Using Logrotate to Manage Nginx Log Files

Logrotate is a Linux log management tool that can rotate, compress, and purge log files based on time or size. Nginx does not provide built‑in log rotation, so Logrotate is commonly used to keep access.log and error.log from growing indefinitely.

Installation

On most distributions Logrotate is pre‑installed. If not, install it with the package manager:

yum install -y logrotate

Or verify its presence with:

rpm -ql logrotate

Basic configuration

The main configuration file is /etc/logrotate.conf . A typical snippet looks like:

# rotate log files weekly
weekly
# keep 4 weeks of logs
rotate 4
# create new empty log files after rotation
create
# add date suffix to rotated files
dateext
# include custom configs
include /etc/logrotate.d

Custom configurations are placed in /etc/logrotate.d . For example, to rotate all .log files under /opt/logtest daily and keep two versions:

/opt/logtest/*.log {
    daily
    rotate 2
    copytruncate
    missingok
}

The copytruncate option copies the current log to a rotated file and then truncates the original, allowing the application to continue writing without reopening the file.

Manual rotation

Logrotate runs daily via /etc/cron.daily/logrotate . To test immediately, force a rotation:

logrotate -vf /etc/logrotate.d/test

Before running, create test log files:

touch test1.log
touch test2.log

During rotation Logrotate copies the source log to test1.log.1 , truncates the original, and renames older files (e.g., test1.log.1 becomes test1.log.2 ) respecting the rotate limit.

copytruncate vs create

copytruncate : copies then truncates; may lose logs during the copy window and incurs extra I/O.

create : renames the old file and creates a fresh empty file with the same name; requires notifying the application (e.g., sending USR1 to Nginx) to reopen the new log.

Custom schedules

Logrotate follows cron timing. To rotate hourly, copy the daily script to /etc/cron.hourly and set hourly in the config:

cp /etc/cron.daily/logrotate /etc/cron.hourly/

For arbitrary times, add a crontab entry, for example, to run at 23:59 each day:

59 23 * * * /usr/sbin/logrotate -f /etc/logrotate_mytime/nginx

Restart the cron service after editing:

service crond restart   # CentOS 6
systemctl restart crond   # CentOS 7

NGINX specific configuration

Create a file /etc/logrotate.d/nginx with:

/opt/docker-ws/nginx/logs/*.log {
    daily
    size 5M
    rotate 30
    copytruncate
    notifempty
    missingok
    dateext
}

This rotates Nginx logs daily when they exceed 5 MiB, keeps the last 30 files, and adds a date suffix.

If SELinux blocks rotation, either disable SELinux or adjust the context:

# Allow /opt/logtest directory for logrotate
semanage fcontext -a -t var_log_t "/opt/logtest(/.*)?"
restorecon -Rv /opt/logtest

Additional tips

Always specify rotate , daily , etc., in custom files; otherwise defaults from /etc/logrotate.conf are not inherited.

Use dateext with dateformat to customize the date suffix (e.g., -%Y-%m-%d ).

When using create , remember to send a signal to Nginx ( kill -USR1 $(cat /run/nginx.pid) ) so it reopens the new log file.