logrotate

rotates, compresses, etc system logs

logrotate [-d|--debug] [-v|--verbose] [-f|--force] [-s|--state file] [config_file …]

Example:
sudo logrotate -v /etc/logrotate.conf 2>&1 |more

Any process (including remote ones) can generate log files using the syslog subsystem.
logrotate manages logs by providing rotation, compression, removal and mailing of log files.
Logs are rotated periodically or when they grow large.

Run as a cron job,
Config files MUST have mode rw-r--r-- !
Normally, a single "master" config file includes other config files .
Multiple config files may be given on the command line, later options override.
A directory on the command line, causes all files in that directory to be used.

With no arguments, version, copyright information and usage summary is output.

logrotate 3.8.1 - Copyright (C) 1995-2001 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License

Usage: logrotate [-dfv?] [-debug] [-force] [--verbose] [-help] [--usage]
                 [-mail=command] [-state=statefile] 
                  [option …] configfile

OPTIONS

-d
--debug
no changes are made to logs or the state file, implies --verbose.
-v
--verbose
-f
--force
useful after adding new entries to the config file or to remove old logs
-m
--mail command
command should accept subject and recipient.
command is expected to read a message on standard input and mail it to the recipient.
Default:/usr/bin/mail -s
-s
--state statefile
use an alternate state file. useful if run as a different user for various sets of log files.
Default /var/lib/logrotate/status example.
--usage Prints a short usage message.
-?
--help
Usage: logrotate [OPTION...] configfile
  -d, --debug               Don't do anything, just test (implies -v)
  -f, --force               Force file rotation
  -m, --mail=command        Command to send mail (instead of `/usr/bin/mail')
  -s, --state=statefile     Path of state file
  -v, --verbose             Display messages during rotation

Help options:
  -?, --help                Show this help message
      --usage               Display brief usage message

Configuration file

May be specified on the command line.
Options with arguments may NOT have any data following the arguments. (for example weekly … su root staff ) is not permitted.

Lines before the first filename set global options.
Local definitions override global ones and later definitions override earlier ones and specify logfiles to rotate. N.B. Specifying a specific config files will not use global options from "master" config file.

Example:

 # global options effect all files
       compress
        maxsize 100000
##### 
       /var/log/messages {
           rotate 5
           weekly
           postrotate
               /usr/bin/killall -HUP syslogd
           endscript
       }

       "/var/log/httpd/access.log" /var/log/httpd/error.log {
           rotate 5
           mail wwwadmin@my.org
           size 100k
           sharedscripts
           postrotate
               /usr/bin/killall -HUP httpd
           endscript
       }

       /var/log/news/* {
           monthly
           rotate 2
           olddir /var/log/news/old
           missingok
           postrotate
               kill -HUP `cat /var/run/inn.pid`
           endscript
           nocompress
       }


Explaination:
A # begins a comment.

/var/log/messages will go through five weekly rotations (a month plus 1 week).
 After it has been rotated (but before the old version has been compressed),
 /sbin/killall -HUP syslogd will be executed to wake up syslogd and get it to look around.

Both /var/log/httpd/access.log and /var/log/httpd/error.log are rotated when it grows over 100k in size,
  the old logs files are mailed (uncompressed!) to wwwadmin@my.org after going through 5 rotations, rather than being removed.
With sharedscripts the postrotate script will only be run once (after the old logs have been compressed), not for each log.

Names may need to be enclosed in quotes
All files in /var/log/news are rotated on a monthly basis.
This is a single rotation directive and if errors occur for more than one file, the logs are not compressed.
If the directory /var/log/news does not exist, an error is reported which is not stopped with the missingok .

Use wildcards with caution. Specifingy *, will rotate all files, including previously rotated ones.
Use olddir or a more exact wildcard (such as *.log).

Options in Configuration

[no]compress Old versions of logs
[no]delaycompress Postpone compression of the previous log until the next cycle.
Results in log (the active one) log.1 log.2.gz
Used when a process might continue writing to the previous log (remember logrotate can log non-syslog files)
[no]create mode owner group Immediately after rotation (before postrotate ) new file is created
numeric mode for the file (as chmod).
Defaults to the same values as the original
Disabled with nocreate
[no]copy copy log, don't change the original used to make a snapshot of the current log.
Useful when some other utility needs to truncate or parse the log.
create is ignored.
[no]copytruncate Rotating is done by creating a copy, then truncating the original to zero in place.
nocopytruncate moves the old log and optionally creating a new one,
Use when a process cannot be told to close the log and might continue appending to the previous log ( During the small time between copying the log and truncating it entries might be lost.).
create is ignored.
dailyoperate every day.
weekly operate if the current weekday is less than the weekday of the last rotation or
if more than a week has passed since the last rotation.
Normally the same as rotating logs on the first day of the week, but better if logrotate is not run every night.
monthly operate the first time logrotate is run in a month (normally on the first day of the month).
yearly operate if the current year is not the same as the last rotation.
[no]dateext name old versions by adding a date extension (YYYYMMDD)
dateformat format_string Specify dateext using the notation %Y %m %d and %s.
Default -%Y%m%d. the character separating log name from the extension is part of the dateformat string.
The datestamps generated by this format must be properly sortable based on time.
For example do NOT use %m-%d-%Y.
dateyesterday Use yesterday's date for dateext extension, so rotated log name is the same messages
extension ext Log files with ext extension keep it after the rotation. If compression is used, the compression extension (normally .gz) appears after ext. For example to have a logfile named mylog.foo and want to rotate it to mylog.1.foo.gz instead of mylog.foo.1.gz.
include file|directory If a directory is given, most of the files in that directory are processed, in alphabetic order, before processing of the including file continues.
Files which are not regular files (such as directories and named pipes) and files whose names end with one of the taboo extensions, as specified by the tabooext directive are not processed.
tabooext [+] exten-list If a + precedes the list, the list is augmented, otherwise it is replaced.
The initial list is :
.rpmsave, .rpmorig, ~, .disabled, .dpkg-old, .dpkg-dist, .dpkg-new, .cfsaved, .ucf-old, .ucf-dist, .ucf-new, .rpmnew, .swp, .cfsaved, .rhn-cfg-tmp-*
size nnn[k|M|G] rotated if bigger than nnn kilobytes, Megabytes, and Gigabytes.
maxsize bytes rotated when bigger than bytes even before the time interval (daily, weekly, monthly, or yearly).
timestamp of a log is considered as well.
minsize bytes rotated if bigger than bytes, but not before the time interval (daily, weekly, monthly, or yearly).
[not]ifempty Rotate even if empty, default size is similar except that it is mutually exclusive with the time interval options, and it causes logs to be rotated without regard for the last rotation time. When minsize is used, both the size and timestamp of a log are considered.
maxage count Remove (and mail) rotated logs older than count days. if the log is to be rotated.
[no]missingok If the log is missing, continue without error . no issue error.
[no]olddir noLogs are rotated in the directory they normally reside in (this overrides the olddir option). Logs are moved into directory for rotation. The directory must be on the same physical device as the log file being rotated, and is assumed to be relative to the directory holding the log file unless an absolute path name is specified. When this option is used all old versions of the log end up in directory.
firstaction

