Logs that grow in size uncontrollably can cause unintended consequences. If you keep ignoring the situation, it will only get worse until you run our of disc space, the system starts being unresponsive or processes begin to crash.
Check what’s up
To verify how large your logs are, use (on Linux):
ls -lSh /var/log
It will show long output (-l) including log file sizes (-S) in human readable form (-h). In order to have a peek at the most recent contents without the need to open the file and scroll through a seemingly infinite number of meaningless pages, use the command tail, for example:
tail maillog
If you want it to keep scrolling while you sit back and watch, use:
tail maillog &
Should you run across a log file that you cannot reasonably handle and no longer need, don’t try to delete and recreate it; the affected process may crash. Instead, empty the file using:
> log
Set up logrotate
Some processes may not rotate their logs automatically. The popular open source mail delivery agent dovecot is a good example: it will keep writing to the same log file until the cows come home. On some systems, you may experience such a heavy activity (or demand such a detailed log output), that the resulting log file sizes will be entirely out of the ballpark. In both cases, the nifty log management utility logrotate can lend you a hand.
The logrotate utility looks for its main configuration file at
/etc/logrotate.conf
Here, you will find settings that define how often log files will be rotated, how many backlogs will be kept, and where.
In order to configure logrotate for a process, add a directive such as this one to the main configuration file of logrotate at /etc/logrotate.conf (this is an example for dovecot):
/var/log/dovecot.log {
weekly
minsize 1M
create 0664 vmail vmail
rotate 6
}
Dovecot’s default log file located at /var/log/dovecot.log will be rotated weekly unless it is smaller than 1MB; the user is vmail; the group is vmail. The system will maintain six of these backlog files.
Force logrotate (once)
In order to force logrotate on the command line:
logrotate --force /etc/logrotate.conf
Example output of the ls command before:
-rw-r--r-- 1 root root 0 May 20 2014 dovecot -rw-r--r-- 1 vmail vmail 42805 May 15 2014 dovecot-info.log -rw-r--r-- 1 vmail vmail 120402253 Aug 20 15:12 dovecot.log
Example output of the ls command after:
-rw-r--r-- 1 root root 0 May 20 2014 dovecot -rw-r--r-- 1 vmail vmail 42805 May 15 2014 dovecot-info.log -rw-rw-r-- 1 vmail vmail 0 Aug 20 15:28 dovecot.log -rw-r--r-- 1 vmail vmail 120412659 Aug 20 15:29 dovecot.log-20160820
Leave a Reply