1LOGROTATE(8) System Administrator's Manual LOGROTATE(8)
2
6 logrotate ‐ rotates, compresses, and mails system logs
7
10 logrotate [--force] [--debug] [--state file] [--verbose] [--log file]
11 [--mail command] config_file [config_file2 ...]
12
15 logrotate is designed to ease administration of systems that generate
16 large numbers of log files. It allows automatic rotation, compression,
17 removal, and mailing of log files. Each log file may be handled daily,
18 weekly, monthly, or when it grows too large.
19 Normally, logrotate is run as a daily cron job. It will not modify a
21 log more than once in one day unless the criterion for that log is
22 based on the log's size and logrotate is being run more than once each
23 day, or unless the -f or --force option is used.
24 Any number of config files may be given on the command line. Later con‐
26 fig files may override the options given in earlier files, so the order
27 in which the logrotate config files are listed is important. Normally,
28 a single config file which includes any other config files which are
29 needed should be used. See below for more information on how to use
30 the include directive to accomplish this. If a directory is given on
31 the command line, every file in that directory is used as a config
32 file.
33 If no command line arguments are given, logrotate will print version
35 and copyright information, along with a short usage summary. If any
36 errors occur while rotating logs, logrotate will exit with non-zero
37 status.
38
41 -f, --force
42 Tells logrotate to force the rotation, even if it doesn't think
43 this is necessary. Sometimes this is useful after adding new
44 entries to a logrotate config file, or if old log files have
45 been removed by hand, as the new files will be created, and log‐
46 ging will continue correctly.
47 -d, --debug
50 Turn on debug mode, which means that no changes are made to the
51 logs and the logrotate state file is not updated. Only debug
52 messages are printed.
53 -s, --state statefile
56 Tells logrotate to use an alternate state file. This is useful
57 if logrotate is being run as a different user for various sets
58 of log files. The default state file is /var/lib/logro‐
59 tate/logrotate.status.
60 -v, --verbose
63 Turns on verbose mode, for example to display messages during
64 rotation.
65 -l, --log file
68 Tells logrotate to log verbose output into the log_file. The
69 verbose output logged to that file is the same as when running
70 logrotate with -v switch. The log file is overwritten on every
71 logrotate execution.
72 -m, --mail command
75 Tells logrotate which command to use when mailing logs. This
76 command should accept the following arguments:
77 1) the subject of the message given with '-s subject'
79 2) the recipient.
80 The command must then read a message on standard input and mail
82 it to the recipient. The default mail command is /bin/mail.
83 --usage
86 Prints a short usage message.
87 -?, --help
90 Prints help message.
91 --version
94 Display version information.
95
99 logrotate reads everything about the log files it should be handling
100 from the series of configuration files specified on the command line.
101 Each configuration file can set global options (local definitions over‐
102 ride global ones, and later definitions override earlier ones) and
103 specify logfiles to rotate. A simple configuration file looks like
104 this:
105 # sample logrotate configuration file
107 compress
108 /var/log/messages {
110 rotate 5
111 weekly
112 postrotate
113 /usr/bin/killall -HUP syslogd
114 endscript
115 }
116 "/var/log/httpd/access.log" /var/log/httpd/error.log {
118 rotate 5
119 mail recipient@example.org
120 size 100k
121 sharedscripts
122 postrotate
123 /usr/bin/killall -HUP httpd
124 endscript
125 }
126 /var/log/news/* {
128 monthly
129 rotate 2
130 olddir /var/log/news/old
131 missingok
132 postrotate
133 kill -HUP $(cat /var/run/inn.pid)
134 endscript
135 nocompress
136 }
137 ~/log/*.log {}
139 The first few lines set global options; in the example, logs are com‐
143 pressed after they are rotated. Note that comments may appear anywhere
144 in the config file as long as the first non-whitespace character on the
145 line is a #.
146 Values are separated from directives by whitespace and/or an optional
148 =. Numbers must be specified in a format understood by strtoul(3).
149 The next section of the config file defines how to handle the log file
151 /var/log/messages. The log will go through five weekly rotations before
152 being removed. After the log file has been rotated (but before the old
153 version of the log has been compressed), the command /usr/bin/killall
154 -HUP syslogd will be executed.
