logrotate — the standard Linux tool for managing log files. Rotates (renames), compresses, deletes old logs on a schedule. Installed in most distributions by default. Config in /etc/logrotate.d/. Runs daily via cron. Important: postrotate hook for reloading the app after rotation (nginx, syslog).
Below: step-by-step, working examples, common pitfalls, FAQ.
Free online tool — HTTP header checker: instant results, no signup.
/var/log/myapp/*.logsystemctl reload nginx if HUP is requiredlogrotate -d /etc/logrotate.d/myapp (debug mode, no changes)logrotate -f /etc/logrotate.d/myapp| Scenario | Config |
|---|---|
| Standard nginx rotation | /var/log/nginx/*.log {
daily
rotate 14
compress
delaycompress
missingok
notifempty
create 640 nginx adm
sharedscripts
postrotate
systemctl reload nginx > /dev/null 2>&1 || true
endscript
} |
| Weekly with size limit | /var/log/myapp/*.log {
weekly
rotate 12
size 100M
compress
missingok
} |
| copytruncate (for apps without HUP handler) | /var/log/app.log {
daily
rotate 7
copytruncate
# Copies the file and truncates the original in-place
} |
| Date in rotated filename | /var/log/myapp/*.log {
daily
rotate 30
dateext
dateformat -%Y%m%d
compress
} |
| Dry-run test | logrotate -d /etc/logrotate.d/myapp # debug, shows what would happen |
|| true — failing script blocks rotation/var/lib/logrotate/status is updatingTo configure logrotate in 2026, edit the logrotate configuration file located at /etc/logrotate.conf or create a new file in the /etc/logrotate.d/ directory for specific applications. Specify the log file paths, rotation frequency, and retention policy using directives such as weekly, daily, rotate, and compress. Use the command logrotate -d /etc/logrotate.conf to test the configuration without executing it.
Logrotate is a vital tool for managing log files on Unix-like systems, enabling automated rotation, compression, and removal of log files. The primary configuration file is located at /etc/logrotate.conf, while additional configurations can be placed in the /etc/logrotate.d/ directory for specific applications or services.
Each logrotate configuration file can contain various directives that specify how logs should be managed. Here are some key directives:
daily — Rotate logs daily.weekly — Rotate logs weekly.monthly — Rotate logs monthly.rotate N — Keep the last N rotated logs.compress — Compress rotated logs to save space.delaycompress — Delay compression until the next rotation.missingok — Do not issue an error if the log file is missing.notifempty — Do not rotate the log if it is empty.sharedscripts — Run post-rotation scripts only once for all logs.To illustrate, here’s a practical example of configuring logrotate for a hypothetical application named myapp:
/var/log/myapp/*.log {
daily
rotate 7
compress
missingok
notifempty
create 0640 myapp myapp
postrotate
systemctl reload myapp
endscript
}In this example:
/var/log/myapp/*.log will be rotated daily.systemctl reload myapp ensures that the application continues to write to the new log files seamlessly.To activate the configuration, save the above content in a file named myapp within the /etc/logrotate.d/ directory. You can then test the configuration using:
logrotate -d /etc/logrotate.confThe -d flag enables debug mode, allowing you to verify the configuration without performing any log rotations. Once confirmed, you can execute:
logrotate -f /etc/logrotate.confThis command forces logrotate to perform the rotation immediately, which is particularly useful for testing.
In addition to the basic directives, logrotate also supports custom scripts that can be executed before or after rotation. For instance, you might want to archive logs to a different location:
postrotate
cp /var/log/myapp/*.log /archive/myapp/
rm /var/log/myapp/*.log
endscriptIn this case, the logs will be copied to /archive/myapp/ before being deleted from the original location. This ensures that you have a backup of the logs while still maintaining system performance.
Logrotate also integrates with systemd timers, allowing for advanced scheduling options. In a typical setup, the default logrotate service is executed daily by a cron job. However, you can define a systemd timer for more precise control over log rotation frequency. For instance:
sudo systemctl enable logrotate.timer
sudo systemctl start logrotate.timerTo summarize, configuring logrotate effectively is crucial for maintaining healthy log management practices in your applications. By leveraging its various features and directives, you can ensure that your log files do not consume excessive disk space while preserving essential logs for troubleshooting and auditing purposes.
journald — built into systemd, binary format, <code>journalctl</code>. logrotate — text files with compression. For apps that write to files — logrotate.
cron.daily — once a day. For more frequent — hourly via /etc/logrotate.d/ and a cron entry.
Same directory with .1, .2, .gz suffixes. Example: access.log → access.log.1 → access.log.2.gz.
<code>logrotate -d</code> (dry-run) shows what would happen. Status: <code>cat /var/lib/logrotate/status</code> — last rotation time.
Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.