What is logrotate: Logrotate is a utility/tool that manages activities like automatic rotation, removal and compression of log files in a system. This is an excellent tool to manage your logs to save your precious disk space. By having a simple yet powerful configuration file, different parameters of logrotation can be controlled. This gives complete control over the way logs can be automatically managed and does not required manual intervention.
How to install:
Step 1—Update System and System Packages
Run the following command to update the package lists from apt-get and get the information on the newest versions of packages and their dependencies.
#sudo apt-get update
Step 2—Install Logrotate
#sudo apt-get install logrotate
Step 3 — Confirmation
To verify that logrotate was successfully installed, run this in the command prompt.
#logrotate
++++++++++++++++++++++++++++++++++++++++++++++++++++++
# logrotate
logrotate 3.7.8 - Copyright (C) 1995-2001 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License
logrotate 3.7.8 - Copyright (C) 1995-2001 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License
++++++++++++++++++++++++++++++++++++++++++++++++++++++
Since the logrotate utility is based on configuration files, the above command will not rotate any files and will show you a brief overview of the usage and the switch options available.
Step 4—Configure Logrotate
Configurations and default options for the logrotate utility are present in:
#/etc/logrotate.conf
Some of the important configuration settings are : rotation-interval, log-file-size, rotation-count and compression.
Application-specific log file information (to override the defaults) are kept at:
#/etc/logrotate.d/
Below is the configuration example of loagroate for rsyslog application
Example:
#vim /etc/logrotate.d/rsyslog
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
/var/log/log_folder/*.*/syslog.log
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
What this means is that:
- the logrotation for dpkg monitors the /var/log/dpkg.log file and does this on a monthly basis - this is the rotation interval.
- 'rotate 12' signifies that 12 days worth of logs would be kept.
- logfiles can be compressed using the gzip format by specifying 'compress' and 'delaycompress' delays the compression process till the next log rotation. 'delaycompress' will work only if 'compress' option is specified.
- 'missingok' avoids halting on any error and carries on with the next log file.
- 'notifempty' avoid log rotation if the logfile is empty.
- 'create <mode> <owner> <group>' creates a new empty file with the specified properties after log-rotation.
Step 5—Cron Job
You can also set the logrotation as a cron so that the manual process can be avoided and this is taken care of automatically. By specifying an entry in /etc/cron.daily/logrotate , the rotation is triggered daily.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
output of /etc/cron.daily/logrotate
/etc/cron.daily# cat logrotate
#!/bin/sh
# Clean non existent log file entries from status file
cd /var/lib/logrotate
test -e status || touch status
head -1 status > status.clean
sed 's/"//g' status | while read logfile date
do
[ -e "$logfile" ] && echo "\"$logfile\" $date"
done >> status.clean
mv status.clean status
test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Step 6—Status Check and Verification
To verify if a particular log is indeed rotating or not and to check the last date and time of its rotation, check the /var/lib/logrotate/status file. This is a neatly formatted file that contains the log file name and the date on which it was last rotated.
cat /var/lib/logrotate/status
:/var/lib/logrotate# cat status | grep /xxxx/
"/var/log/xxxx/10.x.x.x/syslog.log" 2016-1-19
"/var/log/xxxx/10.x.x.x/syslog.log" 2016-1-19
"/var/log/xxxx/10.x.x.x/syslog.log" 2016-1-19
"/var/log/xxxx/127.x.x.x/syslog.log" 2016-1-19
"/var/log/xxxx/10.x.x.x/syslog.log" 2016-1-19
Note: logrotate reads this file to ensure when the last log rotate took place to take action for new log rotate
Very useful Link:
Very useful information..
ReplyDelete