In Linux, many applications and system services will store log files. These log files give a Linux administrator insight into how their system is performing, and are invaluable when troubleshooting issues. However, log files can get unwieldy very quickly. For example, if your web server software logs every visit to your website, and you get thousands of viewers per day, there will be way too much information to feasibly squeeze into one text file.

That's where the logrotate command comes into play. Logrotate will periodically take the current log files, rename them, optionally compress them, and generate a fresh file to which an application can continue sending its logs. The logrotate command is invoked automatically from cron, and most services have their own log rotation configuration that is implemented when they're installed. This configuration tells logrotate what it should do with the old log files. For example, how many of them should it keep around before deleting, should it compress the files, etc.

A system administrator can use the logrotate utility for their own needs as well. For example, if a Linux admin sets up a script to run, and has that script generating logs on a regular basis, it's possible to set up logrotate to manage the log files for us. In this guide, you'll learn more about the logrotate utility as we go through an example of configuring it to rotate the logs of a service we implement.

In this tutorial you will learn:
  • Where the logrotate configuration files are stored
  • How to set up a custom logrotate configuration
  • How to test a logrotate implementation
Viewing the logrotate configuration files for various services on a Linux system
Viewing the logrotate configuration files for various services on a Linux system
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux distro
Software logrotate
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux commands to be executed as a regular non-privileged user

Logrotate configuration files

Subscribe to our NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.

Logrotate is a handy tool for system administrators who wish to take the /var/log directory under their control. The logrotate command is called daily by the cron scheduler and it reads the following files:

  • The logrotate configuration file /etc/logrotate.conf
  • Files in the logrotate configuration directory /etc/logrotate.d

Most of the services (Apache webserver, postgreSQL, MySql, KDE desktop manager etc.) installed on your system create a configuration file for logrotate in /etc/logrotate.d. For example, here are the contents of our system's /etc/logrotate.d directory:

Contents of the /etc/logrotate.d directory
Contents of the /etc/logrotate.d directory

Sample logrotate configuration file

Let's say that we are running a service called "linuxserver" that is creating logfiles called "linux.log" within the /var/log/linuxserver directory. To include "linuxserver" log files in the log rotation we need to first create a logrotate configuration file and then copy it into the /etc/logrotate.d directory.

The logrotate configuration file would look something like this:

/var/log/linuxserver/linux.log {
        rotate 7
        create 660 linuxuser linuxuser }

This config file will run daily, create a maximum of 7 archives owned by linuxuser and linuxuser group with 660 permissions, compress all logs and exclude only yesterdays and empty log files. Here are some selected logrotate configuration keywords. For complete guide, check the logrotate man page.

daily Log files are rotated every day.
weekly Log files are rotated if the current weekday is less than the weekday of the last rotation or if more than a week has passed since the last rotation. This is normally the same as rotating logs on the first day of the week, but if logrotate is not being run every night a log rotation will happen at the first valid opportunity.
monthly Log files are rotated the first time logrotate is run in a month (this is normally on the first day of the month).
notifempty Do not rotate the log if it is empty (this overrides the ifempty option).
nocompress Old versions of log files are not compressed.
delaycompress Postpone compression of the previous log file to the next rotation cycle. This only has effect when used in combination with compress. It can be used when some program cannot be told to close its logfile and thus might continue writing to the previous log file for some time.
compress Old versions of log files are compressed with gzip by default.
mail address When a log is rotated out of existence, it is mailed to address. If no mail should be generated by a particular log, the nomail directive may be used.
missingok If the log file is missing, go on to the next one without issuing an error message.

Implement logrotate configuration file

Once your config file is ready, just simply copy it into the logrotate directory and change owner and permissions:

# cp linuxserver /etc/logrotate.d/
# chmod 644 /etc/logrotate.d/linuxserver
# chown root.root /etc/logrotate.d/linuxserver

Finally, you can experiment with the log rotation (outside of the usual cron job) by forcing an execution of the logrotate in the absence of any log files to rotate.

# logrotate -f /etc/logrotate.d/linuxserver 

Closing Thoughts

In this guide, we learned about the logrotate command on Linux, and how it's used to keep the /var/log directory's files under control. We also saw how to set up a logrotate configuration to manage the log files of a custom service that we implement. Although logrotate is mostly a command that works behind the scenes, invoked silently in cron, system administrators can harness its power to keep their own log files more organized and manageable.

Submit your RESUME, create a JOB ALERT.
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
Get extra help by visiting our LINUX FORUM or simply use comments below.