155 The next section defines the parameters for both
157 /var/log/httpd/access.log and /var/log/httpd/error.log. Each is
158 rotated whenever it grows over 100k in size, and the old logs files are
159 mailed (uncompressed) to recipient@example.org after going through 5
160 rotations, rather than being removed. The sharedscripts means that the
161 postrotate script will only be run once (after the old logs have been
162 compressed), not once for each log which is rotated. Note that log
163 file names may be enclosed in quotes (and that quotes are required if
164 the name contains spaces). Normal shell quoting rules apply, with ',
165 ", and \ characters supported.
166 The next section defines the parameters for all of the files in
168 /var/log/news. Each file is rotated on a monthly basis. This is con‐
169 sidered a single rotation directive and if errors occur for more than
170 one file, the log files are not compressed.
171 The last section uses tilde expansion to rotate log files in the home
173 directory of the current user. This is only available, if your glob
174 library supports tilde expansion. GNU glob does support this.
175 Please use wildcards with caution. If you specify *, logrotate will
177 rotate all files, including previously rotated ones. A way around this
178 is to use the olddir directive or a more exact wildcard (such as
179 *.log).
180 Here is more information on the directives which may be included in a
182 logrotate configuration file:
183
186 These directives may be included in a logrotate configuration file:
187 Rotation
190 rotate count
191 Log files are rotated count times before being removed or mailed
192 to the address specified in a mail directive. If count is 0, old
193 versions are removed rather than rotated. If count is -1, old
194 logs are not removed at all (use with caution, may waste perfor‐
195 mance and disk space). Default is 0.
196 olddir directory
199 Logs are moved into directory for rotation. The directory must
200 be on the same physical device as the log file being rotated,
201 unless copy, copytruncate or renamecopy option is used. The
202 directory is assumed to be relative to the directory holding the
203 log file unless an absolute path name is specified. When this
204 option is used all old versions of the log end up in directory.
205 This option may be overridden by the noolddir option.
206 noolddir
209 Logs are rotated in the directory they normally reside in (this
210 overrides the olddir option).
211 su user group
214 Rotate log files set under this user and group instead of using
215 default user/group (usually root). user specifies the user name
216 used for rotation and group specifies the group used for rota‐
217 tion. If the user/group you specify here does not have suffi‐
218 cient privilege to make files with the ownership you've speci‐
219 fied in a create instruction, it will cause an error. If logro‐
220 tate runs with root privileges, it is recommended to use the su
221 directive to rotate files in directories that are directly or
222 indirectly in control of non-privileged users.
223 Frequency
226 hourly Log files are rotated every hour. Note that usually logrotate is
227 configured to be run by cron daily. You have to change this con‐
228 figuration and run logrotate hourly to be able to really rotate
229 logs hourly.
230 daily Log files are rotated every day.
233 weekly [weekday]
236 Log files are rotated once each weekday, or if the date is
237 advanced by at least 7 days since the last rotation (while
238 ignoring the exact time). The weekday interpretation is follow‐
239 ing: 0 means Sunday, 1 means Monday, ..., 6 means Saturday; the
240 special value 7 means each 7 days, irrespectively of weekday.
241 Defaults to 0 if the weekday argument is omitted.
242 monthly
245 Log files are rotated the first time logrotate is run in a month
246 (this is normally on the first day of the month).
247 yearly Log files are rotated if the current year is not the same as the
250 last rotation.
251 size size
254 Log files are rotated only if they grow bigger than size bytes.
255 If size is followed by k, the size is assumed to be in kilo‐
256 bytes. If the M is used, the size is in megabytes, and if G is
257 used, the size is in gigabytes. So size 100, size 100k, size
258 100M and size 100G are all valid. This option is mutually exclu‐
259 sive with the time interval options, and it causes log files to
260 be rotated without regard for the last rotation time, if speci‐
261 fied after the time criteria (the last specified option takes
262 the precedence).
263 File selection
266 missingok
267 If the log file is missing, go on to the next one without issu‐
268 ing an error message. See also nomissingok.
269 nomissingok
272 If a log file does not exist, issue an error. This is the
273 default.
274 ifempty
277 Rotate the log file even if it is empty, overriding the
278 notifempty option (ifempty is the default).
