๐ Log Rotation and Management with logrotate in AlmaLinux: Clean Guide
Ever had your server crash because the disk filled up with logs? ๐ฑ Yeah, me too! Itโs embarrassing, right? One time, a simple Apache log ate up 50GB and brought down our whole web server. Thatโs when I learned about logrotate - the unsung hero of Linux systems! Today Iโm gonna show you how to keep your logs under control, save disk space, and never worry about runaway log files again. Letโs tame those logs! ๐
๐ค Why is Log Rotation Important?
Logs are like rabbits - they multiply fast! Without proper management, theyโll eat all your disk space. Hereโs why log rotation is absolutely essential:
- ๐พ Save Disk Space - Prevent logs from filling your drive
- ๐ Keep Logs Organized - Find what you need quickly
- ๐ Maintain History - Keep old logs for compliance
- ๐ Better Performance - Smaller logs = faster searches
- ๐ Security - Archive sensitive logs properly
- ๐ฐ Save Money - No emergency disk upgrades!
Trust me, once you set up logrotate properly, youโll sleep better at night! ๐ด
๐ฏ What You Need
Before we start rotating logs, check you have:
- โ AlmaLinux system running
- โ Root or sudo access
- โ Some log files to manage
- โ 15 minutes to organize your logs forever
- โ Coffee (log management is serious business! โ)
๐ Step 1: Understanding logrotate Basics
Logrotate is already installed on AlmaLinux - itโs that important! Letโs explore how it works.
Check logrotate Status
# Check if logrotate is installed
rpm -qa | grep logrotate
# See version
logrotate --version
# Main config file
cat /etc/logrotate.conf
# Config directory for apps
ls -la /etc/logrotate.d/
# Check when it last ran
cat /var/lib/logrotate/logrotate.statusHow logrotate Works
# Logrotate runs daily via cron
cat /etc/cron.daily/logrotate
# Manual run (dry run - no changes)
logrotate -d /etc/logrotate.conf
# Force rotation (even if not due)
logrotate -f /etc/logrotate.conf
# Verbose mode to see what's happening
logrotate -v /etc/logrotate.confThe rotation cycle: ๐
- Check if logs need rotating (size/time)
- Rename current log (add number/date)
- Create new empty log file
- Compress old logs (optional)
- Delete really old logs
๐ง Step 2: Configuring Log Rotation
Letโs create custom rotation rules! This is where the magic happens.
Basic Configuration
# Create config for your app
sudo nano /etc/logrotate.d/myapp
# Basic configuration
/var/log/myapp/*.log {
daily # Rotate daily
rotate 7 # Keep 7 old logs
compress # Compress old logs
delaycompress # Compress on next rotation
missingok # Don't error if missing
notifempty # Don't rotate empty logs
create 644 root root # Create new log with permissions
}Advanced Configuration Options
# More sophisticated example
/var/log/myapp/*.log {
# Rotation frequency
daily # or weekly, monthly, yearly
# How many to keep
rotate 30 # Keep 30 old files
# Size-based rotation
size 100M # Rotate when reaches 100MB
maxsize 500M # Force rotate at 500MB
# Compression
compress # Gzip old logs
compresscmd /usr/bin/gzip
compressext .gz
delaycompress # Don't compress most recent
# Permissions
create 640 appuser appgroup
# Scripts
sharedscripts # Run scripts once for all logs
postrotate
# Commands to run after rotation
systemctl reload myapp
endscript
prerotate
# Commands before rotation
echo "Rotating logs at $(date)" >> /var/log/rotation.log
endscript
}Date-Based Naming
# Use dates instead of numbers
/var/log/nginx/*.log {
daily
rotate 30
dateext # Use date extension
dateformat -%Y%m%d # Format: -20250820
dateyesterday # Use yesterday's date
compress
create 644 nginx nginx
sharedscripts
postrotate
/bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
endscript
}๐ Step 3: Real-World Examples
Letโs set up rotation for common services!
