Skip to content

How to Configure logrotate

Key idea:

logrotate — the standard Linux tool for managing log files. Rotates (renames), compresses, deletes old logs on a schedule. Installed in most distributions by default. Config in /etc/logrotate.d/. Runs daily via cron. Important: postrotate hook for reloading the app after rotation (nginx, syslog).

Below: step-by-step, working examples, common pitfalls, FAQ.

Check your site →

Step-by-Step Setup

  1. Create /etc/logrotate.d/myapp
  2. Specify the log path: /var/log/myapp/*.log
  3. Options: daily / weekly / monthly (frequency)
  4. rotate N — how many old copies to keep
  5. compress — gzip the old ones
  6. postrotate hook: systemctl reload nginx if HUP is required
  7. Test: logrotate -d /etc/logrotate.d/myapp (debug mode, no changes)
  8. Manual run: logrotate -f /etc/logrotate.d/myapp

Working Examples

ScenarioConfig
Standard nginx rotation/var/log/nginx/*.log { daily rotate 14 compress delaycompress missingok notifempty create 640 nginx adm sharedscripts postrotate systemctl reload nginx > /dev/null 2>&1 || true endscript }
Weekly with size limit/var/log/myapp/*.log { weekly rotate 12 size 100M compress missingok }
copytruncate (for apps without HUP handler)/var/log/app.log { daily rotate 7 copytruncate # Copies the file and truncates the original in-place }
Date in rotated filename/var/log/myapp/*.log { daily rotate 30 dateext dateformat -%Y%m%d compress }
Dry-run testlogrotate -d /etc/logrotate.d/myapp # debug, shows what would happen

Common Pitfalls

  • notifempty + empty log — not rotated → after weeks a huge empty file
  • Missing missingok — logrotate errors when log file is absent
  • postrotate without || true — failing script blocks rotation
  • copytruncate loses events sent between copy and truncate
  • Rotation not working — check /var/lib/logrotate/status is updating

TL;DR: Configuring Logrotate

To configure logrotate in 2026, edit the logrotate configuration file located at /etc/logrotate.conf or create a new file in the /etc/logrotate.d/ directory for specific applications. Specify the log file paths, rotation frequency, and retention policy using directives such as weekly, daily, rotate, and compress. Use the command logrotate -d /etc/logrotate.conf to test the configuration without executing it.

Understanding Logrotate Configuration

Logrotate is a vital tool for managing log files on Unix-like systems, enabling automated rotation, compression, and removal of log files. The primary configuration file is located at /etc/logrotate.conf, while additional configurations can be placed in the /etc/logrotate.d/ directory for specific applications or services.

Each logrotate configuration file can contain various directives that specify how logs should be managed. Here are some key directives:

  • daily — Rotate logs daily.
  • weekly — Rotate logs weekly.
  • monthly — Rotate logs monthly.
  • rotate N — Keep the last N rotated logs.
  • compress — Compress rotated logs to save space.
  • delaycompress — Delay compression until the next rotation.
  • missingok — Do not issue an error if the log file is missing.
  • notifempty — Do not rotate the log if it is empty.
  • sharedscripts — Run post-rotation scripts only once for all logs.

To illustrate, here’s a practical example of configuring logrotate for a hypothetical application named myapp:

/var/log/myapp/*.log {
daily
rotate 7
compress
missingok
notifempty
create 0640 myapp myapp
postrotate
systemctl reload myapp
endscript
}

In this example:

  • Logs located in /var/log/myapp/*.log will be rotated daily.
  • Only the last 7 rotated logs will be kept.
  • Logs will be compressed after rotation.
  • If the log file is missing or empty, logrotate will not issue an error.
  • After log rotation, systemctl reload myapp ensures that the application continues to write to the new log files seamlessly.

To activate the configuration, save the above content in a file named myapp within the /etc/logrotate.d/ directory. You can then test the configuration using:

logrotate -d /etc/logrotate.conf

The -d flag enables debug mode, allowing you to verify the configuration without performing any log rotations. Once confirmed, you can execute:

logrotate -f /etc/logrotate.conf

This command forces logrotate to perform the rotation immediately, which is particularly useful for testing.

In addition to the basic directives, logrotate also supports custom scripts that can be executed before or after rotation. For instance, you might want to archive logs to a different location:

postrotate
cp /var/log/myapp/*.log /archive/myapp/
rm /var/log/myapp/*.log
endscript

In this case, the logs will be copied to /archive/myapp/ before being deleted from the original location. This ensures that you have a backup of the logs while still maintaining system performance.

Logrotate also integrates with systemd timers, allowing for advanced scheduling options. In a typical setup, the default logrotate service is executed daily by a cron job. However, you can define a systemd timer for more precise control over log rotation frequency. For instance:

sudo systemctl enable logrotate.timer
sudo systemctl start logrotate.timer

To summarize, configuring logrotate effectively is crucial for maintaining healthy log management practices in your applications. By leveraging its various features and directives, you can ensure that your log files do not consume excessive disk space while preserving essential logs for troubleshooting and auditing purposes.

Learn more

Frequently Asked Questions

logrotate vs journald?

journald — built into systemd, binary format, <code>journalctl</code>. logrotate — text files with compression. For apps that write to files — logrotate.

How often does it run?

cron.daily — once a day. For more frequent — hourly via /etc/logrotate.d/ and a cron entry.

Where do rotated logs go?

Same directory with .1, .2, .gz suffixes. Example: access.log → access.log.1 → access.log.2.gz.

Rotation not working — how to debug?

<code>logrotate -d</code> (dry-run) shows what would happen. Status: <code>cat /var/lib/logrotate/status</code> — last rotation time.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.