rotates, compresses, etc system logs

logrotate [-dv] [-f|--force] [-s|--state file] config_file

Example: sudo logrotate -v /etc/logrotate.d/local 2>&1 |more

Any process (including remote ones) can generate log files using the syslog subsystem.
logrotate can manage all logs by providing automatic rotation, compression, removal and mailing of log files. Each log file may be handled periodically or when it grows large.

Normally, run as a daily cron job, it modifies a log daily unless the criterion for that log is based on the log's size and is run more than once per day, or unless --force is used.

Multiple config files may be given on the command line. Later config files options override those in earlier files, so the order in which the logrotate config files are listed is important. Normally, a single config file which includes any other config files which are needed should be used.
If a directory is given on the command line, every file in that directory is taken.

With no command line arguments the version and copyright information, along with a short usage summary is output.

logrotate 3.8.1 - Copyright (C) 1995-2001 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License

Usage: logrotate [-dfv?] [-debug] [-force] [--verbose] [-help] [--usage]
                 [-mail=command] [-state=statefile] 
                  [option …] configfile


Usage: logrotate [OPTION...] configfile
  -d, --debug               Don't do anything, just test (implies -v)
  -f, --force               Force file rotation
  -m, --mail=command        Command to send mail (instead of `/usr/bin/mail')
  -s, --state=statefile     Path of state file
  -v, --verbose             Display messages during rotation

Help options:
  -?, --help                Show this help message
      --usage               Display brief usage message
debug mode, no changes will be made to the logs or to the logrotate state file, implies -v.
force rotation, useful after adding new entries to the config file, or if old log files have been removed by hand, as the new files will be created, and logging will continue correctly.
--mail command
command should accept two arguments: 1) subject , and 2) the recipient.
command is expected to read a message on standard input and mail it to the recipient.
Default:/usr/bin/mail -s.
--state statefile
use an alternate state file. useful if run as a different user for various sets of log files.
Default /var/lib/logrotate/status example.
--usage Prints a short usage message.
Turns on verbose mode, ie. display messages during rotation.


May be specified on the command line.
Each can set global options (local definitions override global ones, and later definitions override earlier ones) and specify logfiles to rotate.


 # global options effect all files
       /var/log/messages {
           rotate 5
               /usr/bin/killall -HUP syslogd

       "/var/log/httpd/access.log" /var/log/httpd/error.log {
           rotate 5
           mail wwwadmin@my.org
           size 100k
               /usr/bin/killall -HUP httpd

       /var/log/news/* {
           rotate 2
           olddir /var/log/news/old
               kill -HUP `cat /var/run/inn.pid`

A # begins a comment.

The first lines set global options.

For /var/log/messages, it will go through five weekly rotations (a month plus 1 week).
After it has been rotated (but before the old version has been compressed),
/sbin/killall -HUP syslogd will be executed to wake up syslogd and get it to look around.

Both /var/log/httpd/access.log and /var/log/httpd/error.log are rotated when it grows over 100k in size, the old logs files are mailed (uncompressed!) to wwwadmin@my.org after going through 5 rotations, rather than being removed.
With sharedscripts the postrotate script will only be run once (after the old logs have been compressed), not for each log.

Names may need to be enclosed in quotes All files in /var/log/news are rotated on a monthly basis. This is a single rotation directive and if errors occur for more than one file, the log files are not compressed.

If the directory /var/log/news does not exist, an error is reported which is not stopped with the missingok .

Use wildcards with caution. Specifingy *, will rotate all files, including previously rotated ones.
Use olddir or a more exact wildcard (such as *.log).

