rotates, compresses, etc system logs

logrotate [-d|--debug] [-v|--verbose] [-f|--force] [-s|--state file] [config_file …]

Example: sudo logrotate -v /etc/logrotate.d/local 2>&1 |more

Any process (including remote ones) can generate log files using the syslog subsystem.
logrotate manages logs by providing rotation, compression, removal and mailing of log files. Each log file may be handled periodically or when it grows large.

Run as a cron job, the criterion for logs is based on the log's size or with --force.

Config files MUST have mode rw-r--r--!
Multiple config files may be given on the command line, later options override.
Normally, a single config file which includes any other config files .
A directory on the command line, causes all files in that directory to be used.

With no arguments, version, copyright information and usage summary is output.

logrotate 3.8.1 - Copyright (C) 1995-2001 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License

Usage: logrotate [-dfv?] [-debug] [-force] [--verbose] [-help] [--usage]
                 [-mail=command] [-state=statefile] 
                  [option …] configfile


no changes will be made to the logs or to the logrotate state file, implies --verbose.
useful after adding new entries to the config file, or if old log files have been removed manually
--mail command
command should accept subject and recipient.
command is expected to read a message on standard input and mail it to the recipient.
Default:/usr/bin/mail -s
--state statefile
use an alternate state file. useful if run as a different user for various sets of log files.
Default /var/lib/logrotate/status example.
--usage Prints a short usage message.
Usage: logrotate [OPTION...] configfile
  -d, --debug               Don't do anything, just test (implies -v)
  -f, --force               Force file rotation
  -m, --mail=command        Command to send mail (instead of `/usr/bin/mail')
  -s, --state=statefile     Path of state file
  -v, --verbose             Display messages during rotation

Help options:
  -?, --help                Show this help message
      --usage               Display brief usage message


May be specified on the command line.
Options with arguments may NOT have any data following the arguments. (for example weekly … su root staff } is not permitted.)

Each can set global options (local definitions override global ones, and later definitions override earlier ones) and specify logfiles to rotate.


 # global options effect all files
       /var/log/messages {
           rotate 5
               /usr/bin/killall -HUP syslogd

       "/var/log/httpd/access.log" /var/log/httpd/error.log {
           rotate 5
           mail wwwadmin@my.org
           size 100k
               /usr/bin/killall -HUP httpd

       /var/log/news/* {
           rotate 2
           olddir /var/log/news/old
               kill -HUP `cat /var/run/inn.pid`

A # begins a comment.

The lines before the first filename set global options.

/var/log/messages will go through five weekly rotations (a month plus 1 week).
 After it has been rotated (but before the old version has been compressed),
 /sbin/killall -HUP syslogd will be executed to wake up syslogd and get it to look around.

Both /var/log/httpd/access.log and /var/log/httpd/error.log are rotated when it grows over 100k in size,
  the old logs files are mailed (uncompressed!) to wwwadmin@my.org after going through 5 rotations, rather than being removed.
With sharedscripts the postrotate script will only be run once (after the old logs have been compressed), not for each log.

Names may need to be enclosed in quotes
All files in /var/log/news are rotated on a monthly basis.
This is a single rotation directive and if errors occur for more than one file, the log files are not compressed.
If the directory /var/log/news does not exist, an error is reported which is not stopped with the missingok .

Use wildcards with caution. Specifingy *, will rotate all files, including previously rotated ones.
Use olddir or a more exact wildcard (such as *.log).

Options in Configuration

[no]compress Old versions of logs
[no]delaycompress Postpone compression of the previous log until the next cycle. i.e. results with log.2.gz log.1 log (the active one)
Used when a process might continue writing to the previous log (remember logrotate can log non-syslog files)
[no]create mode owner group Immediately after rotation (before postrotate ) new file is created
numeric mode for the file (as chmod).
Defaults to the same values as the original
Disabled with nocreate
[no]copy copy log, don't change the original used to make a snapshot of the current log.
Useful when some other utility needs to truncate or parse the log.
create is ignored.
[no]copytruncate Rotating is done by creating a copy, then truncating the original to zero in place.
nocopytruncate moves the old log and optionally creating a new one,
Use when a process cannot be told to close the log and might continue appending to the previous log ( During the small time between copying the log and truncating it entries might be lost.).
create is ignored.
dailyoperate every day.
weekly operate if the current weekday is less than the weekday of the last rotation or
if more than a week has passed since the last rotation.
Normally the same as rotating logs on the first day of the week, but better if logrotate is not run every night.
monthly operate the first time logrotate is run in a month (normally on the first day of the month).
yearly operate if the current year is not the same as the last rotation.
[no]dateext name old versions by adding a date extension (example: YYYYMMDD) instead of a number
dateformat format_string dateext using the notation similar to strftime(3) function. %Y %m %d and %s specifiers are allowed.
Default -%Y%m%d. that the character separating log name from the extension is part of the dateformat string.
the datestamps generated by this format must be lexically sortable (i.e., first the year, then the month then the day. e.g., 2001/12/01 is ok, but 01/12/2001 is not, since 01/11/2002 would sort lower while it is later). This is because when using the rotate option, logrotate sorts all rotated filenames to find out which logfiles are older and should be removed.
dateyesterday Use yesterday's date for dateext extension, so rotated log name is the same messages
extension ext Log files with ext extension can keep it after the rotation. If compression is used, the compression extension (normally .gz) appears after ext. For example you have a logfile named mylog.foo and want to rotate it to mylog.1.foo.gz instead of mylog.foo.1.gz.
[not]ifempty Rotate the log even if empty, default
include file_or_directory Reads the file given as an argument as if it was included inline where the include directive appears. If a directory is given, most of the files in that directory are read in alphabetic order before processing of the including file continues. The only files which are ignored are files which are not regular files (such as directories and named pipes) and files whose names end with one of the taboo extensions, as specified by the tabooext directive.
maxage count Remove(and mail) rotated logs older than count days. only checked if the log is to be rotated.
size bytes[k|M|G] Logs are rotated if bigger, k, size is in kilobytes, M megabytes, and G gigabytes.
maxsize bytes Logs are rotated when bigger than bytes even before the additionally specified time interval (daily, weekly, monthly, or yearly).
be rotated without regard for the last rotation time. When maxsize is used, both the size and timestamp of a log are considered.
minsize bytes Log are rotated if bigger than bytes, but not before the additionally specified time interval (daily, weekly, monthly, or yearly). size is similar except that it is mutually exclusive with the time interval options, and it causes logs to be rotated without regard for the last rotation time. When minsize is used, both the size and timestamp of a log are considered.
[no]missingok If the log is missing, continue without error . no issue error.
[no]olddir noLogs are rotated in the directory they normally reside in (this overrides the olddir option). Logs are moved into directory for rotation. The directory must be on the same physical device as the log file being rotated, and is assumed to be relative to the directory holding the log file unless an absolute path name is specified. When this option is used all old versions of the log end up in directory.

