Logs… Any Linux system will generate many log files by default, containing various information about the operation of the system (normal actions, debugging information, security/authorization messages, web/email events, etc). If no rotation would occur on the various log files, then they will just grow bigger and bigger, filling up the space (on high traffic sites) but most importantly making it very difficult to find any information that we might be looking for in those log files. Fortunately this is handled in most Linux distributions by default and we don’t have anything special to do to set it up… if will function out of the box, rotating the log files by default.
This little how-to will show you how the default log rotation works, based on syslog and logrotate. There are other ways to achieve this, like using syslog-ng instead of syslog that I will cover in a future article. Understanding how the default setup works, will help you have an idea of what will happen and what logs will be rotated, when will this occur, and how long will they be kept. Also it will show you the places where you can make changes in case you need to do that (if you want to save some log for a longer time, or if you want to rotate it differently from the default). The examples I will present are taken from a Debian system, so if you are running a different system, they might differ a little, but not drastically (like you might have the cron setup to run at a different time, or keep a different number of log iterations by default).
I have split this article in two parts based on the way how the log rotation is handled:
system log files: most of the system log files are rotated by syslog itself and not using logrotate. You will see here what are these log files, and how they are rotated.
application log files: logrotate is the default choice to rotate all the other log files. It can rotate the logs based on various parameters: daily, weekly, monthly, based on the size of the log, it can compress the logs to save space, etc.