What is logrotate?
logrotate is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large.
Lets have a look at the main configuration file for logrotate is /etc/logrotate.conf
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
Now the comment section explains most of the parameter used. And there is nothing to be changed in this file so let it be with the default values.
Setting up logrotate
For this article purpose I have created a new log file firewall.log inside /var/log which will contain all iptables related log.
Next create a new file inside /etc/logrotate.d as shown below
# cd /etc/logrotate.d
# touch firewall.log
The parameter and their respective values which you can use for configuring logrotate are as shown below
Parameter
|
Description
|
compress
|
Old versions of log files are compressed with gzip by default.
|
create mode owner group
|
Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated).
mode specifies the mode for the log file in octal
owner specifies the user name who will own the log file,
group specifies the group the log file will belong to.
|
daily/weekly/monthly/yearly
|
Log files are rotated as per the value used
|
minsize size
|
Log files are rotated when they grow bigger then size bytes, but not before the additionally specified time interval (daily, weekly, monthly, or yearly
|
missingok
|
If the log file is missing, go on to the next one without issuing an error message.
|
size size
|
Log files are rotated when they grow bigger then size bytes. If size is followed by M, the size if assumed to be in megabytes. If the k is used, the size is in kilobytes.
|
notifempty
|
Do not rotate the log if it is empty (this overrides the ifempty option).
|
Add the entries as per your requirement for the rotation of your log file. Below is a sample from my machine
# less /etc/logrotate.d/firewall.log
/var/log/firewall.log {
missingok
compress
rotate 2
notifempty
size 30k
daily
create 0600 root root
}
Once done save the file.
Verify your configuration
Manually we can add some contents to our firewall.log just to verify the configuration
# seq 1000 > firewall.log
# ll firewall.log
-rw------- 1 root root 3893 Jun 26 11:02 firewall.log
So let us try to forcefully rotate the log files
# logrotate -f /etc/logrotate.conf
See the changes
# ls -l firewall.log*
-rw------- 1 root root 0 Jun 26 11:02 firewall.log
-rw------- 1 root root 1848 Jun 26 11:02 firewall.log-20140626.gz
So our last firewall.log file was compressed as you can see the size change from 3893 to 1848 bytes and a new firewall.log file is created with 0600 permission.
Let me know your success and failures.
Related Articles
Tutorial for SYSLOG with Examples in Red Hat Linux
How to log iptables messages in different log file
What are the s and k scripts in the etc rcx.d directories