Configuration file

The configuration file for log rotate /var/logrotate.conf

There is a line in this file that will show you where to find most of the application-specific configuration files. The line should look similar to:

include /etc/logrotate.d

/etc/logrotate.d

If type the following command you see the log rotate configuration files for the applications on your server:

ls /etc/logrotate.d
You should then see a list of applications similar to the following output:

dracut  fail2ban  glusterfs  holland  httpd  mysqld  newrelic-sysmond  nginx  php-fpm  syslog  vsftpd  yum

Example: /var/logrotate.d/fail2ban

/var/log/fail2ban.log {
rotate 7
missingok
compress
postrotate
/usr/bin/fail2ban-client flushlogs  1>/dev/null || true
endscript
}

Rotate count

This determines how many archive logs will be kept around before starts deleting the older ones. Example:

rotate 4

Rotation Interval

This can be used to specify how often to rotate a particilar log. Example(s):

daily

weekly

monthly
 
yearly

Size

This can be used to perform logrotation depending on the size of the log file. The log file will then be rotated when the log file exceeds the size set. Example(s):

size 100k

size 100M
 
size 100G

Compression

If you would like the archived logfiles to be compressed in the gzip format then you can do the following:

Option 1 - add the following line to /var/logrotate.conf

compress
Option 2 - for more granular control you can add the following command to each application config file in /etc/logrotate.d/ (if it has not already been added to /var/logrotate.conf)
compress

Nocompress

If you have specified compressing on /var/logrotate.conf and you have some log files you do not want compressed then you can use nocompress to stop compression. If you go to the applications config file in /var/logrotate.d/application then you can add the following line to stop compression of the log files:

nocompress
Delaycompress

This can be used to compress the log files with a delay in case you do not want them compressed straight away.

Note: delaycompress only works if you have compress in your config file
Postrotate

This is a script that is run by logrotate each time it rotates a log file for an application. You will normally want to use this to restart an application after the log rotation so the app can switch to a new log.

Note: You can see how this can be implemented into a config file by looking back at the example given in the /etc/logrotate.d/ section above.

postrotate
    /usr/sbin/application restart > /dev/null
endscript
Note: you could also specify graceful instead of restart
> /dev/null pipes the command output to nowhere. If this was not implemented then the output of the command would be sent to the console/log/email etc and you do not really need to know if everything restarted correctly.

Shared Script

If your application is rotating both error logs and access logs such as apache then using ‘postrotate’ there is a possibility that the application will be restarted twice. If you add the following command then it will wait until it has checked all of the logs for the config block before running the postrotate script. If both of the logs get rotated then the postrotate script will only run once:

sharedscripts

Commands

View when the log files were last rotated:

less /var/lib/logrotate.status 

Force the log files to be rotated on all file located in /var/lib/logrotate.status:

/usr/sbin/logrotate -vf /etc/logrotate.conf

Force log rotation on a specific file:

logrotate -fv /etc/logrotate.d/apache2