Search This Blog


Logs and Logrotate

It's easy to have logs grow out of control without some kind of maintenance service to go through and compress/truncate them as it goes.

Logrotate gives the ability to rotate logs at given intervals and when the timeframe/parameters match a given value in /etc/logrotate.conf

The way logrotate works is by running a cron in /etc/cron.daily/logrotate.

This cron pulls in /etc/logrotate.conf and logrotate.conf then pulls in all of the configs from /etc/logrotate.d

Most times when you're configuring a service to rotate logs you would specify the options in /etc/logrotate.d/service-name

Example: I was running a script that is listening in on a socket and outputting all data from that socket to a log file called bash_rexec
cat /etc/logrotate.d/bash_rexec
/tmp/bash_rexec.log {
    su vi-admin root
    maxage 365
    rotate 99

Because I am running this script as vi-admin the service account vi-admin will be the one creating logs so if I do not su to this user there will be permission discrepancies and I will get failure logs as follows:
error: "/tmp" has insecure permissions. It must be owned and be writable by root only to avoid security problems. Set
the "su" directive in the config file to tell logrotate which user/group should be used for rotation.
  log needs rotating

compress - compressing with gzip
dateext - I want the filename to end in the date in which it was archived -20140108.gz
maxage - nothing should be stored longer than 365 days
rotate - I want a maximum of 99 rotations
size - no logs should be greater than 2MB
notifempty - don't rotate if the log is empty
missingok - if the log is missing go to the next one
copytruncate - Truncate the original log file in place after creating a copy, instead of moving the old log file and optionally creating a new one

Debugging Logrotate

Using logrotate in debug mode
logrotate -vdf 

Where config_file could be /etc/logrotate.config or one of the sub-configs in /etc/logrotate.d/

-d option will ensure that no actions are actually taken when rotating logs
-f will force rotation even when not required
-v will just give a verbose output of what is going on

Note: Sometimes the /var/lib/logrotate.status file may get corrupted or not updated. In which case it might need to be removed and re-created.


No comments:

Post a Comment