Apache/httpd Logs
sudo nano /etc/logrotate.d/httpd
/var/log/httpd/*log {
daily
rotate 14
compress
delaycompress
missingok
notifempty
create 640 apache apache
sharedscripts
postrotate
/bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
endscript
}Custom Application Logs
sudo nano /etc/logrotate.d/myapp
# Multiple log patterns
/var/log/myapp/*.log
/var/log/myapp/*.err
/var/log/myapp/*.out {
weekly
rotate 52 # Keep 1 year
compress
delaycompress
missingok
notifempty
size 50M # Also rotate if > 50MB
create 644 myapp myapp
sharedscripts
postrotate
# Notify app to reopen logs
/usr/bin/killall -USR1 myapp 2>/dev/null || true
endscript
}System Logs with Mail
# Send old logs via email before deletion
/var/log/critical/*.log {
weekly
rotate 4
compress
mail [email protected]
mailfirst # Mail before rotating
missingok
notifempty
create 600 root root
}โ Step 4: Testing and Troubleshooting
Always test before going live! ๐งช
Test Configuration
# Dry run - see what would happen
sudo logrotate -d /etc/logrotate.d/myapp
# Force rotation to test
sudo logrotate -f /etc/logrotate.d/myapp
# Verbose mode
sudo logrotate -v /etc/logrotate.d/myapp
# Debug specific config
sudo logrotate -d /etc/logrotate.conf 2>&1 | grep myappCheck Status
# See last rotation times
cat /var/lib/logrotate/logrotate.status
# Find specific app
grep myapp /var/lib/logrotate/logrotate.status
# Watch logs being rotated
ls -la /var/log/myapp/
# Monitor disk usage
df -h /var/log
du -sh /var/log/*๐ฎ Quick Examples
Example 1: Emergency Log Cleanup Script ๐จ
#!/bin/bash
# Emergency log cleanup when disk is full
echo "๐งน Emergency Log Cleanup!"
# Check disk usage
USAGE=$(df /var/log | tail -1 | awk '{print $5}' | sed 's/%//')
if [ $USAGE -gt 80 ]; then
echo "โ ๏ธ Disk usage critical: ${USAGE}%"
# Force rotate all logs
echo "Forcing log rotation..."
logrotate -f /etc/logrotate.conf
# Find and compress uncompressed logs
find /var/log -name "*.log" -type f -size +100M -exec gzip {} \;
# Delete old compressed logs
find /var/log -name "*.gz" -mtime +30 -delete
echo "โ
Cleanup complete!"
df -h /var/log
else
echo "โ
Disk usage OK: ${USAGE}%"
fiExample 2: Custom Log Monitor ๐
#!/bin/bash
# Monitor log growth and alert
LOG_DIR="/var/log"
THRESHOLD=1000 # MB
# Create monitoring function
monitor_logs() {
echo "๐ Log Size Report - $(date)"
echo "================================"
# Find large logs
large_logs=$(find $LOG_DIR -type f -size +${THRESHOLD}M 2>/dev/null)
if [ ! -z "$large_logs" ]; then
echo "โ ๏ธ Large logs found:"
for log in $large_logs; do
size=$(ls -lh "$log" | awk '{print $5}')
echo " $log: $size"
# Auto-rotate if it's configured
config=$(grep -l "$log" /etc/logrotate.d/* 2>/dev/null)
if [ ! -z "$config" ]; then
echo " โ Auto-rotating using $config"
logrotate -f "$config"
else
echo " โ No logrotate config found!"
fi
done
else
echo "โ
No logs exceed ${THRESHOLD}MB"
fi
echo ""
echo "Top 10 largest logs:"
find $LOG_DIR -type f -name "*.log" -exec ls -s {} \; | \
sort -rn | head -10 | \
while read size file; do
echo " $(ls -lh "$file" | awk '{print $5}') - $file"
done
}
monitor_logsExample 3: Automated Config Generator ๐ค
#!/bin/bash
# Generate logrotate configs automatically
generate_logrotate_config() {
local app_name=$1
local log_path=$2
local keep_days=${3:-30}
local user=${4:-root}
local group=${5:-root}
config_file="/etc/logrotate.d/${app_name}"
echo "๐ Generating logrotate config for $app_name..."
cat > "$config_file" << EOF
# Auto-generated logrotate config for $app_name
# Generated on $(date)
$log_path {
daily
rotate $keep_days
compress
delaycompress
missingok
notifempty
create 644 $user $group
size 100M
postrotate
# Reload or restart service if exists
if systemctl is-active ${app_name}.service > /dev/null 2>&1; then
systemctl reload ${app_name}.service
fi
endscript
}
EOF
echo "โ
Config created: $config_file"
echo "Testing configuration..."
if logrotate -d "$config_file" 2>&1 | grep -q "error"; then
echo "โ Configuration has errors!"
else
echo "โ
Configuration is valid!"
fi
}
# Usage examples
generate_logrotate_config "myapp" "/var/log/myapp/*.log" 30 "myapp" "myapp"
generate_logrotate_config "backup" "/var/log/backup/*.log" 7๐จ Fix Common Problems
Problem 1: Logs Not Rotating โ
Logs growing but not rotating?
