rotates, compresses, etc system logs

 uses newsyslog

logrotate [-d|--debug] [-v|--verbose] [-f|--force] [-s|--state file] config_file []

sudo logrotate -v /etc/logrotate.d/rsyslog 2>&1 | sed --unbuffered '/Creating new state/d' |more

sudo service rsyslog restart ;
service rsyslog status|tail -n 10

Omiting sudo is good for testing however it will cause:
   error: error setting owner of /var/lib/logrotate/status.tmp to uid 0 and gid 50: Operation not permitted

Any process (including remote ones) can generate log file entries using logger.
logrotate manages logs by providing rotation, compression, removal and mailing of log files.
Logs are rotated periodically or when they grow large.

Run as a cron job,
Config files MUST have mode rw-r--r-- !
Multiple config files may be given on the command line, later options override.
A directory on the command line (example: /etc/logrotate.d causes all files in that directory to be used.


no changes are made to logs or the state file, implies --verbose.
output to stderr. Redirect with 2>1 or -l rotate.log
-l rotate.log Log verbose output to rotate.log, as with -v . Overwritten on each execution.
rotation is forced. NOT useful after adding new entries to the config file or to remove old logs
--mail command
command should accept subject and recipient.
command is expected to read a message on standard input and mail it to the recipient.
Default:/usr/bin/mail -s
--state statefile
use an alternate state file. useful if run as a different user for various sets of log files.
Default /var/lib/logrotate/status example.
--usage Prints a short usage message.
Usage: logrotate [OPTION...] configfile
  -d, --debug               Don't do anything, just test (implies -v)
  -f, --force               Force file rotation
  -m, --mail=command        Command to send mail (instead of /usr/bin/mail)
  -s, --state=statefile     Path of state file
  -v, --verbose             Display messages during rotation

Help options:
  -?, --help                Show this help message
      --usage               Display brief usage message

Configuration file

May be specified on the command line.
Options with arguments may NOT have any data following the arguments. (for example weekly … su root staff ) is not permitted.

Lines before the first filename set global options.
Local definitions override global ones and later definitions override earlier ones and specify logfiles to rotate. N.B. Specifying a specific config files will not use global options from "master" config file.
No [TAB] characters permitted!


 # global options effect all files
        maxsize 100000
       /var/log/messages {
           rotate 5
               /usr/bin/killall -HUP syslogd

       "/var/log/httpd/access.log" /var/log/httpd/error.log {
           rotate 5
           mail wwwadmin@my.org
           size 100k
               /usr/bin/killall -HUP httpd

       /var/log/news/* {
           rotate 2
           olddir /var/log/news/old
               kill -HUP `cat /var/run/inn.pid`

A # begins a comment.

/var/log/messages will go through five weekly rotations (a month plus 1 week).
 After it has been rotated (but before the old version has been compressed),
 /sbin/killall -HUP syslogd will be executed to wake up syslogd and get it to look around.

Both /var/log/httpd/access.log and /var/log/httpd/error.log are rotated when it grows over 100k in size,
  the old logs files are mailed (uncompressed!) to wwwadmin@my.org after going through 5 rotations, rather than being removed.
With sharedscripts the postrotate script will only be run once (after the old logs have been compressed), not for each log.

Names may need to be enclosed in quotes
All files in /var/log/news are rotated on a monthly basis.
This is a single rotation directive and if errors occur for more than one file, the logs are not compressed.
If the directory /var/log/news does not exist, an error is reported which is not stopped with the missingok .

Use wildcards with caution. Specifingy *, will rotate all files, including previously rotated ones.
Use olddir or a more exact wildcard (such as *.log).

