Configuring and fine-tuning your system-logging facilities is extremely important for system security and general diagnostics. But if your logs grow too large and fill up their filesystem, all that work may come to naught.
As with syslog itself, most Linux distributions come with a preconfigured log-rotation scheme. As with syslog, while this scheme tends to work adequately for many users, it’s too important a mechanism to take for granted: it behooves you to understand, periodically evaluate, and, if necessary, customize your log-management setup.
Red Hat 7 and Debian 2.2 use a binary program called
logrotate to handle system-log growth. In fact,
they use very similar implementations of
logrotate: global options and low-level (system)
log files are addressed in
and application-specific configuration scripts are kept in
logrotate is run, all scripts in
/etc/logrotate.d are included into
logrotate.conf and parsed as one big script.
configuration very modular: when you install an RPM or DEB package
(of software that creates logs), your package manager automatically
installs a script in
will be removed later if you uninstall the package.
include directive in
logrotate.conf may be used to specify additional or different directories and files to include. In no event, however, should you ...