==== Configuration file ====
The configuration file for log rotate /var/logrotate.conf
There is a line in this file that will show you where to find most of the application-specific configuration files. The line should look similar to:
include /etc/logrotate.d
\\
=== /etc/logrotate.d ===
If type the following command you see the log rotate configuration files for the applications on your server:
ls /etc/logrotate.d
You should then see a list of applications similar to the following output:
dracut fail2ban glusterfs holland httpd mysqld newrelic-sysmond nginx php-fpm syslog vsftpd yum
**Example:** **/var/logrotate.d/fail2ban**
/var/log/fail2ban.log {
rotate 7
missingok
compress
postrotate
/usr/bin/fail2ban-client flushlogs 1>/dev/null || true
endscript
}
=== Rotate count ===
This determines how many archive logs will be kept around before starts deleting the older ones. Example:
rotate 4
\\
=== Rotation Interval ===
This can be used to specify how often to rotate a particilar log. Example(s):
daily
weekly
monthly
yearly
\\
=== Size ===
This can be used to perform logrotation depending on the size of the log file. The log file will then be rotated when the log file exceeds the size set. Example(s):
size 100k
size 100M
size 100G
=== Compression ===
If you would like the archived logfiles to be compressed in the gzip format then you can do the following:
**Option 1** - add the following line to **/var/logrotate.conf**
compress
**Option 2** - for more granular control you can add the following command to each application config file in /etc/logrotate.d/ (if it has not already been added to /var/logrotate.conf)
compress
\\
**Nocompress**
If you have specified compressing on **/var/logrotate.conf** and you have some log files you do not want compressed then you can use nocompress to stop compression. If you go to the applications config file in **/var/logrotate.d/application** then you can add the following line to stop compression of the log files:
nocompress
**Delaycompress**
This can be used to compress the log files with a delay in case you do not want them compressed straight away.
Note: **delaycompress** only works if you have compress in your config file
\\
**Postrotate**
This is a script that is run by logrotate each time it rotates a log file for an application. You will normally want to use this to restart an application after the log rotation so the app can switch to a new log.
Note: You can see how this can be implemented into a config file by looking back at the example given in the **/etc/logrotate.d/** section above.
postrotate
/usr/sbin/application restart > /dev/null
endscript
Note: you could also specify graceful instead of restart
\\
**> /dev/null** pipes the command output to nowhere. If this was not implemented then the output of the command would be sent to the console/log/email etc and you do not really need to know if everything restarted correctly.
=== Shared Script ===
If your application is rotating both error logs and access logs such as apache then using ‘postrotate’ there is a possibility that the application will be restarted twice. If you add the following command then it will wait until it has checked all of the logs for the config block before running the postrotate script. If both of the logs get rotated then the postrotate script will only run once:
sharedscripts
=== Commands ===
View when the log files were last rotated:
less /var/lib/logrotate.status
Force the log files to be rotated on all file located in /var/lib/logrotate.status:
/usr/sbin/logrotate -vf /etc/logrotate.conf
Force log rotation on a specific file:
logrotate -fv /etc/logrotate.d/apache2