I'm new to Ubuntu and want to know how does one manage all these log files? They must be taking up a lot of space. I would like to clean them out, in the same way that I can when using Event Viewer in Windows 2000/XP.
While Windows users are familiar with Event Viewer for monitoring application, system, security logs and how to manage or archive log files, administering log files on Ubuntu (or any Linux distribution) is not easily found by new users.
The mechanism for managing log size, archiving (rotation), and deleting is accomplished with a utility called logrotate.
Logrotate is installed during installation, has no GUI interface and is managed via configuration files which is run by a daily cron job.
To see which log files currently are setup with logrotate, open a Terminal window (Application \Accessories) or Nautilis File browser (Places \ Computer then click on File System) and navigate to /etc/logrotate.d
wtn@wtn2:~$ ls -l /etc/logrotate.d
total 40
-rw-r-r- 1 root root 137 2007-08-15 10:33 acpid
-rw-r-r- 1 root root 126 2007-10-06 08:30 apport
-rw-r-r- 1 root root 84 2007-10-15 16:40 apt
-rw-r-r- 1 root root 79 2007-09-15 05:25 aptitude
-rw-r-r- 1 root root 250 2007-10-15 07:13 cupsys
-rw-r-r- 1 root root 111 2007-09-21 16:21 dpkg
-rw-r-r- 1 root root 94 2007-10-04 15:57 ppp
-rw-r-r- 1 root root 68 2007-10-04 07:18 scrollkeeper
-rw-r-r- 1 root root 114 2007-04-24 05:42 unattended-upgrades
-rw-r-r- 1 root root 80 2007-09-24 14:35 wpa_action
The logrotate utility settings, itself, are configured via the config file logrotate.conf (located in /etc directory) and also include global parameters for rotating logs as shown below.
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp — we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
# system-specific logs may be configured here
You can override the default settings by creating a config file that tells logrotate how you want a specific log file archived. These config files are located in the directory /etc/logrotate.d (which is listed above and specified in logrotate.conf under #packages drop log rotation information into this directory)
NOTE: When logrotate archives a log, it is essentially copying them to a backup file and creating a new log.
An example config file is shown below for apt logs.
/var/log/apt/term.log {
rotate 6
monthly
compress
missingok
notifempty
}
In the above example:
rotate 6 - rotate the log six times before deleting older rotated logs.
monthly - rotates logs once a month.
compress - tells logrotate to compress logs when rotated (logs are named with .gz extension).
missingok - if the log file is missing, go on to the next one without issuing an error message.
notifempty - will not rotate log if empty.
More configuration parameters can be used with logrotate. For a complete list, see linuxcommand.org for logrotate man pages.
Logrotate runs daily as a cron job, usually without any special intervention by the typical user or System Administration. You can see the cron job in /etc/cron.daily directory.
As a normal user on Ubuntu, you can also make use of logrotate, if you have any applications or programs that create a log file. To do this you would make a config file, or copy an existng config file (similar to the one shown above) and drop it in the /etc/logrotate.d directory.
Or if you want to make your own schedule for managing log files, you can follow the steps outlined in the article Log Rotate For Users at kavlon.org.
What About System Generated Logs?
Up until this point, we have been learning about application and utility log file rotation.
On Ubuntu Computers, System logs are managed by the /etc/syslog.conf file which is read by the daily cron job script /etc/cron.daily/sysklogd that will rotate any log files specified in syslog.conf.
This eliminates the need to create log rotation configuration files, for system log files, found in /etc/logrotate.d directory. The script runs every 24 hours.
For Windows users making the switch over to Ubuntu, managing log files on Ubuntu may seem challenging (since using Event Viewer is very simple). But once you mastered logrotate, you will find it provides a complete solution for managing all types of log files. Especially since no simple method exists on Windows to manage log file growth for application or program logs.
Leave a Comment