Source: youtube.com

I went to check out my apache2 logs

ls /var/log/apache2/

and I noticed that they were being automatically rotated (access.log, access.log.1, etc.) and compressed with gzip (access.log.2.gz, etc.). This seems to be the default Ubuntu configuration. I wanted to make find out more, and I found this helpful article about Ubuntu logs, including Apache2 Log info and some basic log rotation info

After reading through the info, I decided that I wanted to make a few changes. The log rotation happens via the brilliantly named logrotate command. It turns out that logrotate settings kept in 2 places.

Default logrotate settings

First, there are the default settings in /etc/logrotate.conf. You can view them with this command:

less /etc/logrotate.conf

You can read about the configuration parameters on the man page:

man logrotate

Or here: online logrotate man page

On my Ubuntu system, the default configuration is setup to rotate the logs weekly, keeping 4 weeks of backlogs. After 4 weeks, it will delete the oldest log file:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be configured here

I wanted to make a few changes:

  1. save 1 year of backlogs
  2. use compression for the backlogs (to save space)
  3. delay compression. This will postpone compression of the previous log file to the next rotation cycle, allowing me to easily view last week’s log without having to uncompress it.
  4. change the default backlog file name to include the date. By default, the files are named numerically: logname.0, logname.1, logname.2, etc. I want to use YYYYMMDD instead of 0, 1 ,2 3.

So, I edited the default config file:

sudo nano logrotate.conf

And I did the following:

  1. change the rotate directive to 52 weeks
  2. uncomment the commented-out compress directive
  3. add the delaycompress command
  4. add the dateex directive

The modified file looks like this:

# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 52 weeks worth of backlogs
rotate 52

# create new (empty) log files after rotating old ones
create

# use the date in backlog filenames
dateext

# compress backlogs with a delay
compress
delaycompress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

# system-specific logs may be configured here

Application Specific Settings (eg: Apache2)

This handles the default settings. However, some applications set their own logrotate configuration. Look in /etc/logrotate.d to see the which applications override the default settings:

ls /etc/logrotate.d/

On my system, I wanted to make similar changes to the apache2 and mysql-server logs. Some of the changes were already there (eg: delaycompress directive) and others I had to add (eg: dateext directive).

With these changes made, my logs now rotate the way I want.