Logfile Rotation

Most distributions will install a default syslog configuration for you, including logging to messages and other logfiles in /var/log. To prevent any of these files from growing unattended to extreme sizes, a logfile rotation scheme should be installed as well. The cron system issues commands on a regular basis (usually once per day) to establish new logfiles; the old files are renamed with numeric suffixes. With this kind of rotation, yesterday’s /var/log/messages file becomes today’s /var/log/messages.1, and a new /var/log/messages file is created. The rotation is configured with a maximum number of files to keep, and the oldest logfiles are deleted when the rotation is run.

The utility that establishes the rotation is logrotate. This privileged command is configured using one or more files, which are specified as arguments to the logrotate command. These configuration files can contain directives to include other files as well. The default configuration file is /etc/logrotate.conf. Example 16-3 depicts a sample logrotate.conf file.

Example 16-3. Sample /etc/logrotate.conf file
# global options
# rotate log files weekly
# keep 4 weeks worth of backlogs
rotate 4
# send errors to root
errors root
# create new (empty) log files after rotating old ones
# compress log files
# specific files
/var/log/wtmp {
    create 0664 root utmp
    rotate 1
/var/log/messages {
        /usr/bin/killall -HUP syslogd

This example specifies rotations ...

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.