Options in Configuration

[no]compress Old versions of logs
[no]delaycompress Postpone compression of the previous log until the next cycle.
Results in log (the active one) log.1 log.2.gz
Used when a process might continue writing to the previous log (remember logrotate can log non-syslog files)
rotate count rotate count times before being removed or mailed. 0, old versions are removed.
[no]create mode owner group Immediately after rotation (before postrotate ) new file is created
numeric mode for the file (as chmod).
Defaults to the same values as the original
Disabled with nocreate. Does not create files not rotated ex missing.
[no]copy copy log, don't change the original used to make a snapshot of the current log.
Useful when some other utility needs to truncate or parse the log.
create is ignored.
[no]copytruncate Rotating is done by creating a copy, then truncating the original to zero in place.
nocopytruncate moves the old log and optionally creating a new one,
Use when a process cannot be told to close the log and might continue appending to the previous log ( During the small time between copying the log and truncating it entries might be lost.).
create is ignored.
hourlyoperate every hour. /etc/cron.daily executes logrotate daily.
dailyoperate every day.
weekly operate if the current weekday is less than the weekday of the last rotation or
if more than a week has passed since the last rotation.
Normally the same as rotating logs on the first day of the week, but better if logrotate is not run every night.
monthly operate the first time logrotate is run in a month (normally on the first day of the month).
yearly operate if the current year is not the same as the last rotation.
[no]dateext name old versions by adding a date extension (YYYYMMDD)
dateformat format_string Specify dateext using the notation %Y %m %d and %s.
Default -%Y%m%d. the character separating log name from the extension is part of the dateformat string.
The datestamps generated by this format must be properly sortable based on time.
For example do NOT use %m-%d-%Y.
dateyesterday Use yesterday's date for dateext extension, so rotated log name is the same messages
extension ext Log files with ext extension keep it after the rotation. If compression is used, the compression extension (normally .gz) appears after ext. For example to have a logfile named mylog.foo and want to rotate it to mylog.1.foo.gz instead of mylog.foo.1.gz.
addextension ext Log files are given the final extension ext after rotation. If the original file already ends with ext, the extension is not duplicated, but merely moved to the end, i.e. both filename and filenameext would get rotated to filename.1ext. If compression is used, the compression extension (normally .gz) appears after ext.
include file|directory If a directory is given, most of the files in that directory are processed, in alphabetic order, before processing of the including file continues.
Files which are not regular files (such as directories and named pipes) and files whose names end with one of the taboo extensions, as specified by tabooext are not processed.
tabooext [+] exten-list If a + precedes the list, the list is augmented, otherwise it is replaced.
The initial list is :
.rpmsave, .rpmorig, ~, .disabled, .dpkg-old, .dpkg-dist, .dpkg-new, .cfsaved, .ucf-old, .ucf-dist, .ucf-new, .rpmnew, .swp, .cfsaved, .rhn-cfg-tmp-*
size nnn[k|M|G]Rotate if bigger than nnn kilobytes, Megabytes, and Gigabytes.
[not]ifempty Rotate even if empty, default
maxsize bytes Rotate when bigger than bytes even before the time interval (daily, weekly, monthly, or yearly).
timestamp of a log is considered as well.
minsize bytes Rotate if bigger than bytes, but not before the time interval (daily, weekly, monthly, or yearly). size is similar except that it is mutually exclusive with the time interval options, and it causes logs to be rotated without regard for the last rotation time. When minsize is used, both the size and timestamp of a log are considered.
maxage days Remove (and mail) rotated logs older than days days. if the log is to be rotated.
minage days Do not rotate logs which are less than days days old.
[no]missingok If the log is missing, continue without error . no: issue an error.
[no]olddir dir Logs are moved into subdirectory dir or an absolute path on the same physical device as the log.
no: Logs are rotated in the directory they reside in (overrides olddir ).
   mode owner group
If the directory specified by olddir does not exist, it is created.

The lines between firstaction and endscript (both of which must appear on lines by themselves) are executed (using /bin/sh) once before all logs that match the wildcarded pattern are rotated,
before prerotate and only if at least one log will actually be rotated.
These directives must appear inside a log definition.
Whole pattern is passed to the script as first argument.
If the script exits with error, no further processing is done.

