Logrotate can be used to prevent log files getting too large and taking up too much disk space.

Quick Links:
Configuring /var/logrotate.conf
Log rotate configuration blocks for applications
Log rotation configuration block example
Log rotation ‘count’
Log rotation ‘interval’
Log rotation ‘size’
Log rotation ‘compression’
Log rotation ‘nocompress’ to prevent logs being compressed
Log rotation ‘delaycompress’ to prevent logs being compressed straight away
Post rotate script (executed at log rotation)
Shared script to prevents postrotate restarting application twice
Some useful commands for log rotate

Configuration file

The configuration file for log rotate /var/logrotate.conf

There is a line in this file that will show you where to find most of the application-specific configuration files. The line should look similar to:

include /etc/logrotate.d


If type the following command you see the log rotate configuration files for the applications on your server:

ls /etc/logrotate.d

You should then see a list of applications similar to the following output:

dracut  fail2ban  glusterfs  holland  httpd  mysqld  newrelic-sysmond  nginx  php-fpm  syslog  vsftpd  yum

Example: /var/logrotate.d/fail2ban

/var/log/fail2ban.log {
rotate 7
/usr/bin/fail2ban-client flushlogs  1>/dev/null || true


Rotate count – this determines how many archive logs will be kept around before starts deleting the older ones. Example:

rotate 4

Rotation Interval – This can be used to specify how often to rotate a particilar log. Example(s):




Size – This can be used to perform logrotation depending on the size of the log file. The log file will then be rotated when the log file exceeds the size set.  Example(s):

size 100k

size 100M
size 100G

Compression – if you would like the archived logfiles to be compressed in the gzip format then you can do the following:

Option 1 – add the following line to /var/logrotate.conf


Option 2 – for more granular control you can add the following command to each application config file in /etc/logrotate.d/ (if it has not already been added to /var/logrotate.conf)



If you have specified compressing on /var/logrotate.conf and you have some log files you do not want compressed then you can use nocompress to stop compression. If you go to the applications config file in /var/logrotate.d/application then you can add the following line to stop compression of the log files:



This can be used to compress the log files with a delay in case you do not want them compressed straight away.

Note: delaycompress only works if you have compress in your config file


This is a script that is run by logrotate each time it rotates a log file for an application. You will normally want to use this to restart an application after the log rotation so the app can switch to a new log.

Note: You can see how this can be implemented into a config file by looking back at the example given in the /etc/logrotate.d/ section above (click here).

    /usr/sbin/application restart > /dev/null

Note: you could also specify graceful instead of restart

> /dev/null pipes the command output to nowhere. If this was not implemented then the output of the command would be sent to the console/log/email etc and you do not really need to know if everything restarted correctly.

Shared Script

If your application is rotating both error logs and access logs such as apache then using ‘postrotate’ there is a possibility that the application will be restarted twice. If you add the following command then it will wait until it has checked all of the logs for the config block before running the postrotate script. If both of the logs get rotated then the postrotate script will only run once:




View when the log files were last rotated:

less /var/lib/logrotate.status 


Force the log files to be rotated on all file located in /var/lib/logrotate.status:

/usr/sbin/logrotate -vf /etc/logrotate.conf


Force log rotation on a specific file:

logrotate –force $CONFIG_FILE