ReadFromFile.com

Change the time frequency of the http log rotation

CentOS Jul 30, 2017

The rotation process provides a way to avoid large log files, by periodically checking the defined directories. Based on the configuration, it will compress the existing file to save disk space, create a new file and removes old files.

The examples below will edit the configuration on a native host. To keep changes documented, persistent and reproducible, use a configuration management tool.

One example for the usage of the rotation is the access_log of a web server. An installed nginx or Apache httpd will log every incoming request in a file called access_log.
Please Note: In containerized environments, you will often find log output redirected to /dev/stdout. In this case, the following configuration is not required. A rotation needs to be done on the log shipper destination. The configuration depends on the used system (e.g. Splunk, DataDog or the Elastic Stack)

If your website is getting a lot of traffic, the file size will increase over time. To analyze the workload in a specific time period could be frustrating. The default log rotation on a native CentOS is weekly, so all access information will be stored in one file during a 7-day period.

You are able to change it to a time based or file size rotation. Follow the instructions below to adjust the configuration.

How to change the logrotation configuration:

The file /etc/logrotate.conf is the global configuration file. Please be careful changing this file. It will affect the child configurations.

The content of this global file contains something like this:

weekly # rotate log files weekly 
 
rotate 4 # keep 4 weeks worth of backlogs
 
create # create new log files
 
dateext  # use date as a suffix
 
#compress # compress log files or not

...

You might want to have a separate configuration for each service on your system. To do so, open the /etc/logrotate.d/ directory. In there, you will find already existing configurations. To get back to our web server example, open the httpd file:

/var/log/httpd/*log {
    weekly
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
    endscript
}

The file starts with a list of directory paths to check for log files. In this case, there is only one /var/log/httpd/*log. The settings will get applied to files, which are located in the /var/log/httpd directory and the name end with log.

Explanation of the existing settings:
weekly: Specifies the frequency at which log rotation should occur.
missingok: Logrotate will not throw an error, if no files are found in the specified directory.
notifempty: If the file is empty, logrotate will skip it.
sharedscripts: Specifies that all scripts should be executed before rotation occurs.
delaycompress: It will postpone the compression to the next logrotate execution. Some applications might not be able to immediately stop writing to that file. This option will avoid conflicts.
postrotate and endscript: The script will be executed, once the rotation is done. In this case, the Apache httpd web server will be restarted.

If you only want to change the time frequency, change the value weekly to daily, weekly, monthly or yearly.

There is no need to reload, because the daemon will read the configuration, when the cronjob execute the script.

Tested on:

  • OS: CentOS 7
  • Web server: Apache httpd 2.4.6

Credits:

Tags

Stefan

Howdy! I'm Stefan and I am the main author of this blog. If you want know more, you can check out the 'About me' page.

Recommended for you

Impressum | Data Privacy Policy | Disclaimer
Copyright: The content is copyrighted and may not be reproduced on other websites without permission.