Log files play a critical role in Linux systems. They help administrators monitor system activity, troubleshoot issues, track application behavior, and maintain security. As systems run continuously, log files can grow very large over time. If left unmanaged, this can consume disk space and affect system performance.

Logrotate is a log file management utility designed to solve this problem. It automatically rotates, archives, compresses, and removes old log files, ensuring that logs remain manageable while preserving important historical data. Log rotation can be based on file size, age, or time intervals, and it is usually handled automatically through cron jobs or systemd timers.

The main purpose of log rotation is simple: to prevent log files from growing indefinitely while keeping the system clean and efficient.

How Logrotate Works

Logrotate periodically checks configured log files and applies defined rules when certain conditions are met, such as:

• A log file reaching a specific size
• A log file being older than a defined time period
• A scheduled daily, weekly, or monthly rotation

When rotation occurs, the existing log file is archived, optionally compressed, and a new log file is created for continued logging.

Logrotate Configuration Files

The primary configuration file for logrotate is

/etc/logrotate.conf

This file contains global settings that apply system-wide.

In addition, individual applications and services typically have their own configuration files stored in:

/etc/logrotate.d/

Each file in this directory defines rotation rules specific to a service, such as Apache, MySQL, or system logs.

Common Logrotate Options

Below are some commonly used logrotate options and their purposes:

• compress
  Compresses rotated log files using gzip
• nocompress
  Disables compression for rotated logs
• copytruncate
  Copies the active log file and truncates the original file while the application continues writing to it
• nocopytruncate
  Disables the copy-and-truncate behavior
• create mode owner group
  Creates a new log file after rotation with specified permissions, owner, and group
• nocreate
  Prevents logrotate from creating a new log file
• delaycompress
  Delays compression until the next rotation cycle
• nodelaycompress
  Compresses logs immediately after rotation
• errors address
  Sends logrotate error messages to the specified email address
• ifempty
  Rotates the log file even if it is empty (default behavior)
• notifempty
  Skips rotation if the log file is empty
• mail address
  Emails rotated log files to the specified address and removes them from the system
• daily
  Rotates log files daily
• weekly
  Rotates log files weekly
• monthly
  Rotates log files monthly
• rotate count
  Specifies how many rotated log files are kept before older ones are removed
• size size
  Rotates the log file once it reaches the specified size

Running Logrotate

Logrotate is usually executed automatically on most Linux systems. The typical workflow includes:

1. Identifying log files that need to be managed
2. Defining rotation rules and schedules for those log files
3. Allowing logrotate to run automatically via cron or systemd timers

A common cron-based execution looks like this:

/usr/sbin/logrotate /etc/logrotate.conf

This command is usually triggered by a system-managed cron job, such as /etc/cron.daily/logrotate, and does not require manual intervention.

Summary

Logrotate is an essential tool for maintaining healthy Linux systems. By automatically managing log file growth, it helps conserve disk space, improves performance, and ensures important log data remains accessible. Proper log rotation is a best practice for any production server or Linux environment.

If you require help, contact SupportPRO Server Admin