As developers it’s super helpful to log information to a file so we can retrieve it later. The problem we run into is that over time those log files can take up a lot of space so it’s important to clean them up. We could do that manually by logging into the server and manually deleting them but that’s time consuming and it would be better if we could just have the server do it automatically.

Linux already has a capacity to “clean up” our log files automatically. The process that performs this action is called logrotate. If you’ve ever looked in your /var/log directory you’ll see something like the following:

dmesg
dmesg.0
dmesg.1.gz
dmesg.2.gz
dmesg.3.gz
dmesg.4.gz

This is a file that’s already being managed by this process.

Logrotate’s configuration files are located in /etc/logrotate.d and if we look in that directory we’ll find several files that already exist. But we’re going to create our own:

vi /etc/logrotate.d/livelog

And we’re going to fill it with something that looks like this:

1
2
3
4
5
6
7
8
9
/var/log/live.log {
    daily
    missingok
    rotate 10
    compress
    delaycompress
    notifempty
    create 640 root root
}

This is generally what I start with but it’s easy to make changes to the file. The important pieces are:

  • Line 1: Defines the file that we’re going to have logrotate manage.
  • Line 2: Defines how often the file should be rotated. Depending on how quickly the file fills up (and how much you need to keep) this can be daily, weekly, or monthly. I find monthly to be good for anything but files that get written to all the time (I’m looking at you access.log).
  • Line 4: Defines how many copies to keep.
  • Line 5: Tells logrotate to compress the old versions.
  • Line 6: Tells logrotate to not compress the first version but compress the next version.
  • Line 8: Defines the umask, user, and group to use when creating the new file.

In order to test to make sure your file is working correctly you can run logrotate and pass the configuration file:

sudo logrotate /etc/logrotate.d/livelog 

Then if we look at our log file we see:

live.log
live.log.1

The live.log file is the new file and the live.log.1 file is the old version of the file.

The next time logrotate checks the file it will look like this:

live.log
live.log.1
live.log.2.gz

Now what’s happened is live.log.1 was renamed to live.log.2 and compressed (thanks to compress and delaycompress) and live.log was renamed to live.log.1 and recreated. The next time there will be a live.log.3.gz.

Like this post? Don't forget to follow us on Twitter and Facebook for updates.