… … once just before removal of a log file. passes the name of file which soon will be removed.

… … are executed before the log is rotated and only if the log will actually be rotated.
The absolute path to the log is passed as first argument,
If sharedscripts is specified, whole pattern is passed to the script.

… … are executed after the log is rotated.

… … after all log files that match the wildcarded pattern are rotated, postrotate is run and only if at least one log is rotated.
Whole pattern is passed to the script as first argument.
sharedscripts Normally, prerotate and postrotate are run for each log which is rotated and the
absolute path to the log is passed as first argument to the script.
That means a single script may be run multiple times for logs which match multiple files
With sharedscripts the scripts are only run once, no matter how many logs match the wildcarded pattern, and
whole pattern is passed to them.
unless none require rotating, then scripts will not be run at all.
If the scripts exit with error, the remaining actions will not be executed for any logs. overrides the nosharedscripts and implies create.
nosharedscripts Run prerotate and postrotate for every log which is rotated (default, and
overrides the sharedscripts ).
The absolute path to the log is passed as first argument to the script.
If scripts exit with error, the remaining actions will not be executed for the affected log only.
shred Delete files using shred -u ensuring old information is unreadable.
shredcycles count shred files count times
start n base extension for rotation. specify 0, logs will be rotated with a .0 extension
Files will still be rotated rotate-count times
su user group Rotate files under this user and group
mail address When a log is rotated out of existence, mail it to address.
nomail Do not mail old logs
mailfirst with mail , mail the just-rotated file
maillast with mail , mail the about-to-expire file, default
compresscmd Default gzip
uncompresscmdDefault gunzip
compressext Default .gz.
For compressions commands other than gzip change this.
compressoptions Command line options passed to the compression program. default is -9 (maximum compression for gzip).
For compressions commands other than gzip change this.

sudo logrotate -dv /etc/logrotate.d


Potentially dangerous mode on file : 0660 group rw
error: Ignoring file because it is writable by group or others.
Removing file from state file, because it does not exist and has not been rotated for one year

In daemon.info due to [TAB]:
error: found error in file fff , skipping
error: found error in /var/log/lll.log , skipping
error: lll:1 bad rotation count '9}'
error: ffff:2 bad weekly directive ' maxsize 20k'


/var/lib/logrotate.status Default state file.
/etc/logrotate.conf Configuration options.

/var/lib/logrotate/status dapie 9/24/13

logrotate state -- version 2
"/var/log/ConsoleKit/history" 2013-3-1
"/var/log/syslog" 2013-3-10
"/var/log/dpkg.log" 2013-7-10
"/var/log/auth.log" 2013-9-22
"/var/log/apt/term.log" 2013-3-1
"/var/log/mysql/mysql-slow.log" 2013-3-14
"/var/log/apt/history.log" 2013-3-1
"/var/log/samba/log.smbd" 2013-3-3
"/var/log/alternatives.log" 2013-7-10
"/var/log/debug" 2013-1-13
"/var/log/mail.log" 2013-1-6
"/var/log/kern.log" 2013-9-22
"/var/log/mysql.log" 2013-9-24
"/var/log/aptitude" 2013-1-6
"/var/log/apache2/access.log" 2013-3-14
"/var/log/wtmp" 2013-9-1
"/var/log/daemon.log" 2013-9-22
"/var/log/mail.warn" 2013-1-6
"/var/log/xdm.log" 2013-9-1
"/var/log/btmp" 2013-9-1
"/var/log/lpr.log" 2013-1-6
"/var/log/mail.err" 2013-1-6
"/var/log/mysql/mysql.log" 2013-3-14
"/var/log/samba/log.nmbd" 2013-3-6
"/var/log/user.log" 2013-9-22
"/var/log/mail.info" 2013-1-6
"/var/log/apache2/other_vhosts_access.log" 2013-3-14
"/var/log/apache2/error.log" 2013-3-14
"/var/log/cron.log" 2013-1-6
"/var/log/messages" 2013-1-13
sample output