Saturday, August 14, 2010

Logrotate in Linux


1.About Log rotate

The logrotate program is a log file manager. It is used to regularly cycle (or rotate) log files by removing the oldest ones from your system and creating new log files. It may be used to rotate based on the age of the file or the file’s size, and usually runs automatically through the cron utility. .

  • It is installed by default on Linux
  • Runs as daily cron job and the cron script located in /etc/cron.daily directory
  • Configuration file is /etc/logrotate.conf
  • While installing RPM’s, the applications put log rotation configuration in /etc/logrotate.d/ for its specific application logs. Log rotate daemon scans this directory for specific configuration files for specific application/service logs rotation method
  • Configurations under /etc/logrotate.d/ will override the options specified in /etc/logrotate.conf
  • Pre rotate and Post rotate scripts can be used
  • The logrotate program may also be used to compress log files and to configure e-mail to users when they are rotated

2. Setting up log rotate

To set rotate options for /var/log/messages and whatever the files which need rotation, edit /var/logrotate.d/syslog. This file contains the configuration for all the logs which controlled by syslog daemon.

Or create new file with the following syntax

FULL_PATH_OF_THE_FILES_TO_BE_ROTATED
{
OPTION1
OPTION2
…..
….
}

Verify the default options in /etc/logrotate.conf and comment them if required.

Here is the sample configuration file for rotating /var/log/messages and other log files based on size

/var/log/warn /var/log/messages /var/log/allmessages /var/log/localmessages /var/log/firewall
 {
    nocompress
     rotate 1
    missingok
    notifempty
    size 10M
    create 640 root root
    sharedscripts
    postrotate
        /etc/init.d/syslog reload
    endscript
}

In the above configuration, when the logrotate daemon executed as cron job, it will look for the file to rotate (/var/log/messages and other files) and size of that file (10M) specified in configuration file /var/logrotate.d/syslog
  
If the specified size reached, it will execute the prerotate script which does an incremental backup of that log file and rotates it.



3. Options which can be used in configuration file.

compress
This is used to compress the rotated log file with gzip.
nocompress
This is used when you do not want to compress rotated log files.
copytruncate
This is used when processes are still writing information to open log files. This option copies the active log file to a backup and truncates the active log file.
nocopytruncate
This copies the log files to backup, but the open log file is not truncated.
create mode owner group
This rotates the log file and creates a new log file with the specified permissions, owner, and group. The default is to use the same mode, owner, and group as the original file.
nocreate
This prevents the creation of a new log file.
delaycompress
When used with the compress option, the rotated log file is not compressed until the next time it is cycled.
nodelaycompress
This overrides delaycompress. The log file is compressed when it is cycled.
errors address
This mails logrotate errors to an address.
ifempty
With this, the log file is rotated even if it is empty. This is the default forlogrotate.
notifempty
This does not rotate the log file if it is empty.
mail address
This mails log files that are cycled to an address. When mail log files are cycled, they are effectively removed from the system.
nomail
When mail log files are cycled, a copy is not mailed.
olddir directory
With this, cycled log files are kept in the specified directory. This directory must be on the same filesystem as the current log files.
noolddir
Cycled log files are kept in the same directory as the current log files.
prerotate/endscript
These are statements that enclose commands to be executed prior to a log file being rotated. The prerotate and endscript keywords must appear on a line by themselves.
postrotate/endscript
These are statements that enclose commands to be executed after a log file has been rotated. The postrotate and endscript keywords must appear on a line by themselves.
daily
This is used to rotate log files daily.
weekly
This is used to rotate log files weekly.
monthly
This is used to rotate log files monthly.
rotate count
This specifies the number of times to rotate a file before it is deleted. A count of 0 (zero) means no copies are retained. A count of 5 means five copies are retained.
tabootext [+] list
This directs logrotate to not rotate files with the specified extension. The default list of extensions is .rpm-orig, .rpmsave, v, and ~.
size size
With this, the log file is rotated when the specified size is reached. Size may be specified in bytes (default), kilobytes (sizek), or megabytes (sizem).


In the prerotate section we can specify any script which we would like to run before the log rotation and we also have postrotate option as well.

We can use the logrotate, to control the size of the various application log files (messages, audit.log, etc...)  By creating a configuration file under /etc/logrotate.d/

It will be helpful in controlling the growth of file system