/endscript
The lines between firstaction and endscript (both of which must appear on lines by themselves) are executed (using /bin/sh)
once before all logs that match the wildcarded pattern are rotated,
before prerotate and only if at least one log will actually be rotated.
These directives must appear inside a log definition.
Whole pattern is passed to the script as first argument.
If the script exits with error, no further processing is done.
prerotate

/endscript
… … are executed before the log is rotated and only if the log will actually be rotated.
The absolute path to the log is passed as first argument,
If sharedscripts is specified, whole pattern is passed to the script.
postrotate

endscript
… … are executed after the log is rotated.
sharedscripts Normally, prerotate and postrotate are run for each log which is rotated and the
absolute path to the log is passed as first argument to the script.
That means a single script may be run multiple times for logs which match multiple files
With sharedscripts the scripts are only run once, no matter how many logs match the wildcarded pattern, and
whole pattern is passed to them.
unless none require rotating, then scripts will not be run at all.
If the scripts exit with error, the remaining actions will not be executed for any logs. overrides the nosharedscripts and implies create.
nosharedscripts Run prerotate and postrotate for every log which is rotated (default, and
overrides the sharedscripts ).
The absolute path to the log is passed as first argument to the script.
If scripts exit with error, the remaining actions will not be executed for the affected log only.
lastaction

/endscript
… … after all log files that match the wildcarded pattern are rotated, postrotate is run and only if at least one log is rotated.
Whole pattern is passed to the script as first argument.
rotate count rotate count times before being removed or mailed. 0, old versions are removed.
shred Delete files using shred -u ensuring old information is unreadable.
shredcycles count shred files count times
noshred
start n base extension for rotation. specify 0, logs will be rotated with a .0 extension
Files will still be rotated rotate-count times
su user group Rotate files under this user and group
mail address When a log is rotated out of existence, mail it to address.
nomail Do not mail old logs
mailfirst with mail , mail the just-rotated file
maillast with mail , mail the about-to-expire file, default
  
compresscmd Default gzip
uncompresscmdDefault gunzip
compressext Default .gz.
For compressions commands other than gzip change this.
compressoptions Command line options passed to the compression program. default is -9 (maximum compression for gzip).
For compressions commands other than gzip change this.

sudo logrotate -dv /etc/logrotate.d

FILES

/var/lib/logrotate.status Default state file.
/etc/logrotate.conf Configuration options.

/var/lib/logrotate/status dapie 9/24/13

logrotate state -- version 2
"/var/log/ConsoleKit/history" 2013-3-1
"/var/log/syslog" 2013-3-10
"/var/log/dpkg.log" 2013-7-10
"/var/log/auth.log" 2013-9-22
"/var/log/apt/term.log" 2013-3-1
"/var/log/mysql/mysql-slow.log" 2013-3-14
"/var/log/apt/history.log" 2013-3-1
"/var/log/samba/log.smbd" 2013-3-3
"/var/log/alternatives.log" 2013-7-10
"/var/log/debug" 2013-1-13
"/var/log/mail.log" 2013-1-6
"/var/log/kern.log" 2013-9-22
"/var/log/mysql.log" 2013-9-24
"/var/log/aptitude" 2013-1-6
"/var/log/apache2/access.log" 2013-3-14
"/var/log/wtmp" 2013-9-1
"/var/log/daemon.log" 2013-9-22
"/var/log/mail.warn" 2013-1-6
"/var/log/xdm.log" 2013-9-1
"/var/log/btmp" 2013-9-1
"/var/log/lpr.log" 2013-1-6
"/var/log/mail.err" 2013-1-6
"/var/log/mysql/mysql.log" 2013-3-14
"/var/log/samba/log.nmbd" 2013-3-6
"/var/log/user.log" 2013-9-22
"/var/log/mail.info" 2013-1-6
"/var/log/apache2/other_vhosts_access.log" 2013-3-14
"/var/log/apache2/error.log" 2013-3-14
"/var/log/cron.log" 2013-1-6
"/var/log/messages" 2013-1-13
sample output