December 11, 2020 - 1 minute read

Day 18 : Logs

This is part of the #LinuxUpSkillChallenge. Don't forget to also check out the Official Instructions and the Reddit posts.

1. What is log rotation?

In information technology, log rotation is an automated process used in system administration in which log files are compressed, moved (archived), renamed or deleted once they are too old or too big (there can be other metrics that can apply here).

2. How logs rotate?

Typically, a new logfile is created periodically, and the old logfile is renamed by appending a number to the name. Each time a new log file is started, the numbers in the file names of old logfiles are increased by one, so the files “rotate” through the numbers (thus the name “log rotation”). Old logfiles whose number exceeds a threshold can then be deleted or archived off-line to save space.

3. Log Rotate

To edit the configuration for log rotation: sudo vim /etc/logrotate.conf

Frequency can be hourly, daily, weekly, monthly or yearly:

# rotate log files weekly
weekly

Log files are rotated count times before being removed. If count is 0, old versions are removed rather than rotated.

# keep 4 weeks worth of backlogs
rotate 4

Old versions of log files are compressed with gzip by default:

# comment this if you want your log files uncompressed
compress

4. Journaling

The process of collecting and managing logs is known as journaling.

Linux uses journalctl as the utility to query all that journal information:

For more detail on how I did each day, check out my log on Reddit. Follow me on Twitter for daily updates.