The configuration file for log rotate /var/logrotate.conf
There is a line in this file that will show you where to find most of the application-specific configuration files. The line should look similar to:
include /etc/logrotate.d
If type the following command you see the log rotate configuration files for the applications on your server:
ls /etc/logrotate.dYou should then see a list of applications similar to the following output:
dracut fail2ban glusterfs holland httpd mysqld newrelic-sysmond nginx php-fpm syslog vsftpd yum
Example: /var/logrotate.d/fail2ban
/var/log/fail2ban.log { rotate 7 missingok compress postrotate /usr/bin/fail2ban-client flushlogs 1>/dev/null || true endscript }
This determines how many archive logs will be kept around before starts deleting the older ones. Example:
rotate 4
This can be used to specify how often to rotate a particilar log. Example(s):
daily weekly monthly yearly
This can be used to perform logrotation depending on the size of the log file. The log file will then be rotated when the log file exceeds the size set. Example(s):
size 100k size 100M size 100G
If you would like the archived logfiles to be compressed in the gzip format then you can do the following:
Option 1 - add the following line to /var/logrotate.conf
compressOption 2 - for more granular control you can add the following command to each application config file in /etc/logrotate.d/ (if it has not already been added to /var/logrotate.conf)
compress
If you have specified compressing on /var/logrotate.conf and you have some log files you do not want compressed then you can use nocompress to stop compression. If you go to the applications config file in /var/logrotate.d/application then you can add the following line to stop compression of the log files:
nocompressDelaycompress
This can be used to compress the log files with a delay in case you do not want them compressed straight away.
Note: delaycompress only works if you have compress in your config file
Postrotate
This is a script that is run by logrotate each time it rotates a log file for an application. You will normally want to use this to restart an application after the log rotation so the app can switch to a new log.
Note: You can see how this can be implemented into a config file by looking back at the example given in the /etc/logrotate.d/ section above.
postrotate /usr/sbin/application restart > /dev/null endscriptNote: you could also specify graceful instead of restart
If your application is rotating both error logs and access logs such as apache then using ‘postrotate’ there is a possibility that the application will be restarted twice. If you add the following command then it will wait until it has checked all of the logs for the config block before running the postrotate script. If both of the logs get rotated then the postrotate script will only run once:
sharedscripts
View when the log files were last rotated:
less /var/lib/logrotate.status
Force the log files to be rotated on all file located in /var/lib/logrotate.status:
/usr/sbin/logrotate -vf /etc/logrotate.conf
Force log rotation on a specific file:
logrotate -fv /etc/logrotate.d/apache2