Linux system troubleshooting log: Logrotate

So, in our example, all the log files are backed up daily and kept for 7 days. These log files will have the following file name form:

logfilelogfile.0logfile.1logfile.2logfile.3logfile.4logfile.5logfile.6
 /etc/logrotate.conf File Example
 # rotate log files weekly (weekly cycle update log file) #weekly # rotate log files daily (every day...) daily # keep 4 weeks worth of backlogs (retain log file backups for 4 weeks) #rotate 4 # keep 7 days worth of backlogs (reserved log file backup within 7 days) rotate 7 # create new (empty) log files after rotating old ones (create a new empty log file when looping out files) create 
 /etc/logrotate.d folder
 Many Linux applications that need to use syslog will place their settings files in this folder so that their log files are rotated and their unique Name the name. It is best to check frequently if all newly installed software using syslog has a configuration file in this folder. Here are some examples of specifying a specific log rotation file for a particular software. 
 There is now a sample file in this directory that will rotate the files in the /data/backups file in .tgz format. The parameters in this file will override the settings in the /etc/logrotate.conf file. In this example, the revolving files will not be compressed, and they will be saved for 30 days if they are not empty. Their files will be root and the permissions will be set to 600.
/data/backups/*.tgz { daily rotate 30 nocompress missingok notifempty create 0600 root root}
 Note: On Debian/Ubuntu systems The /etc/cron.daily.sysklogd script will read the /etc/syslog.conf file and rotate all the set log files based on it. So, for general system logs, you don't have to repeat the settings in the /etc/logrotate.d folder. Because it does not run 24 hours in the /etc/cron.daily folder. In the Fedora/Redhat system, this script is replaced by /etc/cron.daily/logrotate. And it does not read the syslog configuration file. So, you have to set it in /etc/logrotate.d. 
 
 Activating logrotate
 The above settings for logrotate will only take effect if you use the following command: 
[root@bigboy tmp]# logrotate -f
 If you want logrotate to read only specific configuration files instead of all, run the configuration file name as a logrotate parameter:
[root@bigboy tmp]# logrotate -f /etc/Logrotate.d/syslog
 Compressing Your Log Files
 If your web page traffic is high, the log file will become extremely large. You can compress the log files by editing the logrotate.conf file to add compression options. 
## File: /etc/logrotate.conf## Activate log compression Activate log compression function compress
 These log files will be compressed with gzip, all files will have a .gz extension . 
[root@bigboy tmp]# ls /var/log/messages*/var/log/messages /var/log/messages.1.gz /var/log/messages.2.gz/var/Log/messages.3.gz /var/log/messages.4.gz /var/log/messages.5.gz/var/log/messages.6.gz /var/log/messages.7.gz[root@ Bigboy tmp]#
 It's still easy to see the contents of these files, because you can use the zcat command to quickly display their content on the screen. 
 [root@bigboy tmp]# zcat /var/log/messages.1.gz ... ... Nov 15 04:08:02 bigboy httpd: httpd shutdown succeeded Nov 15 04:08:04 Bigboy httpd: httpd startup succeeded Nov 15 04:08:05 bigboy sendmail[6003]: iACFMLHZ023165: to=<[email protected]>, delay=2+20:45:44, xdelay=00:00:02, Mailer=esmtp, pri=6388168, relay=www.clematis4spiders.info. [222.134.66.34], dsn=4.0.0, stat=Deferred: Connection refused by www.clematis4spiders.info. [root@bigboy tmp]#