Linux distributions are ideal for any type of corporate environment thanks to their ability to adapt to new functions and new roles and, best of all, for free thanks to free code.
We have thousands of applications or utilities designed for centralized control over all aspects of the system and thus, as administrators or IT personnel, knowing with certainty when a failure occurs and knowing how to solve it.
Within this wide range of possibilities we find Logrotate which is a utility of the distribution and its function is the rotation and compression of the log files .
This task is important since, by not taking any action on these files, the space on the hard disk can be affected, leading to other general errors.
For this case we will use Ubuntu 17.10 and Logrotate comes installed by default and is already configured to manage the log rotation tasks of all installed packages, including rsyslog, the default system log processor.
Next, we will see how to install and use this valuable utility.
1. Identify the version of Logrotate installed Linux
The first step to take is to know in detail which version we have of Logrotate in, in this case, Ubuntu 17.10. For this we execute the following command:
logrotate –version
The result will be as follows:
If Logrotate is not installed, we will get an error. We can install the tool using the package manager of the used Linux distribution.
If Logrotate is installed but the version number is significantly different, we may have problems with some of the utility settings. We can consult the documentation of the specific version of Logrotate directly on its man page:
man logrotate
We can see the default configuration structure of Logrotate in the Linux distro:
2. Logrotate Linux Configuration
Logrotate configuration information can generally be found in two places in the case of Ubuntu:
etc / logrotate.conf
This file contains some default settings and configures rotation for some records that are not owned by any system packages. It also makes use of an include statement to get configuration from any file in the /etc/logrotate.d directory.
/etc/logrotate.d/
This directory is where any package we install and need help with log rotation will put their Logrotate settings. In a standard installation there should already be files here for basic system tools like apt, dpkg, rsyslog etc.
By default, logrotate.conf will configure weekly log rotations (weekly), with log files owned by the root user and the syslog group (their root syslog), with four log files preserved (rotate 4) and new files created. empty record. created after the current one is rotated (create).
We can access the Logrotate configuration file of a package in /etc/logrotate.d using the cat utility:
cat /etc/logrotate.d/apt
This file contains configuration blocks for two different log files in the / var / log / apt / directory: term.log and history.log. Both have the same options.
Any option that is not configured in these configuration blocks will inherit the default values or those set in /etc/logrotate.conf. The options configured for apt records are:
rotate 12
It maintains twelve old log files.
Monthly
Rotate once a month.
Compress
It is responsible for compressing the rotated files. This uses gzip by default and results in files ending in the .gz extension. The compression command can be changed using the compresscmd option.
missingok
Do not write an error message if the log file is missing.
notifempty
Do not rotate the log file if it is empty.
There are many more configuration options available.
3. Configure a Logrotate Linux service and add configuration to /etc/logrotate.d/
Next, we will configure a configuration file to handle the records of a service that we will create.
To manage the log files for applications outside of the prepackaged and preconfigured system services, we have two options:
- Create a new Logrotate configuration file and place it in the /etc/logrotate.d/ path. This will run daily as the root user along with all other standard Logrotate jobs.
- Create a new configuration file and run it outside of Ubuntu's default Logrotate configuration. This is only necessary if we must run Logrotate as a non-root user, or if you want to rotate logs more frequently than daily (an hourly setting in /etc/logrotate.d/ would not be effective, because the system Logrotate setting is only run once a day).
In this case we want to configure log rotation for a web server that puts an access.log and error.log in the path / var / log / technowikis-app /. It will run as the user and group for www-data.
To add some configuration to /etc/logrotate.d/, we must first open a new file as follows:
sudo nano /etc/logrotate.d/technowikis-app
there we will add the following lines:
/var/log/technowikis-app/*.log {daily missingok rotate 14 compress notifempty create 0640 www-data www-data sharedscripts postrotate systemctl reload technowikis-app endscript}
We can save the changes using the key combination Ctrl + O and exit the editor using Ctrl + X.
Some of the new configuration directives in this file are:
create 0640 www-data www-data
This parameter creates a new empty log file after rotation, with the specified permissions (0640), the owner (www-data), and the group (also www-data).
sharedscripts
This flag indicates that scripts added to the configuration run only once per run, rather than for each rotated file.
post-trot to endscript
This block contains a script to run after the log file is rotated. In this case, we can reload our technowikis-app file. This is sometimes necessary for the application to switch to the newly created log file.
We must consider postrotate executions before logs are checked. Compression could be time consuming and the software should switch to the new log file immediately. For tasks that must be run after compressing the logs, use the lastaction block instead.
After customizing the configuration that best suits our needs and have been saved in /etc/logrotate.d, we can verify it by executing the following line.
sudo logrotate /etc/logrotate.conf –debug
This calls logrotate, points to the standard configuration file, and turns on debug mode:
Information will be printed on what log files Logrotate is handling and what is running on them. If everything looks good, we're done. The standard Logrotate job will run once a day and will include your new settings.
4. How to Create a Lograte Linux Separate Registry Configuration
First, we will create a configuration file in our home directory. We can open it with a text editor:
sudo nano /home/technowikis/logrotate.conf
In the new file we will paste the following:
/home/technowikis/logs/*.log {hourly missingok rotate 24 compress create}
We can save the changes and exit the file.
This setting will rotate files every hour, compressing and preserving twenty-four old records, and creating a new log file to replace the rotated file. To test that it works correctly, we can create a log file by executing the following lines:
cd ~ sudo mkdir logssudo touch logs / access.log
Now that we have a blank log file in the right place, we will run the logrotate command.
We will execute the following:
logrotate /home/technowikis/logrotate.conf --state / home / technowikis / logrotate-state –verbose
The --verbose parameter will print detailed information about what we are running with Logrotate. In this case, we will see that nothing was rotated. This is the first time Logrotate has seen this log file, and as we know the file is zero hours old and should not be rotated.
If we look at the status file, we will see that Logrotate registered certain information about the execution we carried out:
cat / home / technowikis / logrotate-state
We will see the following:
Logrotate wrote down the records I analyze and when I last considered them for the rotation. If we run this same command an hour later, the registry will be rotated as it is the target. If you want to force Logrotate to rotate the log file when it shouldn't otherwise, we can use the --force flag:
sudo logrotate /home/technowikis/logrotate.conf --state / home / technowikis / logrotate-state --verbose –force
5. Creating a Scheduled Task Achieve Linux
Finally, we must set up a cron job to run Logrotate every hour. For this we open the crontab of our user by executing the following:
crontab -e
In the open file we will add the following line:
14 * * * * / usr / sbin / logrotate /home/technowikis/logrotate.conf --state / home / technowikis / logrotate-state
This task will be executed at the 14th minute of every hour, every day. It basically works with the same logrotate command we ran earlier, although we expanded logrotate to the full path of / usr / sbin / logrotate. We can save the file using the key combination Ctrl + O and exit it using Ctrl + X.
Thus we have seen how Logrotate is a simple but effective utility when it comes to managing and controlling records in any Linux distribution.