1LOGROTATE(8) System Administrator's Manual LOGROTATE(8)
2
6 logrotate ‐ rotates, compresses, and mails system logs
7
10 logrotate [--force] [--debug] [--state file] [--skip-state-lock]
11 [--verbose] [--log file] [--mail command] config_file [config_file2
12 ...]
13
16 logrotate is designed to ease administration of systems that generate
17 large numbers of log files. It allows automatic rotation, compression,
18 removal, and mailing of log files. Each log file may be handled daily,
19 weekly, monthly, or when it grows too large.
20 Normally, logrotate is run as a daily cron job. It will not modify a
22 log more than once in one day unless the criterion for that log is
23 based on the log's size and logrotate is being run more than once each
24 day, or unless the -f or --force option is used.
25 Any number of config files may be given on the command line. Later
27 config files may override the options given in earlier files, so the
28 order in which the logrotate config files are listed is important.
29 Normally, a single config file which includes any other config files
30 which are needed should be used. See below for more information on how
31 to use the include directive to accomplish this. If a directory is
32 given on the command line, every file in that directory is used as a
33 config file.
34 If no command line arguments are given, logrotate will print version
36 and copyright information, along with a short usage summary. If any
37 errors occur while rotating logs, logrotate will exit with non-zero
38 status.
39
42 -f, --force
43 Tells logrotate to force the rotation, even if it doesn't think
44 this is necessary. Sometimes this is useful after adding new
45 entries to a logrotate config file, or if old log files have
46 been removed by hand, as the new files will be created, and log‐
47 ging will continue correctly.
48 -d, --debug
51 Turn on debug mode, which means that no changes are made to the
52 logs and the logrotate state file is not updated. Only debug
53 messages are printed.
54 -s, --state statefile
57 Tells logrotate to use an alternate state file. This is useful
58 if logrotate is being run as a different user for various sets
59 of log files. To prevent parallel execution logrotate by de‐
60 fault acquires a lock on the state file, if it cannot be ac‐
61 quired logrotate will exit with value 3. The default state file
62 is /var/lib/logrotate/logrotate.status.
63 --skip-state-lock
66 Do not lock the state file, for example if locking is unsup‐
67 ported or prohibited.
68 -v, --verbose
71 Turns on verbose mode, for example to display messages during
72 rotation.
73 -l, --log file
76 Tells logrotate to log verbose output into the log_file. The
77 verbose output logged to that file is the same as when running
78 logrotate with -v switch. The log file is overwritten on every
79 logrotate execution.
80 -m, --mail command
83 Tells logrotate which command to use when mailing logs. This
84 command should accept the following arguments:
85 1) the subject of the message given with '-s subject'
87 2) the recipient.
88 The command must then read a message on standard input and mail
90 it to the recipient. The default mail command is /bin/mail.
91 --usage
94 Prints a short usage message.
95 -?, --help
98 Prints help message.
99 --version
102 Display version information.
103
107 logrotate reads everything about the log files it should be handling
108 from the series of configuration files specified on the command line.
109 Each configuration file can set global options (local definitions over‐
110 ride global ones, and later definitions override earlier ones) and
111 specify logfiles to rotate. Global options do not affect preceding in‐
112 clude directives. A simple configuration file looks like this:
113 # sample logrotate configuration file
115 compress
116 /var/log/messages {
118 rotate 5
119 weekly
120 postrotate
121 /usr/bin/killall -HUP syslogd
122 endscript
123 }
124 "/var/log/httpd/access.log" /var/log/httpd/error.log {
126 rotate 5
127 mail recipient@example.org
128 size 100k
129 sharedscripts
130 postrotate
131 /usr/bin/killall -HUP httpd
132 endscript
133 }
134 /var/log/news/* {
136 monthly
137 rotate 2
138 olddir /var/log/news/old
139 missingok
140 sharedscripts
141 postrotate
142 kill -HUP $(cat /var/run/inn.pid)
143 endscript
144 nocompress
145 }
146 ~/log/*.log {}
148 The first few lines set global options; in the example, logs are com‐
152 pressed after they are rotated. Note that comments may appear anywhere
153 in the config file as long as the first non-whitespace character on the
154 line is a #.
155 Values are separated from directives by whitespace and/or an optional
157 =. Numbers must be specified in a format understood by strtoul(3).
158 The next section of the config file defines how to handle the log file
160 /var/log/messages. The log will go through five weekly rotations be‐
161 fore being removed. After the log file has been rotated (but before
162 the old version of the log has been compressed), the command
163 /usr/bin/killall -HUP syslogd will be executed.
