How to Install and Use logrotate to Manage Log Files in Ubuntu
On this page
Log files are most important for Linux system security. The logrotate tool is designed to simplify the administration of log files on a Linux system that allows automatic rotation, compression, removal, and mailing of log files. You can easily set logrotate to handle a log file daily, weekly, or monthly. The logrotate program rotates log files by removing the oldest ones from your system and creating new ones.
In this tutorial, I will explain how to use logrotate to manage logs on an Ubuntu server.
Requirements
- A server running Ubuntu
- A non-root user with sudo privileges.
Install Logrotate
By default, logrotate is available in the Ubuntu server. If not then you can install it by running the following command:
sudo apt install logrotate -y
Once logrotate has been installed, you can check the version of logrotate using the following command:
sudo logrotate
Output:
logrotate 3.11.0 - Copyright (C) 1995-2001 Red Hat, Inc. This may be freely redistributed under the terms of the GNU Public License Usage: logrotate [-dfv?] [-d|--debug] [-f|--force] [-m|--mail=command] [-s|--state=statefile] [-v|--verbose] [-l|--log=STRING] [--version] [-?|--help] [--usage] [OPTION...]
Configure Logrotate
By default, logrotate's main configuration file logrotate.conf is located at /etc/logrotate.conf. Other configuration files are available at /etc/logrotate.d. You can list out them with the following command:
ls /etc/logrotate.d
Output:
alternatives apport dpkg mysql-server rsyslog unattended-upgrades apache2 apt lxd openproject ufw
The main options of logrotate are listed below:
missingok : Don't raise an error if the log is missing
weekly: rotates the log files once a week
create: The old file is saved under a new name and a new file is created
compress: logrotate compress log files using gzip to save space
rotate 4: logrotate rotates a given log four times before deleting it, so this keeps four weeks of logs online
notifyempty: Don't rotate the log file when it is empty
By default, logrotate runs on a daily basis by executing the shell script /etc/cron.daily/logrotate. Let's test the apache logrotation by running the following command:
sudo logrotate -d /etc/logrotate.d/apache2
Output:
reading config file /etc/logrotate.d/apache2 Reading state from file: /var/lib/logrotate/status Allocating hash table for state file, size 64 entries Handling 1 logs rotating pattern: /var/log/apache2/*.log after 1 days (14 rotations) empty log files are not rotated, old logs are removed considering log /var/log/apache2/access.log Creating new state Now: 2018-10-11 16:04 Last rotated at 2018-10-11 16:00 log does not need rotating (log has been already rotated) considering log /var/log/apache2/error.log Creating new state Now: 2018-10-11 16:04 Last rotated at 2018-10-11 16:00 log does not need rotating (log has been already rotated) considering log /var/log/apache2/other_vhosts_access.log Creating new state Now: 2018-10-11 16:04 Last rotated at 2018-10-11 16:00 log does not need rotating (log has been already rotated) not running prerotate script, since no logs will be rotated not running postrotate script, since no logs were rotated
By default, logrotate is run as a daily cron job. You can check /etc/cron.daily/logrotate for more information about cron job. You can also configure the cron job for logrotate to run hourly, weekly and yearly.