Logrotate
Logrotate is a utility that rotates logs. Log rotation simply means to rename an existing log file to something else, thereby keeping the log file sizes tenable. Logrotate makes it easy to define log rotation rules, such as how many old logs to keep and for how long, the size a log should be before it's rotated, any post-rotation commands it needs to run, and more.
Introduction
Installation
Logrotate is typically found in your distro's repos as 'logrotate'. On Fedora / Red Hat / Rocky Linux systems, just install the package.
# yum -y install logrotate
On NixOS, enable Logrotate by setting the services.logrotate.enable = true setting. See the example further down on this page.
Cronjob
Logrotate is triggered daily via a cronjob and as a result, there is no logrotate daemon. Typically, the cronjob is installed in /etc/cron.daily/ but could also be as a @daily job in /etc/crontab on some systems.
By default, installing Logrotate will also include some standard configuration files that will rotate some common system logs in /var/log.
Logrotate is triggered by cronjobs.
/etc/cron.daily/logrotate should have:
/usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf
OR you should have a root crontab entry in /var/spool/cron/root similar to:
00 05 * * * /usr/sbin/logrotate -f /etc/logrotate.conf
Configuration
Configuration is done with /etc/logrotate.conf and additional log rotate definitions can be placed in /etc/logrotate.d/. For example, we could put httpd log rotation rules in /etc/logrotate.d/httpd.
Each logrotate configuration file can define global directives, followed by logfiles to rotate. A logfile definition can specify one or more log files and also supports globbing. Each logfile definition can have its own set of local directives that override the global directives (if any exists) defined within its configuration file.
** Global directives **
/path/to/logs/log1.log {
** Local Directives **
}
/path/to/logs/log1.log /path/to/logs/*.log {
** Local Directives **
}
It should also have at minimum the following directives:
| Description | Directives |
|---|---|
| When to rotate. By time or by size. | daily, weekly, monthly
OR size based:
|
| How many rotated logs to keep. Eg. keep 30 logs. Anything past this will be deleted.
Set this to 0 to delete all rotated logs. |
rotate 30
|
You may also optionally add the following directives depending on your needs:
| Description | Directives |
|---|---|
| Whether to create a new empty log after rotation is done.
Optionally, you may specify the new file's mode and ownership. |
create, create mode owner group, nocreate
|
| Use date as the suffix for rotated logs using the specified date format.
Creates logs like ' |
dateext
|
| If you are not using date extensions, logrotate will use numbers starting at 0 instead.
Specify the starting number. Eg. 1. The first rotated log would be ' |
start 1
|
| Whether to compress the log or not. Uses gzip by default. | compress
|
| Delays compression of the logs by one rotation cycle. | delaycompress
|
The extension of rotated log files. Eg. 'messages-2020-12-26.log' or 'messages.0.log'.
|
extension log
|
| Send an email when a log is rotated out of existance. | mail user@domain.com
|
| Move rotated logs to a different location. | olddir /var/log/rotated
|
| Ignore if file is missing | missingok
|
| Don't rotate if the file is empty | notifempty
|
| Run a command after the rotation is executed.
The contents are run using |
postrotate
/bin/kill -HUP
endscript
|
| Run the pre/post-rotate script only once, even if multiple logs were rotated | sharedscripts
|
After defining your new rule, you can test it by running logrotate -v /etc/logrotate.d/your-new-config. If your logs aren't rotating, it's possible you need to tweak the state file in /var/lib/logrotate/logrotate.status for your particular log file in order for the rotate conditions to be fulfilled.
Tasks
Testing logrotate configs
To test a specific log rotate config, run:
# logrotate -v /etc/logrotate.d/your-new-config
That should print out what logrotate will do. The first time you run logrotate, logrotate will update the status file at /var/lib/logrotate/logrotate.status with the last time that the log files were looked at.
If you want to have logrotate rotate the logs for you, you will have to edit this status file and change the timestamp to sometime in the past and re-run the logrotate command again.
Rotating Traefik access logs
After configuring Traefik to log to /var/log/traefik, you may want to use this rule to rotate logs and then send USR1 to the container running Traefik.
Create a configuration file at /etc/logrotate.d/traefik with the following:
/var/log/traefik/access.log {
daily
rotate 7
create 0644 root root
missingok
notifempty
compress
dateext
dateformat .%Y-%m-%d
postrotate
docker kill --signal="USR1" $(docker ps | grep traefik: | awk '{print $1}')
endscript
}
This will rotate logs daily and will retain up to 7 days worth of logs. Rotated logs are compressed. Verify the logs by running: logrotate -v /etc/logrotate.d/traefik.
Setup Logrotate for Traefik access logs under NixOS
Here's an example to rotate Traefik.
services.logrotate = {
enable = true;
settings = {
# global options
header = {
dateext = true;
compress = true;
missingok = true;
notifempty = true;
};
# Traefik logs
"/var/log/traefik/access.log" = {
frequency = "weekly";
rotate = 8;
postrotate = ''
/run/current-system/sw/bin/docker kill --signal="USR1" $(/run/current-system/sw/bin/docker ps | /run/current-system/sw/bin/grep traefik: | /run/current-system/sw/bin/awk '{print $1}')
'';
};
};
};