164 The next section defines the parameters for both /var/log/httpd/ac‐
166 cess.log and /var/log/httpd/error.log. Each is rotated whenever it
167 grows over 100 kilobytes in size, and the old logs files are mailed
168 (uncompressed) to recipient@example.org after going through 5 rota‐
169 tions, rather than being removed. The sharedscripts means that the
170 postrotate script will only be run once (after the old logs have been
171 compressed), not once for each log which is rotated. Note that log
172 file names may be enclosed in quotes (and that quotes are required if
173 the name contains spaces). Normal shell quoting rules apply, with ',
174 ", and \ characters supported.
175 The next section defines the parameters for all of the files in
177 /var/log/news. Each file is rotated on a monthly basis.
178 The last section uses tilde expansion to rotate log files in the home
180 directory of the current user. This is only available, if your glob
181 library supports tilde expansion. GNU glob does support this.
182 Please use wildcards with caution. If you specify *, logrotate will
184 rotate all files, including previously rotated ones. A way around this
185 is to use the olddir directive or a more exact wildcard (such as
186 *.log).
187 Here is more information on the directives which may be included in a
189 logrotate configuration file:
190
193 These directives may be included in a logrotate configuration file:
194 Rotation
197 rotate count
198 Log files are rotated count times before being removed or mailed
199 to the address specified in a mail directive. If count is 0,
200 old versions are removed rather than rotated. If count is -1,
201 old logs are not removed at all, except they are affected by
202 maxage (use with caution, may waste performance and disk space).
203 Default is 0.
204 olddir directory
207 Logs are moved into directory for rotation. The directory must
208 be on the same physical device as the log file being rotated,
209 unless copy, copytruncate or renamecopy option is used. The di‐
210 rectory is assumed to be relative to the directory holding the
211 log file unless an absolute path name is specified. When this
212 option is used all old versions of the log end up in directory.
213 This option may be overridden by the noolddir option.
214 noolddir
217 Logs are rotated in the directory they normally reside in (this
218 overrides the olddir option).
219 su user group
222 Rotate log files set under this user and group instead of using
223 default user/group (usually root). user specifies the user used
224 for rotation and group specifies the group used for rotation
225 (see the section USER AND GROUP for details). If the user/group
226 you specify here does not have sufficient privilege to make
227 files with the ownership you've specified in a create directive,
228 it will cause an error. If logrotate runs with root privileges,
229 it is recommended to use the su directive to rotate files in di‐
230 rectories that are directly or indirectly in control of non-
231 privileged users.
232 Frequency
235 hourly Log files are rotated every hour. Note that usually logrotate
236 is configured to be run by cron daily. You have to change this
237 configuration and run logrotate hourly to be able to really ro‐
238 tate logs hourly.
239 daily Log files are rotated every day.
242 weekly [weekday]
245 Log files are rotated once each weekday, or if the date is ad‐
246 vanced by at least 7 days since the last rotation (while ignor‐
247 ing the exact time). The weekday interpretation is following: 0
248 means Sunday, 1 means Monday, ..., 6 means Saturday; the special
249 value 7 means each 7 days, irrespectively of weekday. Defaults
250 to 0 if the weekday argument is omitted.
251 monthly
254 Log files are rotated the first time logrotate is run in a month
255 (this is normally on the first day of the month).
256 yearly Log files are rotated if the current year is not the same as the
259 last rotation.
260 size size
263 Log files are rotated only if they grow bigger than size bytes.
264 If size is followed by k, the size is assumed to be in kilo‐
265 bytes. If the M is used, the size is in megabytes, and if G is
266 used, the size is in gigabytes. So size 100, size 100k, size
267 100M and size 100G are all valid. This option is mutually ex‐
268 clusive with the time interval options, and it causes log files
269 to be rotated without regard for the last rotation time, if
270 specified after the time criteria (the last specified option
271 takes the precedence).
272 File selection
275 missingok
276 If the log file is missing, go on to the next one without issu‐
277 ing an error message. See also nomissingok.
278 nomissingok
281 If a log file does not exist, issue an error. This is the de‐
282 fault.
283 ifempty
286 Rotate the log file even if it is empty, overriding the no‐
287 tifempty option (ifempty is the default).
288 notifempty
291 Do not rotate the log if it is empty (this overrides the ifempty
292 option).
293 minage count
296 Do not rotate logs which are less than <count> days old.
297 maxage count
300 Remove rotated logs older than <count> days. The age is only
301 checked if the logfile is to be rotated. rotate -1 does not
302 hinder removal. The files are mailed to the configured address
303 if maillast and mail are configured.