# Check if logrotate is running
systemctl status crond
# Look for errors
journalctl -u crond | grep logrotate
# Check config syntax
logrotate -d /etc/logrotate.conf 2>&1 | grep error
# Force rotation
logrotate -f /etc/logrotate.d/yourapp
# Check permissions
ls -la /var/lib/logrotate/Problem 2: Permission Denied โ
Canโt create or rotate logs?
# Check log directory permissions
ls -ld /var/log/yourapp/
# Fix ownership
sudo chown -R appuser:appgroup /var/log/yourapp/
# SELinux issues?
getenforce
sudo semanage fcontext -a -t var_log_t "/var/log/yourapp(/.*)?"
sudo restorecon -Rv /var/log/yourappProblem 3: Disk Still Full โ
Rotated but disk still full?
# Find old rotated logs
find /var/log -name "*.gz" -mtime +30
# Clean them up
find /var/log -name "*.gz" -mtime +30 -delete
# Check for uncompressed old logs
find /var/log -name "*.1" -o -name "*.2"
# Compress them manually
find /var/log -name "*.[0-9]" -exec gzip {} \;Problem 4: Application Canโt Write After Rotation โ
App stops logging after rotation?
# Add copytruncate option
/var/log/app/*.log {
daily
rotate 7
compress
copytruncate # Copy log and truncate instead of moving
missingok
notifempty
}
# Or signal app to reopen logs
postrotate
kill -USR1 $(cat /var/run/app.pid)
endscript๐ Simple Commands Summary
| Task | Command |
|---|---|
| ๐ Test config | logrotate -d /etc/logrotate.d/app |
| ๐ Force rotation | logrotate -f /etc/logrotate.d/app |
| ๐ Check status | cat /var/lib/logrotate/logrotate.status |
| ๐ List configs | ls /etc/logrotate.d/ |
| ๐ Debug mode | logrotate -dv /etc/logrotate.conf |
| โ๏ธ Edit main config | sudo nano /etc/logrotate.conf |
| ๐๏ธ Compress logs | gzip /var/log/*.log |
| ๐ Check sizes | du -sh /var/log/* |
๐ก Tips for Success
- Test First ๐งช - Always use
-dflag before real rotation - Start Simple ๐ฏ - Basic config, then add features
- Monitor Disk ๐ - Set up disk usage alerts
- Compress Old ๐๏ธ - Save tons of space with compression
- Document ๐ - Comment your configs
- Regular Cleanup ๐งน - Donโt keep logs forever
And hereโs a pro tip: Set up different retention for different logs. Keep security logs longer than debug logs. I learned this after accidentally deleting important audit logs. Oops! ๐
๐ What You Learned
Youโre now a log rotation expert! You can:
- โ Configure logrotate for any application
- โ Set up size and time-based rotation
- โ Compress and archive old logs
- โ Run scripts during rotation
- โ Test and debug configurations
- โ Prevent disk full disasters
- โ Automate log management
๐ฏ Why This Matters
Proper log management means:
- ๐พ Never run out of disk space
- ๐ Find logs when you need them
- ๐ Keep compliance requirements
- ๐ Better system performance
- ๐ฐ Save on storage costs
- ๐ด Sleep peacefully at night
Last week, a client called me in panic - their e-commerce site was down. The culprit? A 75GB debug log! Set up logrotate, problem solved forever. They were so relieved they gave me a bonus. And now you can prevent these disasters too! ๐ช
Remember: Logs are important for debugging, but they shouldnโt crash your system. Set up logrotate once, and itโll quietly keep things clean forever. Itโs like having a janitor for your logs! ๐งน
Happy rotating! May your logs stay manageable and your disks never fill up! ๐โจ
