you to specify another state file):