SoFunction
Updated on 2025-03-02

The usage of logrotate management logs that comes with Linux

Use the logrotate built into Linux to manage logs

In daily operation and maintenance, various logs are often managed, cleaned and monitored, especially because of application bugs, dozens of G logs can be written within 1 hour, resulting in full disk and system hangs up.

,,

This article briefly introduces the use of the logrotate provided by Linux to manage various logs in the operating system.

1. Introduction to logrotate

In order to use it, there are two main places that need to be modified: one is /etc/ and the other is the file below /etc//.

You can directly define how to process your log file, or you can create a new corresponding file for your log below // to define the behavior of processing logs.

It is recommended to create your own file in the directory // below to process personalized logs.

logrotate defines how to process logs, and it itself is called timed by crond.

A production instance I'm using:

/usr/local/nginx/logs/*.log {
    create 0644 root root
    daily
    rotate 2
    missingok
    copytruncate
    ifempty
    compress
    noolddir
}

The above content is saved to nginxlog file and stored in the directory: /etc//nginxlog

Set permissions:

owner=root group=root mode=0644

Test whether the configuration is correct:

lograte -d /etc//nginxlog

Perform configuration

lograte -f /etc//nginxlog

2. Logrotate configuration parameters

logrotate global configuration file: /etc/

Configuration parameters Function description
compress Compress and dump logs via gzip
nocompress Use this parameter when no compression is required
copytruncate It is used to back up and truncate the current log; it is a way to copy first and then clear. There is a time difference between copying and clearing, which may lose some log data.
nocopytruncate Backup log files but not truncate
create mode owner group Dump the file, creating a new log file using the specified file mode. Specify the attributes for creating a new file during rotation, such as create 0777 nobody nobody
nocreate No new log files are created
delaycompress When used with compress, the dumped log file is compressed until the next dump
nodelaycompress Override the delaycompress option, dump and compress
errors address The error message during special storage is sent to the specified email address
ifempty Even empty files are dumped, this is the default option for logrotate.
notifempty If it is an empty file, it will not be dumped
mail address Send the dumped log file to the specified E-mail address
nomail No log files are sent when dumping
olddir directory The dumped log file must be placed in the specified directory and must be in the same file system as the current log file.
noolddir The dumped log file and the current log file are placed in the same directory
prerotate/endscript Instructions that need to be executed before logrotate dumping, such as actions such as modifying the properties of the file; these two keywords must be in separate lines;
postrotate/endscript The instructions that need to be executed after the logrotate dump, such as restarting (kill -HUP) a service! Must be in line independently;
daily Specify the dump cycle to be daily
weekly Specify the dump cycle to be weekly
monthly Specify the dump cycle to be monthly
rotate count Specify the number of dumps before log file deletion. 0 means no backup, 5 means 5 backups are retained.
taboetext [+] list let logrotate Files with specified extensions are not dumped. The default extensions are: .rpm-orig, .rpmsave, v, and ~
size size is dumped when the log file reaches the specified size. Size can specify bytes (default), KB (sizek) or MB (sizem).
missingok If the log is lost, continue scrolling the next log without an error
notifempty When the log file is empty, no rotation will be performed
sharedscripts Run the postrotate script, which is to execute the script once after all logs are rotated. If this is not configured, the script will be executed once after each log rotation
dateext Use the current date as the naming format
dateformat .%s Used with dateext, and appears immediately on the next line. Define the file name after file cutting. It must be used with dateext. Only the four parameters of %Y %m %d %s are supported.
size (or minsize) log-size The log file is dumped only when it reaches the specified size. log-size can specify bytes (default) and KB (sizek) or MB (sizem).

illustrate:

Dump when the log file >= log-size.

The following is the legal format: (Untry case of other formats has not been tried)

  • size = 5 or size 5 (>= 5 bytes are dumped)
  • size = 100k or size 100k
  • size = 100M or size 100M

Example:

/home/deploy/apps/ {
missingok
copytruncate
rotate 10
notifempty
sharedscripts
dateext
dateformat -%Y-%m-%d-%s
size=10M
postrotatemv /home/deploy/apps/-* /data1/log/railsgzip /data1/log/rails/-*
endscript
}

Question: What is the difference between rotate and maxage?

They are all used to control how many log files are saved, the difference is that rotate is in units of numbers, while maxage is in units of days. If we rotate the logs by day, then there is not much difference between the two.

3. nginx log cutting example

vim /etc//nginx   #Create nginx log cutting configuration file/application/nginx/logs/*.log{
daily
rotate 10
create
dateext
}

logrotate -d /etc//nginx debug test -d debuglogrotate -d /etc//nginx manual cutting log test
ls /application/nginx/logs/           The dated representation is a cut log
           -20180228              
-20180228             -20180228  -20180228
              -20180228

Configure the effective time of nginx cutting log

# cat /etc/anacrontab # There is an effective time in this file# /etc/anacrontab: configuration file for anacron

# See anacron(8) and anacrontab(5) for details.
 
SHELL=/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root

# the maximal random delay added to the base delay of the jobs
RANDOM_DELAY=45

# the jobs will be started during the following hours only
START_HOURS_RANGE=3-22   #Effective time range is 3 o'clock to 22 o'clock
#period in days   delay in minutes   job-identifier   command1       5                     nice run-parts /etc/cron.daily7       25                   nice run-parts /etc/
@monthly 45                 nice run-parts /etc/

In other words, the effective time of the nginx cutting log is between 3:00 and 22:00 in the morning, and the random delay time is 45 minutes.

4. Other configuration examples

/var/log/ {
 errors jim
 notifempty
 nocompress
 weekly
 prerotate
 /usr/bin/chattr -a /var/log/
 endscript
 
 postrotate
 /usr/bin/chattr +a /var/log/
 endscript
}

Continuous integration system log processing configuration

/var/log/jenkins/ /var/log/jenkins/access_log {
    compress
    dateext
    maxage 365      #Reserve for up to 365 days    rotate 99       #Maximum 99 backups are retained    size=+4096k
    notifempty
    missingok
    create 644
    copytruncate
}

Custom log processing

/medialog/*.log {
    create 0644 root root
    daily
    rotate 30
    missingok
    copytruncate
    notifempty
    compress
    delaycompress
    olddir /medialog/backlog    # Store archive logs in separate directory}

Summarize

The above is personal experience. I hope you can give you a reference and I hope you can support me more.