==== Configuration file ====

The configuration file for log rotate /var/logrotate.conf

There is a line in this file that will show you where to find most of the application-specific configuration files. The line should look similar to:

<sxh bash>
include /etc/logrotate.d
</sxh>
\\
=== /etc/logrotate.d ===


If type the following command you see the log rotate configuration files for the applications on your server:
<sxh bash>
ls /etc/logrotate.d
</sxh>
You should then see a list of applications similar to the following output:

<sxh bash>dracut  fail2ban  glusterfs  holland  httpd  mysqld  newrelic-sysmond  nginx  php-fpm  syslog  vsftpd  yum</sxh>

**Example:** **/var/logrotate.d/fail2ban**
<sxh bash>
/var/log/fail2ban.log {
rotate 7
missingok
compress
postrotate
/usr/bin/fail2ban-client flushlogs  1>/dev/null || true
endscript
}
</sxh>
 

=== Rotate count ===
This determines how many archive logs will be kept around before starts deleting the older ones. Example:
<sxh bash>
rotate 4
</sxh>
\\
=== Rotation Interval ===
This can be used to specify how often to rotate a particilar log. Example(s):
<sxh bash>
daily

weekly

monthly
 
yearly
</sxh>
\\
=== Size ===
This can be used to perform logrotation depending on the size of the log file. The log file will then be rotated when the log file exceeds the size set.  Example(s):
<sxh bash>
size 100k

size 100M
 
size 100G
</sxh>
=== Compression ===
If you would like the archived logfiles to be compressed in the gzip format then you can do the following:

**Option 1** - add the following line to **/var/logrotate.conf**
<sxh bash>
compress
</sxh>
**Option 2** - for more granular control you can add the following command to each application config file in /etc/logrotate.d/ (if it has not already been added to /var/logrotate.conf)
<sxh bash>
compress
</sxh>
\\
**Nocompress**

If you have specified compressing on **/var/logrotate.conf** and you have some log files you do not want compressed then you can use nocompress to stop compression. If you go to the applications config file in **/var/logrotate.d/application** then you can add the following line to stop compression of the log files:
<sxh bash>
nocompress
</sxh>
**Delaycompress**

This can be used to compress the log files with a delay in case you do not want them compressed straight away.

Note: **delaycompress** only works if you have compress in your config file
\\
**Postrotate**

This is a script that is run by logrotate each time it rotates a log file for an application. You will normally want to use this to restart an application after the log rotation so the app can switch to a new log.

Note: You can see how this can be implemented into a config file by looking back at the example given in the **/etc/logrotate.d/** section above.
<sxh bash>
postrotate
    /usr/sbin/application restart > /dev/null
endscript
</sxh>
Note: you could also specify graceful instead of restart
\\
**> /dev/null** pipes the command output to nowhere. If this was not implemented then the output of the command would be sent to the console/log/email etc and you do not really need to know if everything restarted correctly.

=== Shared Script ===


If your application is rotating both error logs and access logs such as apache then using ‘postrotate’ there is a possibility that the application will be restarted twice. If you add the following command then it will wait until it has checked all of the logs for the config block before running the postrotate script. If both of the logs get rotated then the postrotate script will only run once:
<sxh bash>
sharedscripts
</sxh>
 

=== Commands ===


View when the log files were last rotated:
<sxh bash>
less /var/lib/logrotate.status 
</sxh>
 

Force the log files to be rotated on all file located in /var/lib/logrotate.status:
<sxh bash>
/usr/sbin/logrotate -vf /etc/logrotate.conf
</sxh>
 

Force log rotation on a specific file:
<sxh bash>
logrotate -fv /etc/logrotate.d/apache2
</sxh>