Tired of Gigabyte-Sized Log Files Crushing Your Disk?
Log files are essential for troubleshooting but can quickly consume disk space. Logrotate, the Unix/Linux utility, automates log rotation, compression, and deletion. Here’s how to configure it like a pro—and dodge critical mistakes.
1. What is Logrotate?
Logrotate cycles logs automatically based on time/size, preventing uncontrolled growth. It:
- Rotates: Renames current logs (e.g.,
app.log→app.log.1). - Compresses: Archives old logs (e.g.,
app.log.2.gz). - Purges: Deletes logs older than a defined threshold.
2. Key Configuration Files
- Main Config:
/etc/logrotate.conf(global settings). - Per-Application Configs:
/etc/logrotate.d/(e.g.,/etc/logrotate.d/nginx).
3. Basic Configuration Template
Edit/create a file in /etc/logrotate.d/ (e.g., /etc/logrotate.d/myapp):
/var/log/myapp/*.log { # Path to logs
daily # Rotate daily (options: daily, weekly, monthly)
rotate 30 # Keep 30 archived logs
compress # Gzip archives (creates .gz files)
delaycompress # Delay compression until next rotation
missingok # Skip if log is missing
notifempty # Don’t rotate empty logs
create 0640 www-data adm # Recreate log with permissions/ownership
postrotate # Run commands after rotation
/usr/bin/systemctl reload myapp.service > /dev/null
endscript
}4. Essential Directives Explained
| Directive | Purpose |
|---|---|
daily/weekly/monthly |
Rotation frequency. |
size 100M |
Rotate if log exceeds 100MB (overrides time-based rotation). |
rotate N |
Keep N old log versions. |
compress |
Enable gzip compression. |
delaycompress |
Compress the previous log (e.g., log.2.gz), leaving log.1 uncompressed. |
missingok |
Ignore “file not found” errors. |
notifempty |
Skip rotation if the log is empty. |
create [perm] [user] [group] |
Recreate the original log file with specified permissions/ownership. |
postrotate/endscript |
Run custom commands (e.g., reload services) after rotation. |
su [user] [group] |
Run rotation as a non-root user (critical for permission safety!). |
5. Critical Pitfalls & Fixes
🔒 Pitfall 1: Broken Permissions/Ownership
- Risk: After rotation, new logs may be owned by
root, causing app failures. - Fix: Use
createto set correct permissions:create 0640 appuser appgroup # Replace with your app’s user/groupOR
Usesuto run rotation as the app user:su appuser appgroup
⚠️ Pitfall 2: Service Not Reloading Logs
- Risk: Apps like Nginx/Apache write to rotated logs (e.g.,
access.log.1), missing new entries. - Fix: Force log reopening with
postrotate:postrotate /usr/bin/systemctl reload nginx.service # Use reload (not restart!) endscript
💥 Pitfall 3: Disk Space Overload
- Risk: Keeping too many archives (
rotate 999) fills disks. - Fix:
- Set conservative
rotatevalues (e.g.,rotate 14for 2 weeks). - Monitor with
df -h /var/log.
- Set conservative
🛑 Pitfall 4: Compression Overhead
- Risk:
compresson huge logs spikes CPU. - Fix: Use
delaycompressto stagger CPU load.
6. Testing & Debugging
- Dry Run: Test configurations without executing:
sudo logrotate -d /etc/logrotate.d/myapp # -d = debug mode - Force Rotation:
sudo logrotate -f /etc/logrotate.d/myapp # -f = force - Check Logs:
grep "logrotate" /var/log/syslog # Verify rotations
7. Pro Tips
- Cron Integration: Logrotate runs via cron (check
/etc/cron.daily/logrotate). - Wildcards: Use
*.logto match multiple files. - Include Files: Split complex configs with
include /etc/logrotate.d. - Security: Restrict config file permissions:
chmod 640 /etc/logrotate.d/*.
Logrotate Mastery = Silent, Happy Servers 💡
Configured correctly, logrotate silently protects your disk and sanity. Audit your configs today—and never let logs run wild again! 🚀
> Gotcha: Always test with -d before deploying! A misconfigured postrotate script can crash apps.