Thursday, 12 September 2013

How to rotate log files

Problem: You want to control and organize your ever-growing log files

Solution:  Use logrotate, a program to compress and/or delete log files automatically when they are sufficiently old,

Add entries to /etc/logrotate.d/syslog

eg:   /etc/logrotate.d/syslog:
     /var/log/local0 /var/log/local1 ...others... {
         /bin/kill -HUP `cat /var/run/`

You need use tool called logrotate, It allows automatic rotation, compression, removal, and mailing of log files.

Each log file may be handled daily, weekly, monthly, or when it grows too large. With this tool you keep logs longer with less disk space.

 The default configuration file is /etc/logrotate.conf:

# see "man logrotate" for details
# rotate log files weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones

# uncomment this if you want your log files compressed
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
create 0664 root utmp
rotate 1

Service or server specific configurations stored in /etc/logrotate.d directory, for example here is sample apache logrotate configuration file:

# cat /etc/logrotate.d/httpd

/var/log/httpd/*.log {
 rotate 52
      /bin/kill -HUP `cat /var/run/ 2>/dev/null` 2> /dev/null || true    endscript

weekly : Log files are rotated if the current weekday is less then the weekday of the last rotation or if more then a week has passed since the last rotation.

rotate 52 : Log files are rotated 52 times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather then rotated.

compress : Old versions of log files are compressed with gzip to save disk space.

missingok : If the log file is missing, go on to the next one without issuing an error message.

notifempty : Do not rotate the log if it is empty

sharedscripts : Normally, prerotate and postrotate scripts are run for each log which is rotated, meaning that a single script may be run multiple times for log file entries which match multiple files. If sharedscript is specified, the scripts are only run once, no matter how many logs match the wildcarded pattern. However, if none of the logs in the pattern require rotating, the scripts will not be run at all.

postrotate /bin/kill -HUP `cat /var/run/ 2>/dev/null` 2> /dev/null || true

endscript : The lines between postrotate and endscript (both of which must appear on lines by themselves) are executed after the log file is rotated. These directives may only appear inside a log file definition

Apache log rotate

# vim /etc/logrotate.d/apache
/usr/local/apache2/logs/access_log /usr/local/apache2/logs/error_log {
    size 100M
    maxage 30
      /usr/bin/killall -HUP httpd
      ls -ltr /usr/local/apache2/logs | mail -s "$HOSTNAME: Apache restarted and log files rotated"

No comments:

Post a Comment