Kernel Logging   «Prev  Next»

Lesson 6Rotating logs
ObjectiveDescribe the Red Hat Linux method for rotating Logs.

Describe the Red Hat Linux method for Rotating Logs using Logrotate

Left unchecked, system logs will grow until you run out of disk space. Red Hat Linux ships with logrotate, a powerful tool for maintaining logfiles. Logrotate rotates logfiles from different subsystems at predefined intervals or when they reach predefined sizes. As an option, you can use it to compress old logs.
When you install a new system service by RPM, it should preconfigure itself automatically to rotate logfiles. You should monitor the system logs in /var/log and increase your rotational frequency if logs are becoming too large.
For example, /var/log/messages is rotated weekly to /var/log/messages.1, with older logfiles rotated to /var/log/messages.
The older logfiles can be optionally compressed.
Rotational configuration is stored in /etc/logrotate.conf for general settings, and /etc/logrotate.d/subsystem_name for subsystem-specific settings.
For more information about rotating logs, see the logrotate man pages.

Setting Up Logrotate on RedHat Linux

Logrotate is a utility designed for administrators who manage servers producing a high volume of log files to help them save some disk space as well as to avoid a potential risk making a system unresponsive due to the lack of disk space.
Normally, a solution to avoid this kind of problem is to setup a separate partition or logical volume for a /var mount point. However, logrotate may also be a viable solution to this problem especially if it is too late to move all logs under different partition. In this article we will talk about usage and configuration of logrotate on RedHat / CentOS Linux server.

What is Logrotate

Logrotate provides an ability for a system administrator to systematically rotate and archive any log files produced by the system and thus reducing a operating system's disk space requirement. By default logrotate is invoked once a day using a cron scheduler from location /etc/cron.daily/

# ls /etc/cron.daily/
cups  logrotate  makewhatis.cron  mlocate.cron  prelink  readahead.cron  rhsmd  tmpwatch

Configuring Logrotate

Logrotate's configuration is done by editing two separate configuration files:
service specific configuration files stored in /etc/logrotate.d/.

The main logrotate.conf file contains a generic configuration. Here is a default logrotate configuration file logrotate.conf:
  1  weekly
  2  rotate 4
  3  create
  4  dateext
  5  include /etc/logrotate.d
  6  /var/log/wtmp {
  7     monthly
  8     create 0664 root utmp
  9       minsize 1M
 10     rotate 1
 11  }

  1. Line 1 - weekly configuration option ensures a weekly rotation of all log-files defined in main configuration file and in /etc/logrotate.d/ directory.
  2. Line 2 - rotate 4 ensures that logrotate keeps a 4 weeks backup of all log files
  3. Line 3 - create option instructs logrotate to create new empty log files after each rotation
  4. Line 4 - dateext appends an extension to all rotated log files in form of date when each particular log file was processed by logrotate
  5. Line 5 - include all other configuration from directory /etc/logrotate.d
  6. Line 6 - 11 contains a specific service log rotate configuration
As opposed to logrotate.conf a directory /etc/logrotate.d/ contains a specific service configuration files used by logrotate.
The next lesson explains how to monitor system logs.