Created
October 2, 2024 15:10
-
-
Save DovieW/9a4476cdb9d07a3edac546731874d55c to your computer and use it in GitHub Desktop.
Revisions
-
DovieW created this gist
Oct 2, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,297 @@ # Logrotate Cheatsheet **Logrotate** is a powerful utility designed to manage and automate the rotation, compression, removal, and mailing of log files. This comprehensive guide covers all essential aspects of logrotate to help you effectively manage system logs. --- ## Table of Contents 1. [Basic Concepts](#basic-concepts) 2. [Configuration Files](#configuration-files) 3. [Global Options](#global-options) 4. [Log File Definition Options](#log-file-definition-options) 5. [Scripts Execution](#scripts-execution) 6. [Compression Options](#compression-options) 7. [Date Extension Options](#date-extension-options) 8. [Include Directive](#include-directive) 9. [Debugging and Testing](#debugging-and-testing) 10. [Force Rotation](#force-rotation) 11. [State File](#state-file) 12. [Common Pitfalls](#common-pitfalls) 13. [Examples](#examples) 14. [Best Practices](#best-practices) 15. [References](#references) --- ## Basic Concepts - **Rotation**: Renaming a log file and creating a new one. - **Compression**: Reducing the size of rotated log files. - **Retention**: Keeping a specified number of old log files. - **Scripts**: Commands executed before or after rotation. --- ## Configuration Files - **Main Configuration File**: `/etc/logrotate.conf` - **Additional Configuration**: Files in `/etc/logrotate.d/` are included by default. - **Syntax**: ```plaintext <path/to/logfile> { options } ``` --- ## Global Options Global options are set outside of any log file definition and apply to all logs unless overridden. - **frequency**: - `daily` - `weekly` - `monthly` - `yearly` - **rotate \<count\>**: Number of times to rotate before deletion. - **compress**: Compresses logs after rotation. - **nocompress**: Does not compress logs. - **delaycompress**: Compress logs on the next rotation cycle. - **create [mode owner group]**: Creates a new log file with specified permissions. - **nocreate**: Does not create a new log file after rotation. - **mail \<address\>**: Emails the log file to the specified address. - **nomail**: Does not email the log file. - **ifempty**: Rotates the log file even if it's empty. - **notifempty**: Does not rotate empty log files. - **missingok**: Ignores missing log files without error. - **sharedscripts**: Runs scripts once per group of logs. - **postrotate/endscript**: Commands to execute after rotation. --- ## Log File Definition Options These options are specified within a log file's braces `{}` and override global options. - **size \<size\>**: Rotates if log file reaches specified size. - Units: bytes (default), `k` (kilobytes), `M` (megabytes), `G` (gigabytes). - **minsize \<size\>**: Minimum size to trigger rotation. - **maxsize \<size\>**: Maximum size before forceful rotation. - **maxage \<days\>**: Removes logs older than specified days. - **olddir \<directory\>**: Moves rotated logs to specified directory. - **su \<user group\>**: Rotates logs using specified user and group. - **copytruncate**: Copies and truncates the original log file. - **nocopytruncate**: Does not truncate the original log file. - **copy**: Copies the log file instead of moving/truncating. - **nocopy**: Default behavior; does not copy the log file. --- ## Scripts Execution Scripts can be executed at different stages: - **prerotate/endscript**: Executes before rotation. - **postrotate/endscript**: Executes after rotation. - **firstaction/endscript**: Executes once before any logs are rotated. - **lastaction/endscript**: Executes once after all logs are rotated. **Example**: ```plaintext /var/log/example.log { weekly rotate 4 postrotate systemctl reload example.service endscript } ``` --- ## Compression Options - **compress**: Compresses rotated logs using `gzip` by default. - **nocompress**: Does not compress rotated logs. - **compresscmd \<command\>**: Specifies a custom compression command. - **uncompresscmd \<command\>**: Specifies a custom decompression command. - **compressoptions \<options\>**: Options passed to the compression command. - **compressext \<extension\>**: Sets custom extension for compressed files. --- ## Date Extension Options - **dateext**: Appends the date to rotated logs. - **dateformat \<format\>**: Custom date format (used with `dateext`). - **Format Specifiers**: - `%Y`: Year (e.g., 2024) - `%m`: Month (01..12) - `%d`: Day (01..31) - `%s`: Seconds since epoch **Example**: ```plaintext dateext dateformat -%Y-%m-%d ``` --- ## Include Directive - **include \<file or directory\>**: Includes additional configuration files. **Example in `/etc/logrotate.conf`**: ```plaintext include /etc/logrotate.d ``` --- ## Debugging and Testing - **Dry Run**: Use `-d` to simulate actions without making changes. ```bash logrotate -d /etc/logrotate.conf ``` - **Verbose Mode**: Use `-v` for detailed output. ```bash logrotate -v /etc/logrotate.conf ``` - **Check Configuration**: Use `-f` to force rotation and test configurations. --- ## Force Rotation - Use `-f` to force rotation regardless of rotation schedule. ```bash sudo logrotate -f /etc/logrotate.conf ``` --- ## State File - **Default State File**: `/var/lib/logrotate/status` - Contains timestamps of last rotation. - **Custom State File**: Use `-s` to specify a different state file. ```bash logrotate -s /path/to/statefile /etc/logrotate.conf ``` --- ## Common Pitfalls - **Permissions**: Ensure `logrotate` has appropriate permissions. - **Service Notification**: Some services need to be reloaded after rotation. - **Copytruncate vs. Create**: Choose based on application logging behavior. - **Script Errors**: Verify scripts in `prerotate` and `postrotate` blocks. --- ## Examples ### Basic Rotation ```plaintext /var/log/messages { rotate 5 weekly postrotate systemctl reload rsyslog endscript } ``` ### Compress Rotated Logs ```plaintext /var/log/secure { rotate 4 weekly compress missingok notifempty } ``` ### Delay Compression ```plaintext /var/log/wtmp { monthly create 0664 root utmp rotate 1 delaycompress } ``` ### Size-Based Rotation ```plaintext /var/log/myapp.log { size 50M rotate 7 compress } ``` ### Rotate Multiple Logs Together ```plaintext /var/log/httpd/*.log { daily rotate 14 missingok notifempty sharedscripts postrotate systemctl reload httpd endscript } ``` --- ## Best Practices - **Test Configurations**: Always use `-d` option before applying changes. - **Monitor Disk Space**: Regularly check log sizes and disk usage. - **Service Compatibility**: Ensure services support log rotation mechanisms. - **Consistent Naming**: Use date extensions for easier log management. - **Security**: Secure log files with appropriate permissions. --- ## References - **Manual Page**: Access the logrotate manual. ```bash man logrotate ``` - **Online Resources**: - [Linux Documentation Project](http://www.tldp.org) - [Official Logrotate GitHub](https://github.com/logrotate/logrotate) --- **Note**: This cheatsheet provides a comprehensive overview of logrotate functionalities up to October 2023. Always refer to the latest documentation or `man` pages for the most current information. ---