Logrotate Cheatsheet
Introduction
If you are taking the time to read this, chances are high that you ran into an issue whereby log files filled up your server. Luckily, logrotate is a very quick and easy solution that will automatically reduce/prune your logs.
Setup
Install
sudo apt update && sudo apt install logrotate
Config File Locations
The main logrotate config file is located at /etc/logrotate.conf
but the files you are usually going to be interested in are within /etc/logrotate.d/
.
For example, on Debian 12 running nginx and fpm, it contains the following default nginx config file:
/var/log/nginx/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}
Expected Permissions
if you create a file here, you should give it permissions 644
, otherwise when you run logrotate, you will see a similar message to below:
warning: Potentially dangerous mode on /etc/logrotate.d/someConfigFile: 700
Likewise, the folder containing the logs that logrotate is supposed to rotate is expected to only be writeable by the user that logrotate is acting as.
in general, i would set permissions of 755 on a /var/log/something
folder that is owned by root. if the owner needs to be someone other than root,
then add su someUser someGroup
to the logrotate config file in order to tell it to become that user and grop before performing the logrotate actions.
Failure to do this will result in error messages like:
error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/nginx/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Running And Testing
Manually Run Logrotate
To manually run one of your logrotate configurations, simply specify the path to the config file like so:
logrotate /etc/logrotate.d/nginx
Using Force
One can add the --force
parameter to force logrotate rotation. This essentially causes it to ignore the parameters
in the logrotate config file that specify the minsize
, size
, and age etc. Thus you probably don't want to do this
and may just need to alter these restrictions in your config file before running a normal run.
Test / Debug Logrotate Configuration
If you want to test what logrotate would do, but not actually touch the log files, you could test your configuration with:
logrotate --debug /etc/logrotate.d/nginx
--debug
with -d
. I use longhand because I find it easier to remember.
Appendix
Config File Options
delaycompress
Postpone compression of the previous log file to the next rotation cycle. This only has effect when used in combination with compress. It can be used when some program cannot be told to close its logfile and thus might continue writing to the previous log file for some time.
missingok
If the log file is missing, go on to the next one without issuing an error message. See also nomissingok.
notifempty
Do not rotate the log if it is empty (this overrides the ifempty option).
ifempty
Rotate the log file even if it is empty, overriding the notifempty option (ifempty is the default).
Default Configs
PHP 8.2 FPM
The default content of the /etc/logrotate.d/php8.2-fpm
file is as follows:
/var/log/php8.2-fpm.log {
rotate 12
weekly
missingok
notifempty
compress
delaycompress
postrotate
if [ -x /usr/lib/php/php8.2-fpm-reopenlogs ]; then
/usr/lib/php/php8.2-fpm-reopenlogs;
fi
endscript
}
Nginx
/var/log/nginx/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}
References
First published: 23rd July 2024