Lock down your logfiles with logrotate
What a Wicked Web We Weave
Not many can claim to be more popular in web circles than the leader of all things HTTP: Apache. Figure 6 shows an example profile for Apache with some new options. The old compress
option is the friendly disk space-saver. This option clearly should not be run on large logfiles if your server's CPU is creaking at the seams already; just schedule logrotate out-of-hours to solve any time-sensitive, heavy load problems by adjusting cron execution times. As is often the case, I'm comfortable ignoring missing files (missingok
); also, I'm looking for 52 weekly logs.
![](/var/linux_magazin/storage/images/issues/2015/172/logrotate/figure-6/645094-1-eng-US/Figure-6_large.png)
The new delaycompress
function is intriguing, especially if you need to access a file with a log-watching tool, such as the truly extensible Fail2ban package. The meaning of this config option is simple: Not only does it decrease the number of times compression takes place (initially at least), it might save a bit of CPU time in some circumstances, especially if your servers experience no quiet time. However, if another application can't work correctly because a logfile is compressed, then you can hold off gzipping the file in question until the next rotation. Although I haven't looked, I suspect Fail2ban has addressed this issue because it's so configurable.
Let a Computer Do the Work for You
As I mentioned earlier, one prerequisite of a healthy file is correct permissions. In the past I've had some success running
# touch /var/log/<daemon-name>.log # chown owner:group /var/log/<daemon-name>.log # chmod 640 /var/log/<daemon-name>.log
after moving or renaming a logfile in a graceless fashion. The hope was that I wouldn't see any application downtime caused by restarting my service to fix empty logfiles as a result of an application that couldn't write to the file correctly after a logfile was moved.
However, the graceful way of achieving this via logrotate is to use the create
config option, as in:
create 640 root adm
If you compare my manual command-line entries and logrotate's automated approach, the config option should make perfect sense.
In Figure 6, the purpose of the sharedscripts
option encapsulated within the curly brackets in line 8 might not be immediately obvious, which brings me to the prerotate
and postrotate
config options. As logrotate runs through profiles, the prerotate
and postrotate
options are processed for each and every logfile being rotated.
Sometimes file name patterns lead to several logfile matches (especially with an errant wildcard here or there); therefore, the prerotate
and postrotate
config options can run multiple times, and if the postrotate
option starts and stops a daemon, you could be restarting your previous web application several times unnecessarily, among other unneeded activities. The friendly sharedscripts
parameter lets you specify that these kinds of actions are triggered only once.
For those of you who are familiar with Bash scripting, note in the Apache example that the prerotate
option checks for the existence of a directory (i.e., httpd-prerotate
) where fully configurable precursor commands can be applied should additional configuration be needed.
You Say Tomato
It might sound a little strange but there's method to the madness of having a favorite file compression utility. Some formats, utilities, encryption ciphers, and time frames dictate that you need to make choices about zipping, gzipping, or adding obscure command-line parameters to the compression options within logrotate.
To this end, you have the ability to affect how you squash your logfiles to keep the ever-precious storage freed up by using:
compresscmd zip
An option I've found very useful is dateext
. When you first see the logfiles generated by an automated log rotation system, it's easy to mix up which is the oldest and which is the latest files in the list. Figure 7 shows this a little more clearly, and it's easy to spot the newest because dpkg.log.1
isn't compressed with gzip. You can still see why files numbered 1 to 12 without many differentiating features could be confusing, however.
![](/var/linux_magazin/storage/images/issues/2015/172/logrotate/figure-7/645097-1-eng-US/Figure-7_large.png)
The useful dateext
switch lets you add dates to the end of rotated logs instead of simply numbers. The format YYYYMMDD can be changed conveniently with the dateformat
parameter, which apparently conforms to the strftime
command. However, it only supports year, month, and day specifiers (%Y
, %m
, %d
, respectively). If you feel the need, though, you can throw in Unix time (or rather, the number of seconds since the Epoch – midnight on January 1, 1970) with the %s
specifier. Both are very useful options to my mind; one date format for human eyes to scan quickly and another for a script to scrutinize.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
![Learn More](https://www.linux-magazine.com/var/linux_magazin/storage/images/media/linux-magazine-eng-us/images/misc/learn-more/834592-1-eng-US/Learn-More_medium.png)
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.