Log Rotation in a Nutshell

The basic idea of log rotation is explained in the following five steps.

  1. You have a program that sends its logs to /var/log/foo.log.
  2. It’s starting to grow to an uncomfortable size.
  3. When it gets too big you rotate it by renaming the file something like /var/log/foo.log.1.
  4. You create a new file called /var/log/foo.log (where your program sends its log to).
  5. You can decide what you want to do with /var/log/foo.log.1. Maybe you compress it or copy it to another server and then delete it.

Many modern Linux distributions the logrotate utility to manage log rotation. By default, it is configured to run daily using cron.

$ cat /etc/logrotate.conf
# see "man logrotate" for details

include /etc/logrotate.d

man logrotate has detailed explanations of the configuration options. It’s suggested that you make a config file in /etc/logrotate.d for each log you want to be managed. Here is an example.

/var/log/myapp {
    monthly
    rotate 24
    create
    compress
}

This configuration will watch /var/log/myapp, rotate the log once a month, compress the rotated log, and create a new empty log after rotation.

That’s pretty much all there is to it.