Options in Configuration

[no]compress Old versions of logs
[no]delaycompress Postpone compression of the previous log until the next cycle. i.e. results with log.2.gz log.1 log
Used when a process might continue writing to the previous log (remember logrotate can log non-syslog files)
[no]copy copy log, don't change the original used to make a snapshot of the current log.
For example when some other utility needs to truncate or parse the log.
create is ignored.
[no]copytruncate Rotating is done by creating a copy, then truncating the original to zero in place.
nocopytruncate moves the old log and optionally creating a new one, Use when a process cannot be told to close the log and might continue appending to the previous log ( During the small time between copying the log and truncating it entries might be lost.).
create is ignored.
[no]create mode owner group Immediately after rotation (before the postrotate script is run) the new log file is created
mode for the log file in octal (the same as chmod,
owner: user who will own the log file, and group specifies the group the log file will belong to.
Uses the same values as the original log file for the omitted attributes.
Disabled with nocreate
dailyoperate every day.
weekly operate if the current weekday is less than the weekday of the last rotation or
if more than a week has passed since the last rotation.
Normally the same as rotating logs on the first day of the week, but better if logrotate is not run every night.
monthly operate the first time logrotate is run in a month (normally on the first day of the month).
yearly operate if the current year is not the same as the last rotation.
[no]dateext Archive old versions of log adding a daily extension like YYYYMMDD instead of a number configured using dateformat and dateyesterday .
dateformat format_string extension for dateext using the notation similar to strftime(3) function. %Y %m %d and %s specifiers are allowed.
Default -%Y%m%d. that the character separating log name from the extension is part of the dateformat string.
the datestamps generated by this format must be lexically sortable (i.e., first the year, then the month then the day. e.g., 2001/12/01 is ok, but 01/12/2001 is not, since 01/11/2002 would sort lower while it is later). This is because when using the rotate option, logrotate sorts all rotated filenames to find out which logfiles are older and should be removed.
dateyesterday Use yesterday's date for dateext extension, so rotated log name is the same messages
extension ext Log files with ext extension can keep it after the rotation. If compression is used, the compression extension (normally .gz) appears after ext. For example you have a logfile named mylog.foo and want to rotate it to mylog.1.foo.gz instead of mylog.foo.1.gz.
[noit]ifempty Rotate the log even if empty, default
include file_or_directory Reads the file given as an argument as if it was included inline where the include directive appears. If a directory is given, most of the files in that directory are read in alphabetic order before processing of the including file continues. The only files which are ignored are files which are not regular files (such as directories and named pipes) and files whose names end with one of the taboo extensions, as specified by the tabooext directive.
maxage count Remove(and mail) rotated logs older than count days. only checked if the log is to be rotated.
size bytes[k|M|G] Logs are rotated if bigger, k, size is in kilobytes, M megabytes, and G gigabytes.
maxsize bytes Logs are rotated when bigger than bytes even before the additionally specified time interval (daily, weekly, monthly, or yearly).
be rotated without regard for the last rotation time. When maxsize is used, both the size and timestamp of a log are considered.
minsize bytes Log are rotated if bigger than bytes, but not before the additionally specified time interval (daily, weekly, monthly, or yearly). size is similar except that it is mutually exclusive with the time interval options, and it causes logs to be rotated without regard for the last rotation time. When minsize is used, both the size and timestamp of a log are considered.
[no]missingok If the log is missing, continue without error . no issue error.
[no]olddir noLogs are rotated in the directory they normally reside in (this overrides the olddir option). Logs are moved into directory for rotation. The directory must be on the same physical device as the log file being rotated, and is assumed to be relative to the directory holding the log file unless an absolute path name is specified. When this option is used all old versions of the log end up in directory.

The lines between firstaction and endscript (both of which must appear on lines by themselves) are executed (using /bin/sh)
once before all logs that match the wildcarded pattern are rotated,
before prerotate and only if at least one log will actually be rotated.
These directives must appear inside a log definition.
Whole pattern is passed to the script as first argument.
If the script exits with error, no further processing is done.

… … are executed before the log is rotated and only if the log will actually be rotated.
The absolute path to the log is passed as first argument,
If sharedscripts is specified, whole pattern is passed to the script.

… … are executed after the log is rotated.
sharedscripts Normally, prerotate and postrotate are run for each log which is rotated and the
absolute path to the log is passed as first argument to the script.
That means a single script may be run multiple times for logs which match multiple files
With sharedscripts the scripts are only run once, no matter how many logs match the wildcarded pattern, and
whole pattern is passed to them.
unless none require rotating, then scripts will not be run at all.
If the scripts exit with error, the remaining actions will not be executed for any logs. overrides the nosharedscripts and implies create.
nosharedscripts Run prerotate and postrotate for every log which is rotated (default, and
overrides the sharedscripts ).
The absolute path to the log is passed as first argument to the script.
If scripts exit with error, the remaining actions will not be executed for the affected log only.

