How to Install and Use logrotate to Manage Log Files in Ubuntu

Log files are most important for Linux system security. The logrotate tool is designed to simplify the administration of log files on a Linux system that allows automatic rotation, compression, removal, and mailing of log files. You can easily set logrotate to handle a log file daily, weekly, or monthly. The logrotate program rotates log files by removing the oldest ones from your system and creating new ones.

In this tutorial, I will explain how to use logrotate to manage logs on an Ubuntu server.

Requirements

  • A server running Ubuntu
  • A non-root user with sudo privileges.

Install Logrotate

By default, logrotate is available in the Ubuntu server. If not then you can install it by running the following command:

sudo apt install logrotate -y

Once logrotate has been installed, you can check the version of logrotate using the following command:

sudo logrotate

Output:

logrotate 3.11.0 - Copyright (C) 1995-2001 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License

Usage: logrotate [-dfv?] [-d|--debug] [-f|--force] [-m|--mail=command]
        [-s|--state=statefile] [-v|--verbose] [-l|--log=STRING] [--version]
        [-?|--help] [--usage] [OPTION...] 

Configure Logrotate

By default, logrotate's main configuration file logrotate.conf is located at /etc/logrotate.conf. Other configuration files are available at /etc/logrotate.d. You can list out them with the following command:

ls /etc/logrotate.d

Output:

alternatives  apport  dpkg  mysql-server  rsyslog  unattended-upgrades
apache2       apt     lxd   openproject   ufw

The main options of logrotate are listed below:

missingok : Don't raise an error if the log is missing

weekly: rotates the log files once a week

create: The old file is saved under a new name and a new file is created

compress: logrotate compress log files using gzip to save space

rotate 4: logrotate rotates a given log four times before deleting it, so this keeps four weeks of logs online

notifyempty: Don't rotate the log file when it is empty

By default, logrotate runs on a daily basis by executing the shell script /etc/cron.daily/logrotate. Let's test the apache logrotation by running the following command:

sudo logrotate -d /etc/logrotate.d/apache2

Output:

reading config file /etc/logrotate.d/apache2
Reading state from file: /var/lib/logrotate/status
Allocating hash table for state file, size 64 entries

Handling 1 logs

rotating pattern: /var/log/apache2/*.log  after 1 days (14 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/apache2/access.log
Creating new state
  Now: 2018-10-11 16:04
  Last rotated at 2018-10-11 16:00
  log does not need rotating (log has been already rotated)
considering log /var/log/apache2/error.log
Creating new state
  Now: 2018-10-11 16:04
  Last rotated at 2018-10-11 16:00
  log does not need rotating (log has been already rotated)
considering log /var/log/apache2/other_vhosts_access.log
Creating new state
  Now: 2018-10-11 16:04
  Last rotated at 2018-10-11 16:00
  log does not need rotating (log has been already rotated)
not running prerotate script, since no logs will be rotated
not running postrotate script, since no logs were rotated

By default, logrotate is run as a daily cron job. You can check /etc/cron.daily/logrotate for more information about cron job. You can also configure the cron job for logrotate to run hourly, weekly and yearly.

Share this page:

0 Comment(s)