304 minsize size
307 Log files are rotated when they grow bigger than size bytes, but
308 not before the additionally specified time interval (daily,
309 weekly, monthly, or yearly). The related size option is similar
310 except that it is mutually exclusive with the time interval op‐
311 tions, and it causes log files to be rotated without regard for
312 the last rotation time, if specified after the time criteria
313 (the last specified option takes the precedence). When minsize
314 is used, both the size and timestamp of a log file are consid‐
315 ered.
316 maxsize size
319 Log files are rotated when they grow bigger than size bytes even
320 before the additionally specified time interval (daily, weekly,
321 monthly, or yearly). The related size option is similar except
322 that it is mutually exclusive with the time interval options,
323 and it causes log files to be rotated without regard for the
324 last rotation time, if specified after the time criteria (the
325 last specified option takes the precedence). When maxsize is
326 used, both the size and timestamp of a log file are considered.
327 tabooext [+] list
330 The current taboo extension list is changed (see the include di‐
331 rective for information on the taboo extensions). If a + pre‐
332 cedes the list of extensions, the current taboo extension list
333 is augmented, otherwise it is replaced. At startup, the taboo
334 extension list ,v, .cfsaved, .disabled, .dpkg-bak, .dpkg-del,
335 .dpkg-dist, .dpkg-new, .dpkg-old, .rhn-cfg-tmp-*, .rpmnew, .rp‐
336 morig, .rpmsave, .swp, .ucf-dist, .ucf-new, .ucf-old, ~
337 taboopat [+] list
340 The current taboo glob pattern list is changed (see the include
341 directive for information on the taboo extensions and patterns).
342 If a + precedes the list of patterns, the current taboo pattern
343 list is augmented, otherwise it is replaced. At startup, the
344 taboo pattern list is empty.
345 Files and Folders
348 create mode owner group, create owner group
349 Immediately after rotation (before the postrotate script is run)
350 the log file is created (with the same name as the log file just
351 rotated). mode specifies the mode for the log file in octal
352 (the same as chmod(2)), owner specifies the user who will own
353 the log file, and group specifies the group the log file will
354 belong to (see the section USER AND GROUP for details). Any of
355 the log file attributes may be omitted, in which case those at‐
356 tributes for the new file will use the same values as the origi‐
357 nal log file for the omitted attributes. This option can be
358 disabled using the nocreate option.
359 nocreate
362 New log files are not created (this overrides the create op‐
363 tion).
364 createolddir mode owner group
367 If the directory specified by olddir directive does not exist,
368 it is created. mode specifies the mode for the olddir directory
369 in octal (the same as chmod(2)), owner specifies the user who
370 will own the olddir directory, and group specifies the group the
371 olddir directory will belong to (see the section USER AND GROUP
372 for details). This option can be disabled using the nocreate‐
373 olddir option.
374 nocreateolddir
377 olddir directory is not created by logrotate when it does not
378 exist.
379 copy Make a copy of the log file, but don't change the original at
382 all. This option can be used, for instance, to make a snapshot
383 of the current log file, or when some other utility needs to
384 truncate or parse the file. When this option is used, the cre‐
385 ate option will have no effect, as the old log file stays in
386 place. The copy option allows storing rotated log files on the
387 different devices using olddir directive.
388 nocopy Do not copy the original log file and leave it in place. (this
391 overrides the copy option).
392 copytruncate
395 Truncate the original log file to zero size in place after cre‐
396 ating a copy, instead of moving the old log file and optionally
397 creating a new one. It can be used when some program cannot be
398 told to close its logfile and thus might continue writing (ap‐
399 pending) to the previous log file forever. Note that there is a
400 very small time slice between copying the file and truncating
401 it, so some logging data might be lost. When this option is
402 used, the create option will have no effect, as the old log file
403 stays in place. The copytruncate option allows storing rotated
404 log files on the different devices using olddir directive. The
405 copytruncate option implies norenamecopy.
406 nocopytruncate
409 Do not truncate the original log file in place after creating a
410 copy (this overrides the copytruncate option).
411 renamecopy
414 Log file is renamed to temporary filename in the same directory
415 by adding ".tmp" extension to it. After that, postrotate script
416 is run and log file is copied from temporary filename to final
417 filename. In the end, temporary filename is removed. The re‐
418 namecopy option allows storing rotated log files on the differ‐
419 ent devices using olddir directive. The renamecopy option im‐
420 plies nocopytruncate.
