Overview
By the end of this article you should be able to answer the following questions:
/etc/logrotate.conf
/etc/logrotate.d
True
$ man logrotate
Trick question, logrotate doesn’t actually have a service.
/etc/cron.daily/logrotate
Over time, log files such as /var/log/messages can get so big that they exceed linux’s max file size limit, or they use up all the available disk space. To prevent the above scenarios from happening, we using a system called Logrotate.
The way it works is that after a certain period of time, log rotate renames and archives the existing log file, and then create a brand new empty log file to take it’s place. Log rotate also retains the x most recent logs, and deletes the rest.
The advantage of this is that logrotate ensures that the disk space doesn’t all get used up. However the compromise is that we lose the full historical log data over time, which is a problem in the very small chance if we want to view them. To overcome this, you can set up a remote “log server”, which all rotated logs are sent to, whicl
To configure logratate, we have the following:
$ ls -l /etc | grep logrotate -rw-r--r--. 1 root root 662 Jul 31 2013 logrotate.conf drwxr-xr-x. 2 root root 4096 Apr 3 16:39 logrotate.d
The logrotate.d directory is used by other rpm packages to drop in it’s own custom logrotate config files into. Hence in the logrotate.d directory we have:
$ ls -l /etc/logrotate.d total 56 -rw-r--r--. 1 root root 178 Jun 18 2014 chrony -rw-r--r--. 1 root root 71 Mar 5 22:19 cups -rw-r--r--. 1 root root 541 Sep 19 2014 glusterfs -rw-r--r--. 1 root root 172 Mar 6 03:08 iscsiuiolog -rw-r--r--. 1 root root 165 Mar 26 23:20 libvirtd -rw-r--r--. 1 root root 163 Mar 26 23:20 libvirtd.qemu -rw-r--r--. 1 root root 106 Mar 6 02:18 numad -rw-r--r--. 1 root root 136 Jun 10 2014 ppp -rw-r--r--. 1 root root 408 Mar 6 05:05 psacct -rw-r--r--. 1 root root 115 Mar 13 22:35 samba -rw-r--r--. 1 root root 219 Mar 26 13:23 sssd -rw-r--r--. 1 root root 210 Oct 13 2014 syslog -rw-r--r--. 1 root root 100 Dec 4 13:18 wpa_supplicant -rw-r--r--. 1 root root 100 Mar 9 20:39 yum
Any configurations in the logrotate.d directory will override the default settings which are set in the main logrotate.conf settings.
Now let’s take a look at the logrotate.conf file:
cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
Now let’s take a look at package specific logrotate config files:
cat /etc/logrotate.d/yum
/var/log/yum.log {
missingok
notifempty
size 30k
yearly
create 0600 root root
}
You can find what each of the above means by checking out the logrotate’s man pages:
$ man logrotate
logrotate doesn’t function as a service, instead it runs in the form of a daily cron job:
$ pwd /etc/cron.daily $ ls -l | grep logrotate -rwx------. 1 root root 180 Jul 31 2013 logrotate
Note, becuase of this, you can’t rotate logs less than a day, e.g. every hour, which wouldn’t be good practice anyway.
See also:
HowTo: The Ultimate Logrotate Command Tutorial with 10 Examples
http://www.thegeekstuff.com/2012/01/rsyslog-remote-logging/ (this actually to do with setting up a log server, which you need know for rhce)