279 notifempty
282 Do not rotate the log if it is empty (this overrides the ifempty
283 option).
284 minage count
287 Do not rotate logs which are less than <count> days old.
288 maxage count
291 Remove rotated logs older than <count> days. The age is only
292 checked if the logfile is to be rotated. The files are mailed to
293 the configured address if maillast and mail are configured.
294 minsize size
297 Log files are rotated when they grow bigger than size bytes, but
298 not before the additionally specified time interval (daily,
299 weekly, monthly, or yearly). The related size option is similar
300 except that it is mutually exclusive with the time interval
301 options, and it causes log files to be rotated without regard
302 for the last rotation time, if specified after the time criteria
303 (the last specified option takes the precedence). When minsize
304 is used, both the size and timestamp of a log file are consid‐
305 ered.
306 maxsize size
309 Log files are rotated when they grow bigger than size bytes even
310 before the additionally specified time interval (daily, weekly,
311 monthly, or yearly). The related size option is similar except
312 that it is mutually exclusive with the time interval options,
313 and it causes log files to be rotated without regard for the
314 last rotation time, if specified after the time criteria (the
315 last specified option takes the precedence). When maxsize is
316 used, both the size and timestamp of a log file are considered.
317 tabooext [+] list
320 The current taboo extension list is changed (see the include
321 directive for information on the taboo extensions). If a + pre‐
322 cedes the list of extensions, the current taboo extension list
323 is augmented, otherwise it is replaced. At startup, the taboo
324 extension list ,v, .cfsaved, .disabled, .dpkg-bak, .dpkg-del,
325 .dpkg-dist, .dpkg-new, .dpkg-old, .rhn-cfg-tmp-*, .rpmnew,
326 .rpmorig, .rpmsave, .swp, .ucf-dist, .ucf-new, .ucf-old, ~
327 taboopat [+] list
330 The current taboo glob pattern list is changed (see the include
331 directive for information on the taboo extensions and patterns).
332 If a + precedes the list of patterns, the current taboo pattern
333 list is augmented, otherwise it is replaced. At startup, the
334 taboo pattern list is empty.
335 Files and Folders
338 create mode owner group, create owner group
339 Immediately after rotation (before the postrotate script is run)
340 the log file is created (with the same name as the log file just
341 rotated). mode specifies the mode for the log file in octal
342 (the same as chmod(2)), owner specifies the user name who will
343 own the log file, and group specifies the group the log file
344 will belong to. Any of the log file attributes may be omitted,
345 in which case those attributes for the new file will use the
346 same values as the original log file for the omitted attributes.
347 This option can be disabled using the nocreate option.
348 nocreate
351 New log files are not created (this overrides the create
352 option).
353 createolddir mode owner group
356 If the directory specified by olddir directive does not exist,
357 it is created. mode specifies the mode for the olddir directory
358 in octal (the same as chmod(2)), owner specifies the user name
359 who will own the olddir directory, and group specifies the group
360 the olddir directory will belong to. This option can be disabled
361 using the nocreateolddir option.
362 nocreateolddir
365 olddir directory is not created by logrotate when it does not
366 exist.
367 copy Make a copy of the log file, but don't change the original at
370 all. This option can be used, for instance, to make a snapshot
371 of the current log file, or when some other utility needs to
372 truncate or parse the file. When this option is used, the cre‐
373 ate option will have no effect, as the old log file stays in
374 place.
375 nocopy Do not copy the original log file and leave it in place. (this
378 overrides the copy option).
379 copytruncate
382 Truncate the original log file to zero size in place after cre‐
383 ating a copy, instead of moving the old log file and optionally
384 creating a new one. It can be used when some program cannot be
385 told to close its logfile and thus might continue writing
386 (appending) to the previous log file forever. Note that there
387 is a very small time slice between copying the file and truncat‐
388 ing it, so some logging data might be lost. When this option is
389 used, the create option will have no effect, as the old log file
390 stays in place.
391 nocopytruncate
394 Do not truncate the original log file in place after creating a
395 copy (this overrides the copytruncate option).
396 renamecopy
399 Log file is renamed to temporary filename in the same directory
400 by adding ".tmp" extension to it. After that, postrotate script
401 is run and log file is copied from temporary filename to final
402 filename. This allows storing rotated log files on the different
403 devices using olddir directive. In the end, temporary filename
404 is removed.
