Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Logrotate Cheatsheet

Introduction

If you are taking the time to read this, chances are high that you ran into an issue whereby log files filled up your server. Luckily, logrotate is a very quick and easy solution that will automatically reduce/prune your logs.

Setup

Install

sudo apt update && sudo apt install logrotate

Config File Locations

The main logrotate config file is located at /etc/logrotate.conf but the files you are usually going to be interested in are within /etc/logrotate.d/.

For example, on Debian 12 running nginx and fpm, it contains the following default nginx config file:

/var/log/nginx/*.log {
        daily
        missingok
        rotate 14
        compress
        delaycompress
        notifempty
        create 0640 www-data adm
        sharedscripts
        prerotate
                if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
                        run-parts /etc/logrotate.d/httpd-prerotate; \
                fi \
        endscript
        postrotate
                invoke-rc.d nginx rotate >/dev/null 2>&1
        endscript
}

Expected Permissions

if you create a file here, you should give it permissions 644, otherwise when you run logrotate, you will see a similar message to below:

warning: Potentially dangerous mode on /etc/logrotate.d/someConfigFile: 700

Likewise, the folder containing the logs that logrotate is supposed to rotate is expected to only be writeable by the user that logrotate is acting as. in general, i would set permissions of 755 on a /var/log/something folder that is owned by root. if the owner needs to be someone other than root, then add su someUser someGroup to the logrotate config file in order to tell it to become that user and grop before performing the logrotate actions.

Failure to do this will result in error messages like:

error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/nginx/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

Running And Testing

Manually Run Logrotate

To manually run one of your logrotate configurations, simply specify the path to the config file like so:

logrotate /etc/logrotate.d/nginx

Using Force

One can add the --force parameter to force logrotate rotation. This essentially causes it to ignore the parameters in the logrotate config file that specify the minsize, size, and age etc. Thus you probably don't want to do this and may just need to alter these restrictions in your config file before running a normal run.

Test / Debug Logrotate Configuration

If you want to test what logrotate would do, but not actually touch the log files, you could test your configuration with:

logrotate --debug /etc/logrotate.d/nginx

Shorthand enthusiasts can swap out --debug with -d. I use longhand because I find it easier to remember.

Appendix

Config File Options

delaycompress

Postpone compression of the previous log file to the next rotation cycle. This only has effect when used in combination with compress. It can be used when some program cannot be told to close its logfile and thus might continue writing to the previous log file for some time.

missingok

If the log file is missing, go on to the next one without issuing an error message. See also nomissingok.

notifempty

Do not rotate the log if it is empty (this overrides the ifempty option).

ifempty

Rotate the log file even if it is empty, overriding the notifempty option (ifempty is the default).

This probably makes sense if you are rotating based on a schedule, rather than on size. E.g. I'm expecting one compressed log file for each day of the week. So I want that file, even if it's emtpy.

Default Configs

PHP 8.2 FPM

The default content of the /etc/logrotate.d/php8.2-fpm file is as follows:

/var/log/php8.2-fpm.log {
        rotate 12
        weekly
        missingok
        notifempty
        compress
        delaycompress
        postrotate
                if [ -x /usr/lib/php/php8.2-fpm-reopenlogs ]; then
                        /usr/lib/php/php8.2-fpm-reopenlogs;
                fi
        endscript
}

Nginx

/var/log/nginx/*.log {
        daily
        missingok
        rotate 14
        compress
        delaycompress
        notifempty
        create 0640 www-data adm
        sharedscripts
        prerotate
                if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
                        run-parts /etc/logrotate.d/httpd-prerotate; \
                fi \
        endscript
        postrotate
                invoke-rc.d nginx rotate >/dev/null 2>&1
        endscript
}

References

Last updated: 23rd July 2024
First published: 23rd July 2024