Master Logrotate: Complete Guide to Linux Log Rotation, Configuration, and Custom Scripts

Why Logrotate Matters

Log files are critical for Linux system security and troubleshooting, yet many administrators write ad‑hoc cron scripts for daily log splitting instead of using the built‑in logrotate tool.

Logrotate Configuration Files

The default configuration resides in /etc/logrotate.conf and the directory /etc/logrotate.d/. The main file defines global defaults, while each file in /etc/logrotate.d/ contains service‑specific rules that inherit any missing settings from logrotate.conf.

Logrotate is executed daily by the script /etc/cron.daily/logrotate, which calls /usr/sbin/logrotate with the main configuration.

Command‑Line Options

logrotate [OPTION...] <configfile>
-d, --debug        # test configuration without rotating
-f, --force       # force rotation even if size criteria are not met
-m, --mail=command # mail rotated logs to a specified address
-s, --state=statefile
-v, --verbose      # display detailed actions

Typical Rotation Workflow

When rotating /var/log/messages, the first rotation renames messages to messages.1 and creates a fresh empty messages. Subsequent rotations shift the numbered files (e.g., messages.1 becomes messages.2) and delete the oldest file once the rotate count is reached.

Important Parameters

compress               # gzip the rotated file
nocompress             # do not compress
copytruncate           # copy the file then truncate the original (useful for open logs)
nocopytruncate         # copy without truncating
create mode owner group # create a new log file with specific permissions
delaycompress          # delay compression until the next rotation
nodelaycompress        # compress immediately
missingok              # ignore missing log files
errors address         # send errors to a mail address
ifempty                # rotate even if the log is empty (default)
notifempty             # skip rotation when the log is empty
mail address           # mail the rotated log
nomail                 # do not mail
olddir directory       # move rotated logs to a separate directory
noolddir               # keep rotated logs in the same directory
sharedscripts          # run postrotate script once for all logs
prerotate …
postrotate …
 daily | weekly | monthly # rotation frequency
rotate count           # number of rotated files to keep (0 disables backup)
dateext                # append the current date to the rotated filename
dateformat .%s         # custom date format (supports %Y %m %d %s)
size / minsize         # rotate only when the file reaches a given size

Sample Configurations

Below are practical examples for common services.

# /etc/logrotate.d/nginx
/usr/local/nginx/logs/*.log {
    daily
    rotate 7
    missingok
    notifempty
    dateext
    sharedscripts
    postrotate
        if [ -f /usr/local/nginx/logs/nginx.pid ]; then
            kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
        fi
    endscript
}

# /etc/logrotate.d/php
/Data/logs/php/*log {
    daily
    rotate 365
    missingok
    notifempty
    compress
    dateext
    sharedscripts
    postrotate
        if [ -f /Data/app/php5.6.26/var/run/php-fpm.pid ]; then
            kill -USR1 `cat /Data/app/php5.6.26/var/run/php-fpm.pid`
        fi
    endscript
    postrotate
        /bin/chmod 644 /Data/logs/php/*gz
    endscript
}

# /etc/logrotate.d/tomcat
/Data/app/tomcat-7-huanqiu/logs/catalina.out {
    rotate 14
    daily
    copytruncate
    compress
    notifempty
    missingok
}

# /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler {
    sharedscripts
    compress
    rotate 30
    daily
    dateext
    postrotate
        /bin/kill -HUP `cat /var/run/syslogd.pid 2>/dev/null` || true
    endscript
}

Custom Rotation Scripts

Shell or Python scripts can be used when finer control is required.

# Example shell script (log_rotate.sh)
#!/bin/sh
rotate() {
    logfile=$1
    echo "Rotating $logfile"
    cp $logfile ${logfile}.$(date -d "yesterday" +"%Y%m%d")
    rm -f ${logfile}.$(date -d "7 days ago" +"%Y%m%d")
}
for i in "$@"; do
    rotate $i
done

# Example Python script (log_rotate.py) for jumpserver logs
#!/usr/bin/env python
import datetime, os, shutil, sys
log_path = '/opt/jumpserver/logs/'
log_file = 'jumpserver.log'
yesterday = datetime.datetime.now() - datetime.timedelta(days=1)
dest_dir = os.path.join(log_path, yesterday.strftime('%Y'), yesterday.strftime('%m'))
os.makedirs(dest_dir, exist_ok=True)
shutil.move(os.path.join(log_path, log_file),
            os.path.join(dest_dir, f"{log_file}_{yesterday.strftime('%Y%m%d')}.log"))
os.system('sudo /opt/jumpserver/service.sh restart')

Scheduling and Troubleshooting

Logrotate runs via /etc/cron.daily/logrotate. If a log (e.g., nginx) is not rotating, verify the cron execution, check the script for errors, and consider forcing rotation with the -f option. Adjust the default run time by editing /etc/anacrontab (random delay, start hour range) or by creating explicit cron entries such as:

# Force nginx rotation at 23:59 each day
59 23 * * * /usr/sbin/logrotate -f /etc/logrotate.d/nginx >/dev/null 2>&1

After modifying cron or anacrontab, restart the cron service:

/etc/init.d/crond restart

Recommended Nginx Log Rotation Script

#!/bin/bash
yesterday=$(date -d "-1 days" +"%Y%m%d")
cd "$(dirname "$0")"
basedir=$(pwd)
logdir="${basedir}/bak"
mkdir -p "$logdir"
for log in *.log; do
    mv "$log" "$logdir/${log}.${yesterday}.bak"
    # gzip "$logdir/${log}.${yesterday}.bak"
done
/usr/local/sbin/nginx -s reload
cd "$logdir"
find . -type f -name "*.bak" -mtime +7 -exec rm -f {} \;

This script moves current .log files to a backup directory with a date suffix, reloads nginx, and removes backups older than seven days.