… … after all log files that match the wildcarded pattern are rotated, postrotate is run and only if at least one log is rotated.
Whole pattern is passed to the script as first argument.
rotate count Log files are rotated count times before being removed or mailed to the address specified in a mail directive. If count is 0, old versions are removed rather than rotated.
shred Delete log files using shred -u instead of unlink(). This should ensure that logs are not readable after their scheduled deletion; this is off by default. See also noshred.
noshred Do not use shred when deleting old log files. See also shred.
shredcycles count Asks GNU shred(1) to overwite log files count times before deletion. Without this option, shred's default will be used.
start count This is the number to use as the base for rotation. For example, if you specify 0, the logs will be created with a .0 extension as they are rotated from the original log files. If you specify 9, log files will be created with a .9, skipping 0-8. Files will still be rotated the number of times specified with the rotate directive.
su user group Rotate log files set under this user and group instead of using default user/group (usually root). user specifies the user name used for rotation and group specifies the group used for rotation.
tabooext [+] list The current taboo extension list is changed (see the include directive for information on the taboo extensions). If a + precedes the list of extensions, the current taboo extension list is augmented, otherwise it is replaced. At startup, the taboo extension list contains
.rpmsave, .rpmorig, ~, .disabled, .dpkg-old, .dpkg-dist, .dpkg-new, .cfsaved, .ucf-old, .ucf-dist, .ucf-new, .rpmnew, .swp, .cfsaved, .rhn-cfg-tmp-*
mail address When a log is rotated out of existence, it is mailed to address. If no mail should be generated by a particular log, the nomail directive may be used.
nomail Do not mail old logs to any address.
mailfirst When using the mail command, mail the just-rotated file, instead of the about-to-expire file.
maillast When using the mail command, mail the about-to-expire file, instead of the just-rotated file (this is the default).
compresscmd Default gzip
uncompresscmdDefault gunzip
compressext Default .gz.
For compressions commands other than gzip change this.
compressoptions Command line options passed to the compression program. default is -9 (maximum compression for gzip).
For compressions commands other than gzip change this.

sudo logrotate -dv /etc/logrotate.d


/var/lib/logrotate.status Default state file.
/etc/logrotate.conf Configuration options.

/var/lib/logrotate/status dapie 9/24/13

logrotate state -- version 2
"/var/log/ConsoleKit/history" 2013-3-1
"/var/log/syslog" 2013-3-10
"/var/log/dpkg.log" 2013-7-10
"/var/log/auth.log" 2013-9-22
"/var/log/apt/term.log" 2013-3-1
"/var/log/mysql/mysql-slow.log" 2013-3-14
"/var/log/apt/history.log" 2013-3-1
"/var/log/samba/log.smbd" 2013-3-3
"/var/log/alternatives.log" 2013-7-10
"/var/log/debug" 2013-1-13
"/var/log/mail.log" 2013-1-6
"/var/log/kern.log" 2013-9-22
"/var/log/mysql.log" 2013-9-24
"/var/log/aptitude" 2013-1-6
"/var/log/apache2/access.log" 2013-3-14
"/var/log/wtmp" 2013-9-1
"/var/log/daemon.log" 2013-9-22
"/var/log/mail.warn" 2013-1-6
"/var/log/xdm.log" 2013-9-1
"/var/log/btmp" 2013-9-1
"/var/log/lpr.log" 2013-1-6
"/var/log/mail.err" 2013-1-6
"/var/log/mysql/mysql.log" 2013-3-14
"/var/log/samba/log.nmbd" 2013-3-6
"/var/log/user.log" 2013-9-22
"/var/log/mail.info" 2013-1-6
"/var/log/apache2/other_vhosts_access.log" 2013-3-14
"/var/log/apache2/error.log" 2013-3-14
"/var/log/cron.log" 2013-1-6
"/var/log/messages" 2013-1-13
sample output