• VMware

    Learn about VMware virtualization for its products like vsphere ESX and ESXi, vCenter Server, VMware View, VMware P2V and many more

  • Linux

    Step by step configuration tutorials for many of the Linux services like DNS, DHCP, FTP, Samba4 etc including many tips and tricks in Red Hat Linux.

  • Database

    Learn installation and configuration of databases like Oracle, My SQL, Postgresql, etc including many other related tutorials in Linux.

  • Life always offers you a second chance ... Its called tomorrow !!!

    Friday, June 06, 2014

    How to configure logrotate for a new log file in Red Hat Linux

    What is logrotate?

    logrotate  is  designed to ease administration of systems that generate large numbers of log files.  It allows automatic rotation, compression, removal, and mailing of log files.  Each log file may be handled daily, weekly, monthly, or when it grows too large.

    Lets have a look at the main configuration file for logrotate is /etc/logrotate.conf
    # rotate log files weekly

    # keep 4 weeks worth of backlogs
    rotate 4

    # create new (empty) log files after rotating old ones

    # use date as a suffix of the rotated file

    # uncomment this if you want your log files compressed

    # RPM packages drop log rotation information into this directory
    include /etc/logrotate.d

    # no packages own wtmp and btmp -- we'll rotate them here
    /var/log/wtmp {
        create 0664 root utmp
            minsize 1M
        rotate 1

    /var/log/btmp {
        create 0600 root utmp
        rotate 1

    Now the comment section explains most of the parameter used. And there is nothing to be changed in this file so let it be with the default values.

    Setting up logrotate

    For this article purpose I have created a new log file firewall.log inside /var/log which will contain all iptables related log.

    Next create a new file inside /etc/logrotate.d as shown below
    # cd /etc/logrotate.d
    # touch firewall.log

    The parameter and their respective values which you can use for configuring logrotate are as shown below
    Old versions of log files are compressed with gzip by default.
    create mode owner group
    Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated).  

    mode  specifies  the  mode for the log file in octal
    owner specifies the user name  who  will own  the  log  file, 
    group specifies the group the log file will belong to.
    Log files are rotated as per the value used
    minsize size
    Log files are rotated when they grow bigger then size bytes, but not before the  additionally  specified  time  interval  (daily, weekly, monthly, or yearly
    If the log file is missing, go on to the next one without issuing an error message.
    size size
    Log files are rotated when they grow bigger then size bytes.  If size is followed by M, the size if assumed to be in megabytes. If the k is used, the size is in kilobytes.
    Do not rotate the log if it is empty (this overrides the ifempty option).
    Add the entries as per your requirement for the rotation of your log file. Below is a sample from my machine
    # less /etc/logrotate.d/firewall.log
    /var/log/firewall.log {
        rotate 2
        size 30k
        create 0600 root root

    Once done save the file.

    Verify your configuration

    Manually we can add some contents to our firewall.log just to verify the configuration
    # seq 1000 > firewall.log

    # ll firewall.log
    -rw------- 1 root root
    3893 Jun 26 11:02 firewall.log

    So let us try to forcefully rotate the log files
    # logrotate -f /etc/logrotate.conf
    See the changes
    # ll firewall.log*
    -rw------- 1 root root    0 Jun 26 11:02 firewall.log
    -rw------- 1 root root
    1848 Jun 26 11:02 firewall.log-20140626.gz

    So our last firewall.log file was compressed as you can see the size change from 3893 to 1848 bytes and a new firewall.log file is created with 0600 permission.

    Let me know your success and failures.

    Related Articles
    Tutorial for SYSLOG with Examples in Red Hat Linux
    How to log iptables messages in different log file
    What are the s and k scripts in the etc rcx.d directories

    Follow the below links for more tutorials

    Step by Step Linux Boot Process Explained In Detail
    RAID levels 0, 1, 2, 3, 4, 5, 6, 0+1, 1+0 features explained in detail
    Tutorial for Monitoring Tools SAR and KSAR with examples in Linux
    How to secure Apache web server in Linux using password (.htaccess)
    How to register Red Hat Linux with RHN (Red Hat Network )
    15 tips to enhance security of your Linux machine
    How does a DNS query works when you type a URL on your browser?
    How to create password less ssh connection for multiple non-root users
    How to create user without useradd command in Linux
    How to give normal user root privileges using sudo in Linux/Unix
    How to do Ethernet/NIC bonding/teaming in Red Hat Linux
    How to install/uninstall/upgrade rpm package with/without dependencies
    Why is Linux more secure than windows and any other OS
    What is the difference between "su" and "su -" in Linux?
    How to secure boot loader (grub menu) with password in RHEL 6


    1. nicely explain. Apart from this we could also use two more useful options.First one is copytruncate, it instruct logrotate to creates the copy of the original file (i.e rotate the original log file) and truncates the original file to zero byte size. This helps the respective service that belongs to that log file can write to the proper file.
      Second is maxage, it automatically removes the rotated files after a specific number of days.

      $ cat logrotate.conf
      /tmp/output.log {
      size 1k
      rotate 4
      maxage 100