421 norenamecopy
424 Do not rename and copy the original log file (this overrides the
425 renamecopy option).
426 shred Delete log files using shred -u instead of unlink(). This
429 should ensure that logs are not readable after their scheduled
430 deletion; this is off by default. See also noshred.
431 noshred
434 Do not use shred when deleting old log files. See also shred.
435 shredcycles count
438 Asks GNU shred(1) to overwrite log files count times before
439 deletion. Without this option, shred's default will be used.
440 Compression
443 compress
444 Old versions of log files are compressed with gzip(1) by de‐
445 fault. See also nocompress.
446 nocompress
449 Old versions of log files are not compressed. See also com‐
450 press.
451 compresscmd
454 Specifies which command to use to compress log files. The de‐
455 fault is gzip(1). See also compress.
456 uncompresscmd
459 Specifies which command to use to uncompress log files. The de‐
460 fault is gunzip(1).
461 compressext
464 Specifies which extension to use on compressed logfiles, if com‐
465 pression is enabled. The default follows that of the configured
466 compression command.
467 compressoptions
470 Command line options may be passed to the compression program,
471 if one is in use. The default, for gzip(1), is "-6" (biased to‐
472 wards high compression at the expense of speed). If you use a
473 different compression command, you may need to change the com‐
474 pressoptions to match.
475 delaycompress
478 Postpone compression of the previous log file to the next rota‐
479 tion cycle. This only has effect when used in combination with
480 compress. It can be used when some program cannot be told to
481 close its logfile and thus might continue writing to the previ‐
482 ous log file for some time.
483 nodelaycompress
486 Do not postpone compression of the previous log file to the next
487 rotation cycle (this overrides the delaycompress option).
488 Filenames
491 extension ext
492 Log files with ext extension can keep it after the rotation. If
493 compression is used, the compression extension (normally .gz)
494 appears after ext. For example you have a logfile named my‐
495 log.foo and want to rotate it to mylog.1.foo.gz instead of my‐
496 log.foo.1.gz.
497 addextension ext
500 Log files are given the final extension ext after rotation. If
501 the original file already ends with ext, the extension is not
502 duplicated, but merely moved to the end, that is both filename
503 and filenameext would get rotated to filename.1ext. If compres‐
504 sion is used, the compression extension (normally .gz) appears
505 after ext.
506 start count
509 This is the number to use as the base for rotation. For exam‐
510 ple, if you specify 0, the logs will be created with a .0 exten‐
511 sion as they are rotated from the original log files. If you
512 specify 9, log files will be created with a .9, skipping 0–8.
513 Files will still be rotated the number of times specified with
514 the rotate directive.
515 dateext
518 Archive old versions of log files adding a date extension like
519 YYYYMMDD instead of simply adding a number. The extension may
520 be configured using the dateformat and dateyesterday options.
521 nodateext
524 Do not archive old versions of log files with date extension
525 (this overrides the dateext option).
526 dateformat format_string
529 Specify the extension for dateext using the notation similar to
530 strftime(3) function. Only %Y %m %d %H %M %S %V and %s speci‐
531 fiers are allowed. The default value is -%Y%m%d except hourly,
532 which uses -%Y%m%d%H as default value. Note that also the char‐
533 acter separating log name from the extension is part of the
534 dateformat string. The system clock must be set past Sep 9th
535 2001 for %s to work correctly. Note that the datestamps gener‐
536 ated by this format must be lexically sortable (that is first
537 the year, then the month then the day. For example 2001/12/01
538 is ok, but 01/12/2001 is not, since 01/11/2002 would sort lower
539 while it is later). This is because when using the rotate op‐
540 tion, logrotate sorts all rotated filenames to find out which
541 logfiles are older and should be removed.
542 dateyesterday
545 Use yesterday's instead of today's date to create the dateext
546 extension, so that the rotated log file has a date in its name
547 that is the same as the timestamps within it.
548 datehourago
551 Use hour ago instead of current date to create the dateext ex‐
552 tension, so that the rotated log file has a hour in its name
553 that is the same as the timestamps within it. Useful with ro‐
554 tate hourly.
555 Mail
558 mail address
559 When a log is rotated out of existence, it is mailed to address.
560 If no mail should be generated by a particular log, the nomail
561 directive may be used.
562 nomail Do not mail old log files to any address.
565 mailfirst
568 When using the mail command, mail the just-rotated file, instead
569 of the about-to-expire file.
570 maillast
573 When using the mail command, mail the about-to-expire file, in‐
574 stead of the just-rotated file (this is the default).
