LLMpediaThe first transparent, open encyclopedia generated by LLMs

logrotate

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: systemd Hop 5
Expansion Funnel Raw 81 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted81
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
logrotate
Namelogrotate
DeveloperPeter Seebach
Released1999
Operating systemUnix-like
LicenseGNU General Public License

logrotate logrotate is a Unix-like system utility for managing log files through automated rotation, compression, removal, and mailing. It operates on configuration files to apply retention policies to logs produced by services such as Apache HTTP Server, PostgreSQL, MySQL, OpenSSH, and Systemd. Administrators on systems like Debian, Red Hat Enterprise Linux, Ubuntu, CentOS, and Fedora commonly schedule logrotate via cron or systemd timers to control disk usage and preserve forensic data.

Overview

logrotate centralizes log lifecycle management for daemons and applications including nginx, rsyslog, syslog-ng, Docker, and Kubernetes node components. It supports compression formats used in tools like gzip, bzip2, and xz to reduce storage footprints for logs produced by LibreOffice, Samba, and Postfix. By coordinating rotation events, it integrates with init systems from System V init era hosts to modern systemd distributions, ensuring predictable log handling across deployments such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure instances.

Configuration

Configuration is organized in /etc/logrotate.conf and drop-in directories (e.g., /etc/logrotate.d) similar to configuration patterns in Apache HTTP Server virtual hosts and Nginx includes. Entries reference absolute paths used by services like Docker, Kubernetes, Tomcat, Jenkins, and Redis. Global options mirror operational controls found in Ansible playbooks and Chef cookbooks for systems including Debian, CentOS, and Ubuntu Server. Administrators manage ownership and permission directives aligning with accounts such as root, www-data, postgres, and mysql.

Rotation Policies and Options

Rotation policies define criteria like size, age, and interval analogous to retention rules in GitLab, Jenkins, and ELK Stack deployments. Options include 'weekly', 'daily', and 'monthly' schedules comparable to backup cadences in Bacula and Amanda; 'size' thresholds similar to thresholds in Prometheus alerting; and 'rotate' counts like retention in Amazon S3 lifecycle rules. Compression choices 'compress' and 'delaycompress' map to compression utilities gzip and xz. Additional directives such as 'copytruncate', 'nocopy', 'sharedscripts', and 'missingok' echo administrative controls familiar to operators of Postfix, Dovecot, Exim, and Cyrus IMAP services.

Scripts and Hooks

logrotate supports pre- and post-rotation scripts enabling coordination with daemons such as Apache HTTP Server, Nginx, OpenSSH, Postfix, and Dovecot through signals or service commands. Hooks accommodate lifecycle actions used by orchestration systems like Kubernetes postStop hooks and configuration management tools like Puppet and SaltStack. Typical scripts call utilities such as systemctl or service to restart or reload services, similar to maintenance tasks performed in Red Hat Enterprise Linux and Debian GNU/Linux administration. Integration with monitoring platforms like Nagios, Zabbix, and Prometheus allows alerting on rotation failures.

Integration and Usage Examples

Common examples include rotating web server logs for Apache HTTP Server and Nginx, database logs for PostgreSQL and MySQL, and mail logs for Postfix and Exim. In containerized environments with Docker and Kubernetes, logrotate can be deployed as a sidecar or node-level utility to handle logs collected by agents like Fluentd, Logstash, and Filebeat. System images from Debian, Ubuntu, CentOS, and Amazon Linux often include packaged logrotate configurations tailored for services such as rsyslog, systemd-journald, docker-engine, and kubelet. Operators automate configuration deployment using Ansible, Puppet, Chef, or SaltStack to ensure consistency across fleets in cloud providers like AWS, GCP, and Azure.

Security and Reliability Considerations

Proper file ownership and permissions are essential to prevent privilege escalation risks observed in multi-tenant hosts on platforms like OpenStack and Cloud Foundry. Secure handling of rotated files mitigates data leakage concerns relevant to compliance regimes such as HIPAA, PCI DSS, and GDPR. Race conditions during rotation may affect services relying on file descriptors (e.g., Postfix, Dovecot, OpenSSH); strategies include coordinated reloads with systemd unit files and use of 'copytruncate' where necessary. Testing and monitoring of rotation jobs via Nagios, Zabbix, and centralized logging systems like ELK Stack reduce the chance of data loss during emergency responses.

Implementation and Alternatives

logrotate is implemented in C and distributed under the GNU General Public License; it is maintained in many distributions' package repositories alongside alternatives and complementary tools such as logadm (Solaris), newsyslog (FreeBSD), rotatelogs (part of Apache HTTP Server), and log management platforms like Splunk, Graylog, and Elastic Stack. For container-native logging, solutions including Fluentd, Vector, and Promtail provide aggregation and retention features that can replace local rotation in cloud-native architectures. logrotate remains a pragmatic choice for traditional Unix and Linux system administration across projects like Debian, Red Hat, Ubuntu, CentOS, and Arch Linux.

Category:Unix software