405 shred Delete log files using shred -u instead of unlink(). This
408 should ensure that logs are not readable after their scheduled
409 deletion; this is off by default. See also noshred.
410 noshred
413 Do not use shred when deleting old log files. See also shred.
414 shredcycles count
417 Asks GNU shred(1) to overwrite log files count times before
418 deletion. Without this option, shred's default will be used.
419 Compression
422 compress
423 Old versions of log files are compressed with gzip(1) by
424 default. See also nocompress.
425 nocompress
428 Old versions of log files are not compressed. See also compress.
429 compresscmd
432 Specifies which command to use to compress log files. The
433 default is gzip(1). See also compress.
434 uncompresscmd
437 Specifies which command to use to uncompress log files. The
438 default is gunzip(1).
439 compressext
442 Specifies which extension to use on compressed logfiles, if com‐
443 pression is enabled. The default follows that of the configured
444 compression command.
445 compressoptions
448 Command line options may be passed to the compression program,
449 if one is in use. The default, for gzip(1), is "-6" (biased
450 towards high compression at the expense of speed). If you use a
451 different compression command, you may need to change the com‐
452 pressoptions to match.
453 delaycompress
456 Postpone compression of the previous log file to the next rota‐
457 tion cycle. This only has effect when used in combination with
458 compress. It can be used when some program cannot be told to
459 close its logfile and thus might continue writing to the previ‐
460 ous log file for some time.
461 nodelaycompress
464 Do not postpone compression of the previous log file to the next
465 rotation cycle (this overrides the delaycompress option).
466 Filenames
469 extension ext
470 Log files with ext extension can keep it after the rotation. If
471 compression is used, the compression extension (normally .gz)
472 appears after ext. For example you have a logfile named
473 mylog.foo and want to rotate it to mylog.1.foo.gz instead of
474 mylog.foo.1.gz.
475 addextension ext
478 Log files are given the final extension ext after rotation. If
479 the original file already ends with ext, the extension is not
480 duplicated, but merely moved to the end, that is both filename
481 and filenameext would get rotated to filename.1ext. If compres‐
482 sion is used, the compression extension (normally .gz) appears
483 after ext.
484 start count
487 This is the number to use as the base for rotation. For example,
488 if you specify 0, the logs will be created with a .0 extension
489 as they are rotated from the original log files. If you specify
490 9, log files will be created with a .9, skipping 0-8. Files
491 will still be rotated the number of times specified with the
492 rotate directive.
493 dateext
496 Archive old versions of log files adding a date extension like
497 YYYYMMDD instead of simply adding a number. The extension may be
498 configured using the dateformat and dateyesterday options.
499 nodateext
502 Do not archive old versions of log files with date extension
503 (this overrides the dateext option).
504 dateformat format_string
507 Specify the extension for dateext using the notation similar to
508 strftime(3) function. Only %Y %m %d %H %M %S %V and %s speci‐
509 fiers are allowed. The default value is -%Y%m%d except hourly,
510 which uses -%Y%m%d%H as default value. Note that also the char‐
511 acter separating log name from the extension is part of the
512 dateformat string. The system clock must be set past Sep 9th
513 2001 for %s to work correctly. Note that the datestamps gener‐
514 ated by this format must be lexically sortable (that is first
515 the year, then the month then the day. For example 2001/12/01 is
516 ok, but 01/12/2001 is not, since 01/11/2002 would sort lower
517 while it is later). This is because when using the rotate
518 option, logrotate sorts all rotated filenames to find out which
519 logfiles are older and should be removed.
520 dateyesterday
523 Use yesterday's instead of today's date to create the dateext
524 extension, so that the rotated log file has a date in its name
525 that is the same as the timestamps within it.
526 datehourago
529 Use hour ago instead of current date to create the dateext
530 extension, so that the rotated log file has a hour in its name
531 that is the same as the timestamps within it. Useful with
532 rotate hourly.
533 Mail
536 mail address
537 When a log is rotated out of existence, it is mailed to address.
538 If no mail should be generated by a particular log, the nomail
539 directive may be used.
540 nomail Do not mail old log files to any address.