575 Additional config files
578 include file_or_directory
579 Reads the file given as an argument as if it was included inline
580 where the include directive appears. If a directory is given,
581 most of the files in that directory are read in alphabetic order
582 before processing of the including file continues. The only
583 files which are ignored are files which are not regular files
584 (such as directories and named pipes) and files whose names end
585 with one of the taboo extensions or patterns, as specified by
586 the tabooext or taboopat directives, respectively. The given
587 path may start with ~/ to make it relative to the home directory
588 of the executing user. For security reasons configuration files
589 must not be group-writable nor world-writable.
590 Scripts
593 sharedscripts
594 Normally, prerotate and postrotate scripts are run for each log
595 which is rotated and the absolute path to the log file is passed
596 as first argument to the script. That means a single script may
597 be run multiple times for log file entries which match multiple
598 files (such as the /var/log/news/* example). If sharedscripts
599 is specified, the scripts are only run once, no matter how many
600 logs match the wildcarded pattern, and whole pattern is passed
601 to them. However, if none of the logs in the pattern require
602 rotating, the scripts will not be run at all. If the scripts
603 exit with error (or any log fails to rotate), the remaining ac‐
604 tions will not be executed for any logs. This option overrides
605 the nosharedscripts option.
606 nosharedscripts
609 Run prerotate and postrotate scripts for every log file which is
610 rotated (this is the default, and overrides the sharedscripts
611 option). The absolute path to the log file is passed as first
612 argument to the script. The absolute path to the final rotated
613 log file is passed as the second argument to the postrotate
614 script. If the scripts exit with error, the remaining actions
615 will not be executed for the affected log only.
616 firstaction
618 script
619 endscript
620 The script is executed once before all log files that match the
621 wildcarded pattern are rotated, before the prerotate script is
622 run and only if at least one log will actually be rotated.
623 These directives may only appear inside a log file definition.
624 The whole pattern is passed to the script as its first argument.
625 If the script exits with an error, no further processing is
626 done. See also lastaction and the SCRIPTS section.
627 lastaction
629 script
630 endscript
631 The script is executed once after all log files that match the
632 wildcarded pattern are rotated, after the postrotate script is
633 run and only if at least one log is rotated. These directives
634 may only appear inside a log file definition. The whole pattern
635 is passed to the script as its first argument. If the script
636 exits with an error, just an error message is shown (as this is
637 the last action). See also firstaction and the SCRIPTS section.
638 prerotate
640 script
641 endscript
642 The script is executed before the log file is rotated and only
643 if the log will actually be rotated. These directives may only
644 appear inside a log file definition. Normally, the absolute
645 path to the log file is passed as the first argument to the
646 script. If sharedscripts is specified, the whole pattern is
647 passed to the script. See also postrotate and the SCRIPTS sec‐
648 tion. See sharedscripts and nosharedscripts for error handling.
649 postrotate
651 script
652 endscript
653 The script is executed after the log file is rotated. These di‐
654 rectives may only appear inside a log file definition. Nor‐
655 mally, the absolute path to the log file is passed as the first
656 argument to the script and the absolute path to the final ro‐
657 tated log file is passed as the second argument to the script.
658 If sharedscripts is specified, the whole pattern is passed as
659 the first argument to the script, and the second argument is
660 omitted. See also prerotate and the SCRIPTS section. See
661 sharedscripts and nosharedscripts for error handling.
662 preremove
664 script
665 endscript
666 The script is executed once just before removal of a log file.
667 logrotate will pass the name of file which is soon to be removed
668 as the first argument to the script. See also firstaction and
669 the SCRIPTS section.
670
673 The lines between the starting keyword (e.g. prerotate) and endscript
674 (both of which must appear on lines by themselves) are executed (using
675 /bin/sh). The script inherits some traits from the logrotate process,
676 including stderr, stdout, the current directory, the environment, and
677 the umask. Scripts are run as the invoking user and group, irrespec‐
678 tive of any su directive. If the --log flag was specified, file de‐
679 scriptor 3 is the log file.
680
683 User and group identifiers are resolved first by trying the textual
684 representation and, in case it fails, afterwards by the numeric value.
685
688 /var/lib/logrotate/logrotate.status Default state file.
689 /etc/logrotate.conf Configuration options.
690
694 chmod(2), gunzip(1), gzip(1), mail(1), shred(1), strftime(3), str‐
695 toul(3), <https://github.com/logrotate/logrotate>
696
699 Erik Troan, Preston Brown, Jan Kaluza.
700 <https://github.com/logrotate/logrotate>
702Linux 3.18.1 LOGROTATE(8)