The lines between firstaction and endscript (both of which must appear on lines by themselves) are executed (using /bin/sh)
once before all logs that match the wildcarded pattern are rotated,
before prerotate and only if at least one log will actually be rotated.
These directives must appear inside a log definition.
Whole pattern is passed to the script as first argument.
If the script exits with error, no further processing is done.

… … are executed before the log is rotated and only if the log will actually be rotated.
The absolute path to the log is passed as first argument,
If sharedscripts is specified, whole pattern is passed to the script.

… … are executed after the log is rotated.
sharedscripts Normally, prerotate and postrotate are run for each log which is rotated and the
absolute path to the log is passed as first argument to the script.
That means a single script may be run multiple times for logs which match multiple files
With sharedscripts the scripts are only run once, no matter how many logs match the wildcarded pattern, and
whole pattern is passed to them.
unless none require rotating, then scripts will not be run at all.
If the scripts exit with error, the remaining actions will not be executed for any logs. overrides the nosharedscripts and implies create.
nosharedscripts Run prerotate and postrotate for every log which is rotated (default, and
overrides the sharedscripts ).
The absolute path to the log is passed as first argument to the script.
If scripts exit with error, the remaining actions will not be executed for the affected log only.

… … after all log files that match the wildcarded pattern are rotated, postrotate is run and only if at least one log is rotated.
Whole pattern is passed to the script as first argument.
rotate count files are rotated count times before being removed or mailed. 0, old versions are removed rather than rotated.
shred Delete files using shred -u ensuring old information is unreadable.
shredcycles count shred files count times
start n base extension for rotation. specify 0, logs will be rotated with a .0 extension
Files will still be rotated rotate-count times
su user group Rotate files under this user and group
tabooext [+] exten-list current taboo extension list is changed (see include).
If a + precedes the list, the current list is augmented, otherwise it is replaced.
The initial list is :
.rpmsave, .rpmorig, ~, .disabled, .dpkg-old, .dpkg-dist, .dpkg-new, .cfsaved, .ucf-old, .ucf-dist, .ucf-new, .rpmnew, .swp, .cfsaved, .rhn-cfg-tmp-*
mail address When a log is rotated out of existence, it is mailed to address. If no mail should be generated by a particular log, the nomail directive may be used.
nomail Do not mail old logs to any address.
mailfirst When using the mail command, mail the just-rotated file, instead of the about-to-expire file.
maillast When using the mail command, mail the about-to-expire file, instead of the just-rotated file (this is the default).
compresscmd Default gzip
uncompresscmdDefault gunzip
compressext Default .gz.
For compressions commands other than gzip change this.
compressoptions Command line options passed to the compression program. default is -9 (maximum compression for gzip).
For compressions commands other than gzip change this.

sudo logrotate -dv /etc/logrotate.d


/var/lib/logrotate.status Default state file.
/etc/logrotate.conf Configuration options.

/var/lib/logrotate/status dapie 9/24/13

logrotate state -- version 2
"/var/log/ConsoleKit/history" 2013-3-1
"/var/log/syslog" 2013-3-10
"/var/log/dpkg.log" 2013-7-10
"/var/log/auth.log" 2013-9-22
"/var/log/apt/term.log" 2013-3-1
"/var/log/mysql/mysql-slow.log" 2013-3-14
"/var/log/apt/history.log" 2013-3-1
"/var/log/samba/log.smbd" 2013-3-3
"/var/log/alternatives.log" 2013-7-10
"/var/log/debug" 2013-1-13
"/var/log/mail.log" 2013-1-6
"/var/log/kern.log" 2013-9-22
"/var/log/mysql.log" 2013-9-24
"/var/log/aptitude" 2013-1-6
"/var/log/apache2/access.log" 2013-3-14
"/var/log/wtmp" 2013-9-1
"/var/log/daemon.log" 2013-9-22
"/var/log/mail.warn" 2013-1-6
"/var/log/xdm.log" 2013-9-1
"/var/log/btmp" 2013-9-1
"/var/log/lpr.log" 2013-1-6
"/var/log/mail.err" 2013-1-6
"/var/log/mysql/mysql.log" 2013-3-14
"/var/log/samba/log.nmbd" 2013-3-6
"/var/log/user.log" 2013-9-22
"/var/log/mail.info" 2013-1-6
"/var/log/apache2/other_vhosts_access.log" 2013-3-14
"/var/log/apache2/error.log" 2013-3-14
"/var/log/cron.log" 2013-1-6
"/var/log/messages" 2013-1-13
sample output