543 mailfirst
546 When using the mail command, mail the just-rotated file, instead
547 of the about-to-expire file.
548 maillast
551 When using the mail command, mail the about-to-expire file,
552 instead of the just-rotated file (this is the default).
553 Scripts
556 include file_or_directory
557 Reads the file given as an argument as if it was included inline
558 where the include directive appears. If a directory is given,
559 most of the files in that directory are read in alphabetic order
560 before processing of the including file continues. The only
561 files which are ignored are files which are not regular files
562 (such as directories and named pipes) and files whose names end
563 with one of the taboo extensions or patterns, as specified by
564 the tabooext or taboopat directives, respectively.
565 sharedscripts
568 Normally, prerotate and postrotate scripts are run for each log
569 which is rotated and the absolute path to the log file is passed
570 as first argument to the script. That means a single script may
571 be run multiple times for log file entries which match multiple
572 files (such as the /var/log/news/* example). If sharedscripts is
573 specified, the scripts are only run once, no matter how many
574 logs match the wildcarded pattern, and whole pattern is passed
575 to them. However, if none of the logs in the pattern require
576 rotating, the scripts will not be run at all. If the scripts
577 exit with error, the remaining actions will not be executed for
578 any logs. This option overrides the nosharedscripts option and
579 implies create option.
580 nosharedscripts
583 Run prerotate and postrotate scripts for every log file which is
584 rotated (this is the default, and overrides the sharedscripts
585 option). The absolute path to the log file is passed as first
586 argument to the script. The absolute path to the final rotated
587 log file is passed as the second argument to the postrotate
588 script. If the scripts exit with error, the remaining actions
589 will not be executed for the affected log only.
590 firstaction/endscript
593 The lines between firstaction and endscript (both of which must
594 appear on lines by themselves) are executed (using /bin/sh) once
595 before all log files that match the wildcarded pattern are
596 rotated, before prerotate script is run and only if at least one
597 log will actually be rotated. These directives may only appear
598 inside a log file definition. Whole pattern is passed to the
599 script as first argument. If the script exits with error, no
600 further processing is done. See also lastaction.
601 lastaction/endscript
604 The lines between lastaction and endscript (both of which must
605 appear on lines by themselves) are executed (using /bin/sh) once
606 after all log files that match the wildcarded pattern are
607 rotated, after postrotate script is run and only if at least one
608 log is rotated. These directives may only appear inside a log
609 file definition. Whole pattern is passed to the script as first
610 argument. If the script exits with error, just an error message
611 is shown (as this is the last action). See also firstaction.
612 prerotate/endscript
615 The lines between prerotate and endscript (both of which must
616 appear on lines by themselves) are executed (using /bin/sh)
617 before the log file is rotated and only if the log will actually
618 be rotated. These directives may only appear inside a log file
619 definition. Normally, the absolute path to the log file is
620 passed as first argument to the script. If sharedscripts is
621 specified, whole pattern is passed to the script. See also
622 postrotate. See sharedscripts and nosharedscripts for error
623 handling.
624 postrotate/endscript
627 The lines between postrotate and endscript (both of which must
628 appear on lines by themselves) are executed (using /bin/sh)
629 after the log file is rotated. These directives may only appear
630 inside a log file definition. Normally, the absolute path to the
631 log file is passed as first argument to the script and the abso‐
632 lute path to the final rotated log file is passed as the second
633 argument to the script. If sharedscripts is specified, the whole
634 pattern is passed as the first argument to the script, and the
635 second argument is omitted. See also prerotate. See shared‐
636 scripts and nosharedscripts for error handling.
637 preremove/endscript
640 The lines between preremove and endscript (both of which must
641 appear on lines by themselves) are executed (using /bin/sh) once
642 just before removal of a log file. The logrotate will pass the
643 name of file which is soon to be removed. See also firstaction.
644
648 /var/lib/logrotate/logrotate.status Default state file.
649 /etc/logrotate.conf Configuration options.
650
654 chmod(2), gunzip(1), gzip(1), mail(1), shred(1), strftime(3), str‐
655 toul(3), <https://github.com/logrotate/logrotate>
656
659 Erik Troan, Preston Brown, Jan Kaluza.
660 <https://github.com/logrotate/logrotate>
662Linux 3.15.1 LOGROTATE(8)