Configuring logrotate in RHEL7
The logrotate tool allows you to rotate the logs that are generated by applications and scriptsIt keeps your log directories clutter-free and minimizes disk usage when correctly configured.
The logrotate tool is installed by default.This document will show you how to rotate logs for rsyslog. We will rotate the logs everyday, add an extension based on the date, compress them with a one-day delay, and keep them for 365 days. Perform the following steps:
First, to check logrotate is installed, perform the following command:
[root@nsk ~]# rpm -qa | grep -i logrotate
logrotate-3.8.6-14.el7.x86_64
Ensure that it's enabled through the following:
[root@nsk ~]# systemctl restart crond
Open /etc/logrotate.d/syslog with your favorite editor. The contents of this file are the following, by default:
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
Now, replace this with the following code:
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
compress
daily
delaycompress
dateext
missingok
rotate 365
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
Finally, save the file.
The logrotate tool is a script that is launched by cron everyday.
The directives added to the default logrotate definition are compress, daily, delaycompress, dateext, missingok, and rotate.
The compress directive compresses old versions of the log files with gzip. This behavior is somewhat changed by specifying delaycompress. This causes us to always have the most recently rotated log file available uncompressed.
The daily directive makes logrotate execute the definition every day. The rotate directive only keeps x rotated log files before deleting the oldest. In this case, we have specified this to be 365, which means that while rotating daily, the logs are kept for 365 days.
The missingok directive makes it alright for syslog to not create a file, which, however unlikely, is possible.
The dateext directive appends a date to the rotated file in the form of yyyymmdd instead of a number, which is the default.
The /etc/logrotate.conf file contains the defaults directives for all definitions. If you don't specifically use a directive within a definition for a file, the values in this file will be used if specified.
Yum, for instance, doesn't generate a lot of messages, and it keeps this log file readable for much longer than your syslog files. This, by the way, is reflected in the definition for yum.
If you want to debug your new configuration, this can be achieved by executing the following to test just one configuration:
# /usr/sbin/logrotate -v /etc/logrotate.d/<config file>
[root@nsk ~]# /usr/sbin/logrotate -v /etc/logrotate.d/syslog
reading config file /etc/logrotate.d/syslog
Allocating hash table for state file, size 15360 B
Handling 1 logs
rotating pattern: /var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
....
....
renaming /var/log/spooler to /var/log/spooler-20171231
disposeName will be /var/log/spooler-20171231.gz
running postrotate script
removing old log /var/log/cron-20171231.gz
error: error opening /var/log/cron-20171231.gz: No such file or directory
set default create context
[root@nsk ~]#
Alternatively, you can use the following to test everything:
[root@nsk ~]# /usr/sbin/logrotate -v /etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file bootlog
reading config file chrony
reading config file numad
reading config file syslog
reading config file wpa_supplicant
reading config file yum
reading config file yum_24dec2017
error: yum_24dec2017:1 duplicate log entry for /var/log/yum.log
....
..
rotating pattern: /var/log/btmp monthly (1 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/btmp
log does not need rotating (log has been rotated at 2017-12-14 11:40, that is not month ago yet)
set default create context
[root@nsk ~]#