Overview
By the end of this article you should be able to answer the following questions:
Announcement
I have released my new course on Udemy, Kubernetes By Example. Sign up now to get free lifetime access!/etc/logrotate.conf
/etc/logrotate.d
True
$ man logrotate
Trick question, logrotate doesn’t actually have a service.
/etc/cron.daily/logrotate
Over time, log files such as /var/log/messages can get so big that they exceed linux’s max file size limit, or they use up all the available disk space. To prevent the above scenarios from happening, we using a system called Logrotate.
The way it works is that after a certain period of time, log rotate renames and archives the existing log file, and then create a brand new empty log file to take it’s place. Log rotate also retains the x most recent logs, and deletes the rest.
The advantage of this is that logrotate ensures that the disk space doesn’t all get used up. However the compromise is that we lose the full historical log data over time, which is a problem in the very small chance if we want to view them. To overcome this, you can set up a remote “log server”, which all rotated logs are sent to, whicl
To configure logratate, we have the following:
$ ls -l /etc | grep logrotate -rw-r--r--. 1 root root 662 Jul 31 2013 logrotate.conf drwxr-xr-x. 2 root root 4096 Apr 3 16:39 logrotate.d
The logrotate.d directory is used by other rpm packages to drop in it’s own custom logrotate config files into. Hence in the logrotate.d directory we have:
$ ls -l /etc/logrotate.d total 56 -rw-r--r--. 1 root root 178 Jun 18 2014 chrony -rw-r--r--. 1 root root 71 Mar 5 22:19 cups -rw-r--r--. 1 root root 541 Sep 19 2014 glusterfs -rw-r--r--. 1 root root 172 Mar 6 03:08 iscsiuiolog -rw-r--r--. 1 root root 165 Mar 26 23:20 libvirtd -rw-r--r--. 1 root root 163 Mar 26 23:20 libvirtd.qemu -rw-r--r--. 1 root root 106 Mar 6 02:18 numad -rw-r--r--. 1 root root 136 Jun 10 2014 ppp -rw-r--r--. 1 root root 408 Mar 6 05:05 psacct -rw-r--r--. 1 root root 115 Mar 13 22:35 samba -rw-r--r--. 1 root root 219 Mar 26 13:23 sssd -rw-r--r--. 1 root root 210 Oct 13 2014 syslog -rw-r--r--. 1 root root 100 Dec 4 13:18 wpa_supplicant -rw-r--r--. 1 root root 100 Mar 9 20:39 yum
Any configurations in the logrotate.d directory will override the default settings which are set in the main logrotate.conf
settings.
Now let’s take a look at the logrotate.conf file:
cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp minsize 1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 } # system-specific logs may be also be configured here.
Now let’s take a look at package specific logrotate config files:
cat /etc/logrotate.d/yum /var/log/yum.log { missingok notifempty size 30k yearly create 0600 root root }
You can find what each of the above means by checking out the logrotate’s man pages:
$ man logrotate
logrotate doesn’t function as a service, instead it runs in the form of a daily cron job:
$ pwd /etc/cron.daily $ ls -l | grep logrotate -rwx------. 1 root root 180 Jul 31 2013 logrotate
Note, becuase of this, you can’t rotate logs less than a day, e.g. every hour, which wouldn’t be good practice anyway.
See also:
HowTo: The Ultimate Logrotate Command Tutorial with 10 Examples
http://www.thegeekstuff.com/2012/01/rsyslog-remote-logging/ (this actually to do with setting up a log server, which you need know for rhce)