When you’re administering a remote server, logs are your best friend, but disk space problems can be your worst enemy - so while Linux applications are generally very good at generating logs, they need to be controlled.
The logrotate application keeps your logs in check. Using this, you can define how many days of logs you wish to keep; split them into manageable files; compress them to save space, or even keep them on a totally separate server.
Good sysadmins love automation - having the computer automatically do the boring repetitive stuff Just Makes Sense.
Look into your logs directories - /var/log, and subdirectories like /var/log/apache2. Can you see that your logs are already being rotated? You should see a /var/log/syslog file, but also a series of older compressed versions with names like /var/log/syslog.1.gz
You will recall that cron is generally setup to run scripts in /etc/cron.daily - so look in there and you should see a script called logrotate - or possibly 00logrotate to force it to be the first task to run.
The overall configuration is set in /etc/logrotate.conf - have a look at that, but then also look at the files under the directory /etc/logrotate.d, as the contents of these are merged in to create the full configuration. This is example of what you might see:
/var/log/apache2/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
}
Much of this is fairly clear: the apache2 .log file will be rotated each week, with 52 compressed copies being kept.
Typically when you install an application a suitable logrotate “recipe” is installed for you, so you’ll not normally be creating these from scratch. However, the default settings won’t always match your requirements, so it’s perfectly reasonable for you as the sysadmin to edit these - for example, the default apache2 recipe above creates 52 weekly logs, but you might find it more useful to have logs rotated daily, a copy automatically emailed to an auditor, and just 30 days worth kept on the server.
This is a good time to mention that Linux comes with a fine on-line manual - invoked with the man command. Each application you install also installs its own page into this manual, so that you can look at the page for logrotate to see the full detail on the syntax like this:
man logrotate
You might also try:
man nmap
man tar
man cp
man grep
man man
man kill
As you’ll see, these are excellent for the detailed syntax of a command, but many are extremely terse, and for others the amount of detail can be somewhat daunting!
- Edit your logrotate configuration for apache2 to rotate daily
- Make whatever other changes you wish
- Check the next day to see that it’s worked
- The Ultimate Logrotate Command Tutorial (http://www.thegeekstuff.com/2010/07/logrotate-examples/)
- Howto: Use logrotate to manage log files (http://linuxers.org/howto/howto-use-logrotate-manage-log-files)
- LINUX: openSUSE and logrotate (http://www.youtube.com/watch?v=UoHmj3ef3Is)
- Use logrotate to Manage Log Files (http://library.linode.com/linux-tools/utilities/logrotate)