bash logrotate - ghdrako/doc_snipets GitHub Wiki

• https://betterstack.com/community/guides/logging/how-to-manage-log-files-with-logrotate-on-ubuntu-20-04/

Cron

0 2 * * * root /usr/sbin/logrotate /etc/custom-logrotate.conf

systemd timmer

# /etc/systemd/system/logrotate-hourly.timer
[Unit]
Description=Hourly rotation of log files

[Timer]
Unit=logrotate.service
OnCalendar=hourly
Persistent=true

Status

/var/lib/logrotate.status

The main Logrotate configuration

/etc/logrotate.conf

Global configuration file for Logrotate, providing default settings and options for log rotation across the system. It sets the stage for log rotation but can be extended or overridden by the configuration files in the /etc/logrotate.d/ directory which typically configure the rotation policy for specific application logs.

Main directives:

• weekly: represents the frequency of log rotation. Alternatively, you can specify another time interval (hourly, daily, monthly, or yearly). Since the logrotate utility is typical run once per day, you may need to change this configuration if a if a shorter rotation frequency than daily is desired (see below).
• su root adm: log rotation is performed with the root user and admin group. By using this directive, you can ensure that the rotated log files are owned by a specific user and group, which can be useful for access control and permissions management. This is particularly relevant when the log files need to be accessed or managed by a specific user or group with appropriate privileges.
• rotate 4: log files are rotated four times before old ones are removed. If rotate is set to zero, then the old versions are removed immediately and not rotated. If it is set to -1, the older logs will not be remove at all except if affected by maxage.
• create: immediately after rotation, create a new log file with the same name as the one just rotated.
• dateext: if this option is enabled, rotated log files will be renamed by appending a date to their filenames, allowing for better organization and differentiation of log files based on the date of rotation (especially when the frequency of rotation is daily or greater). The default scheme for rotated files is logname.1, logname.2, and so on, but enabling this option changes it to logname.YYYYMMDD. You can change the date format through the dateformat and dateyesterday directives.
• compress: this rule determines whether old log files should be compressed (using gzip by default) or not. Log compression is turned off by default but you can enable it to save on disk space.
• include: this directive is used to include additional configuration files or snippets. It allows you to modularize and organize your Logrotate configuration by splitting it into multiple files. In this case, the files in the /etc/logrotate.d directory have been included in the configuration.

Application-specific configuration

Directory includes files that configure log rotation policies specific to the log files produced by a individual applications or services.

/etc/logrotate.d

Directives:

• missingok: continue log rotation without reporting any error if any of the specified log files are missing.
• notifempty: ensures that log files are not rotated if they are empty. If a log file is empty, it won't trigger rotation.
• delaycompress: delays compression of the rotated log files until the next rotation cycle. This allows for the previous log file to be available for analysis before compression.
• sharedscripts: ensures that the commands or scripts specified in the prerotate or postrotate directive are executed only once, regardless of the number of log files being rotated. By default, logrotate executes the commands/scripts separately for each log file being rotated.
• postrotate and endscript: encloses the commands or scripts to be executed after log rotation. In this case, the /usr/lib/rsyslog/rsyslog-rotate script is executed after a successful rotation. It sends the SIGHUP signal to the Rsyslog service so that it can close and reopen the log file for writing.
• size: specifies the maximum size in bytes, kilobytes, megabytes, or gigabytes that a log file can reach before rotation is initiated. This causes the default schedule to be ignored if as long as size is specified after the time directive (hourly, daily, etc).
• minsize: the log files are rotated according to the specified time schedule, but not before the specified size is reached. Therefore, when minsize is used, both file size and timestamp are considered to determine if the file should be rotated.
• maxsize: specifies that the log files are rotated once they exceed the stated file size, even when the time interval has not yet been reached.

without root

1. create /home/user/logrotate folder

   mkdir /home/user/logrotate

2. create /home/user/logrotate/my.conf configuration file with logrotate directive as you need
3. create /home/user/logrotate/cronjob to run logrotate every day at 2:30 AM (this is an example)

  30 2 * * * /usr/sbin/logrotate -s /home/user/logrotate/status /home/user/logrotate/my.conf > /dev/null 2>&1

4. check your configuration file syntax:

  logrotate -d /home/user/logrotate/my.conf

5. configure crontab to run logrotate (Warning: This removes existing entries in your crontab. Use crontab -e to manually add the line from step 3 to an existing crontab):

  crontab /home/user/logrotate/cronjob