Lock down your logfiles with logrotate
What a Wicked Web We Weave
Not many can claim to be more popular in web circles than the leader of all things HTTP: Apache. Figure 6 shows an example profile for Apache with some new options. The old compress
option is the friendly disk space-saver. This option clearly should not be run on large logfiles if your server's CPU is creaking at the seams already; just schedule logrotate out-of-hours to solve any time-sensitive, heavy load problems by adjusting cron execution times. As is often the case, I'm comfortable ignoring missing files (missingok
); also, I'm looking for 52 weekly logs.

The new delaycompress
function is intriguing, especially if you need to access a file with a log-watching tool, such as the truly extensible Fail2ban package. The meaning of this config option is simple: Not only does it decrease the number of times compression takes place (initially at least), it might save a bit of CPU time in some circumstances, especially if your servers experience no quiet time. However, if another application can't work correctly because a logfile is compressed, then you can hold off gzipping the file in question until the next rotation. Although I haven't looked, I suspect Fail2ban has addressed this issue because it's so configurable.
Let a Computer Do the Work for You
As I mentioned earlier, one prerequisite of a healthy file is correct permissions. In the past I've had some success running
# touch /var/log/<daemon-name>.log # chown owner:group /var/log/<daemon-name>.log # chmod 640 /var/log/<daemon-name>.log
after moving or renaming a logfile in a graceless fashion. The hope was that I wouldn't see any application downtime caused by restarting my service to fix empty logfiles as a result of an application that couldn't write to the file correctly after a logfile was moved.
However, the graceful way of achieving this via logrotate is to use the create
config option, as in:
create 640 root adm
If you compare my manual command-line entries and logrotate's automated approach, the config option should make perfect sense.
In Figure 6, the purpose of the sharedscripts
option encapsulated within the curly brackets in line 8 might not be immediately obvious, which brings me to the prerotate
and postrotate
config options. As logrotate runs through profiles, the prerotate
and postrotate
options are processed for each and every logfile being rotated.
Sometimes file name patterns lead to several logfile matches (especially with an errant wildcard here or there); therefore, the prerotate
and postrotate
config options can run multiple times, and if the postrotate
option starts and stops a daemon, you could be restarting your previous web application several times unnecessarily, among other unneeded activities. The friendly sharedscripts
parameter lets you specify that these kinds of actions are triggered only once.
For those of you who are familiar with Bash scripting, note in the Apache example that the prerotate
option checks for the existence of a directory (i.e., httpd-prerotate
) where fully configurable precursor commands can be applied should additional configuration be needed.
You Say Tomato
It might sound a little strange but there's method to the madness of having a favorite file compression utility. Some formats, utilities, encryption ciphers, and time frames dictate that you need to make choices about zipping, gzipping, or adding obscure command-line parameters to the compression options within logrotate.
To this end, you have the ability to affect how you squash your logfiles to keep the ever-precious storage freed up by using:
compresscmd zip
An option I've found very useful is dateext
. When you first see the logfiles generated by an automated log rotation system, it's easy to mix up which is the oldest and which is the latest files in the list. Figure 7 shows this a little more clearly, and it's easy to spot the newest because dpkg.log.1
isn't compressed with gzip. You can still see why files numbered 1 to 12 without many differentiating features could be confusing, however.

The useful dateext
switch lets you add dates to the end of rotated logs instead of simply numbers. The format YYYYMMDD can be changed conveniently with the dateformat
parameter, which apparently conforms to the strftime
command. However, it only supports year, month, and day specifiers (%Y
, %m
, %d
, respectively). If you feel the need, though, you can throw in Unix time (or rather, the number of seconds since the Epoch – midnight on January 1, 1970) with the %s
specifier. Both are very useful options to my mind; one date format for human eyes to scan quickly and another for a script to scrutinize.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
News
-
The GNU Project Celebrates Its 40th Birthday
September 27 marks the 40th anniversary of the GNU Project, and it was celebrated with a hacker meeting in Biel/Bienne, Switzerland.
-
Linux Kernel Reducing Long-Term Support
LTS support for the Linux kernel is about to undergo some serious changes that will have a considerable impact on the future.
-
Fedora 39 Beta Now Available for Testing
For fans and users of Fedora Linux, the first beta of release 39 is now available, which is a minor upgrade but does include GNOME 45.
-
Fedora Linux 40 to Drop X11 for KDE Plasma
When Fedora 40 arrives in 2024, there will be a few big changes coming, especially for the KDE Plasma option.
-
Real-Time Ubuntu Available in AWS Marketplace
Anyone looking for a Linux distribution for real-time processing could do a whole lot worse than Real-Time Ubuntu.
-
KSMBD Finally Reaches a Stable State
For those who've been looking forward to the first release of KSMBD, after two years it's no longer considered experimental.
-
Nitrux 3.0.0 Has Been Released
The latest version of Nitrux brings plenty of innovation and fresh apps to the table.
-
Linux From Scratch 12.0 Now Available
If you're looking to roll your own Linux distribution, the latest version of Linux From Scratch is now available with plenty of updates.
-
Linux Kernel 6.5 Has Been Released
The newest Linux kernel, version 6.5, now includes initial support for two very exciting features.
-
UbuntuDDE 23.04 Now Available
A new version of the UbuntuDDE remix has finally arrived with all the updates from the Deepin desktop and everything that comes with the Ubuntu 23.04 base.