In reality, effective log file management is critical for high system availability. And you don't need to host a few websites or monitor a space craft to care about it. If you're running a Linux distribution on your desktop, or managing a network of such desktops, you need an effective log management policy for everything from troubleshooting server errors to monitoring how devices interact with the kernel.
While they are simple text files, logs have a tendency to grow and grow and eat up valuable disk resources. Most distributions include a nifty tool, Logrotate, that rotates log files: copying them to a backup file and creating a new log. Backup logs are usually removed when they are out of date.
Many tools use the services of logrotate if it's included with your distribution. If you have some logs under /var/log that are suffixed with a dot and a number (/var/log/daemon.log.1) or even compressed (/var/log/mysql.log.5.gz), it means they are being regulated by logrotate.
Logrotate needs a simple configuration file to help it manage the logs. You can have multiple configuration files, one for every log, or maintain multiple logs through one configuration file. The default configuration file is /etc/logrotate.conf. If you have services that keep a log under /var/log like Apache and MySQL, you'll find their configuration files under /etc/logrotate.d.
Here is a sample logrotate.conf:
create 0664 root utmp
The first four keywords,
include are global directives, whereas the directives
rotate are specific to the log file /var/log/wtmp. A local directive takes precedence over a global directive if it appears in both, like
rotate in the listing above.
Working with Logrotate
If you have a program that keeps a log, you can save some serious effort by using logrotate to keep them in order for you. Logrotate can also work on logs of services that are run by a normal user. It also comes in handy if you have a program that keeps multiple logs and writes a lot to them.
Let's assume we have a new service "foobar" which is configured to log under /home/bodhi/logs/foobar and runs as a normal user's process. We keep its logrotate configurations under /home/bodhi/config in a file named foobar. Like this one:
create 640 bodhi bodhi
daily to ensure that the logs are rotated everyday and
rotate 7 to make sure no more than 7 days of logs are kept. When a log expires, it's emailed to bodhi@localhost before being deleted as specified by
compress shrinks rotated logs except yesterday's because of
delaycompress. Logrotate doesn't complain if the log files are missing thanks to
missingok. After the logs have been rotated, a new one is created by
create as being owned by the user and group bodhi and the service is restarted.
Putting it to work
Now that we have our configuration file in place, it's time to create a cron job for it to actually make logrotate work. You do this by running
crontab -e and adding a new cron job to the file.
00 00 * * * /usr/sbin/logrotate -s /home/bodhi/config/logrotate.status /home/bodhi/config/foobar
Cron ensures that the command runs at midnight everyday. The command has three parts.
/usr/sbin/logrotate is the path to logrotate. The
-s /home/bodhi/config/logrotate.status option specifies where logrotate keeps its status information. This file has to be writeable by the user running the cron. The last argument
/home/bodhi/config/foobar tells logrotate to use our custom configuration file.
To test the configuration file, issue the command specified in the cron job with an additional
-f switch. This will force the logs to be rotated. It helps to run logrotate with this switch every time the configuration files are changed.
Logrotate is a very simple but extremely useful tool. Many people fail to realize that logrotate can work for them as well. In this article, the configuration file instructs logrotate to take charge of a process running under a user.
We used several configuration options, but a visit to
man logrotate for more options is a good idea before writing your own. If you have logrotate managing logs on your machine, reviewing its configuration files of the services its maintaining is a good way to learn logrotate's common usage.