How to configure logrotate for a new log file in Red Hat Linux

What is logrotate?

logrotate  is  designed to ease administration of systems that generate large numbers of log files.  It allows automatic rotation, compression, removal, and mailing of log files.  Each log file may be handled daily, weekly, monthly, or when it grows too large.

Lets have a look at the main configuration file for logrotate is /etc/logrotate.conf

# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
        minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

Now the comment section explains most of the parameter used. And there is nothing to be changed in this file so let it be with the default values.

 

Setting up logrotate

For this article purpose I have created a new log file firewall.log inside /var/log which will contain all iptables related log.

Next create a new file inside /etc/logrotate.d as shown below

# cd /etc/logrotate.d
# touch firewall.log

The parameter and their respective values which you can use for configuring logrotate are as shown below

Parameter
Description
compress
Old versions of log files are compressed with gzip by default.
create mode owner group

Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated).  

 

mode  specifies  the  mode for the log file in octal
owner specifies the user name  who  will own  the  log  file, 
group specifies the group the log file will belong to.
daily/weekly/monthly/yearly
Log files are rotated as per the value used
minsize size
Log files are rotated when they grow bigger then size bytes, but not before the  additionally  specified  time  interval  (daily, weekly, monthly, or yearly
missingok
If the log file is missing, go on to the next one without issuing an error message.
size size
Log files are rotated when they grow bigger then size bytes.  If size is followed by M, the size if assumed to be in megabytes. If the k is used, the size is in kilobytes.
notifempty
Do not rotate the log if it is empty (this overrides the ifempty option).

Add the entries as per your requirement for the rotation of your log file. Below is a sample from my machine

# less /etc/logrotate.d/firewall.log
/var/log/firewall.log {
missingok
compress
rotate 2
notifempty
size 30k
daily
create 0600 root root
}

Once done save the file.

 

Verify your configuration

Manually we can add some contents to our firewall.log just to verify the configuration

# seq 1000 > firewall.log
# ll firewall.log
-rw------- 1 root root 3893 Jun 26 11:02 firewall.log

So let us try to forcefully rotate the log files

# logrotate -f /etc/logrotate.conf

See the changes

# ls -l firewall.log*
-rw------- 1 root root    0 Jun 26 11:02 firewall.log
-rw------- 1 root root 1848 Jun 26 11:02 firewall.log-20140626.gz

So our last firewall.log file was compressed as you can see the size change from 3893 to 1848 bytes and a new firewall.log file is created with 0600 permission.

Let me know your success and failures.

 

Related Articles
Tutorial for SYSLOG with Examples in Red Hat Linux
How to log iptables messages in different log file
What are the s and k scripts in the etc rcx.d directories

1 thought on “How to configure logrotate for a new log file in Red Hat Linux”

  1. nicely explain. Apart from this we could also use two more useful options.First one is copytruncate, it instruct logrotate to creates the copy of the original file (i.e rotate the original log file) and truncates the original file to zero byte size. This helps the respective service that belongs to that log file can write to the proper file.
    Second is maxage, it automatically removes the rotated files after a specific number of days.

    $ cat logrotate.conf
    /tmp/output.log {
    size 1k
    copytruncate
    rotate 4
    compress
    maxage 100
    }

    Reply

Leave a Comment