简介
logrotate是一个linux系统日志的管理工具。
功能
- 可以对单个日志文件或者某个目录下的文件按时间、大小进行切割,压缩操作;
- 指定日志保存数量;
- 还可以在切割之后运行自定义命令。
运行时机
logrotate是基于crontab运行的,所以执行的时间是由crontab控制的,系统会按照计划的频率运行;
通常是每天在大多数的Linux发行版本上,每天运行的脚本位于/etc/cron.daily/logrotate。
crontab执行的脚本文件
root@ecs-349586-0001:~# ls -al /etc/cron*
-rw-r--r-- 1 root root 722 Nov 16 2017 /etc/crontab
/etc/cron.d:
total 20
drwxr-xr-x 2 root root 4096 Feb 24 2021 .
drwxr-xr-x 102 root root 4096 Jan 21 21:34 ..
-rw-r--r-- 1 root root 589 Jun 26 2018 mdadm
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
-rw-r--r-- 1 root root 190 Feb 24 2021 popularity-contest
## 按天
/etc/cron.daily:
total 60
drwxr-xr-x 2 root root 4096 Feb 24 2021 .
drwxr-xr-x 102 root root 4096 Jan 21 21:34 ..
-rwxr-xr-x 1 root root 376 Nov 21 2017 apport
-rwxr-xr-x 1 root root 1478 Apr 20 2018 apt-compat
-rwxr-xr-x 1 root root 355 Dec 29 2017 bsdmainutils
-rwxr-xr-x 1 root root 1176 Nov 3 2017 dpkg
-rwxr-xr-x 1 root root 372 Aug 22 2017 logrotate
-rwxr-xr-x 1 root root 1065 Apr 7 2018 man-db
-rwxr-xr-x 1 root root 539 Jun 26 2018 mdadm
-rwxr-xr-x 1 root root 538 Mar 2 2018 mlocate
-rwxr-xr-x 1 root root 249 Jan 25 2018 passwd
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
-rwxr-xr-x 1 root root 3477 Feb 21 2018 popularity-contest
-rwxr-xr-x 1 root root 246 Mar 22 2018 ubuntu-advantage-tools
-rwxr-xr-x 1 root root 214 Jun 27 2018 update-notifier-common
## 按小时
/etc/cron.hourly:
total 12
drwxr-xr-x 2 root root 4096 Feb 24 2021 .
drwxr-xr-x 102 root root 4096 Jan 21 21:34 ..
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
## 按月份
/etc/cron.monthly:
total 12
drwxr-xr-x 2 root root 4096 Feb 24 2021 .
drwxr-xr-x 102 root root 4096 Jan 21 21:34 ..
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
## 按周
/etc/cron.weekly:
total 20
drwxr-xr-x 2 root root 4096 Feb 24 2021 .
drwxr-xr-x 102 root root 4096 Jan 21 21:34 ..
-rwxr-xr-x 1 root root 723 Apr 7 2018 man-db
-rw-r--r-- 1 root root 102 Nov 16 2017 .placeholder
-rwxr-xr-x 1 root root 211 Jun 27 2018 update-notifier-common
root@ecs-349586-0001:~#
logrotate具体的执行文件
除了上面检查状态之外,最重要的命令就是/usr/sbin/logrotate /etc/logrotate.conf,也就是执行日志分割的命令语句。
root@ecs-349586-0001:~# cat /etc/cron.daily/logrotate
#!/bin/sh
# Clean non existent log file entries from status file
cd /var/lib/logrotate
test -e status || touch status
head -1 status > status.clean
sed 's/"//g' status | while read logfile date
do
[ -e "$logfile" ] && echo "\"$logfile\" $date"
done >> status.clean
mv status.clean status
test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf
status文件
root@ecs-99465:/var/lib/logrotate# cat status
logrotate state -- version 2
"/var/log/syslog" 2022-3-23-6:25:1
"/var/log/dpkg.log" 2022-1-1-6:25:1
"/var/log/unattended-upgrades/unattended-upgrades.log" 2022-3-23-6:0:0
"/var/log/unattended-upgrades/unattended-upgrades-shutdown.log" 2021-11-27-6:0:0
"/var/log/auth.log" 2022-3-20-6:25:1
"/var/log/apt/term.log" 2022-1-1-6:25:1
"/var/log/ppp-connect-errors" 2022-3-23-6:0:0
"/var/log/apport.log" 2022-3-23-6:0:0
"/var/log/apt/history.log" 2022-1-1-6:25:1
"/var/log/alternatives.log" 2021-11-27-6:0:0
"/var/log/debug" 2022-3-23-6:0:0
"/var/log/mail.log" 2022-3-23-6:0:0
"/var/log/kern.log" 2022-1-26-6:25:1
"/var/log/ufw.log" 2022-1-30-6:25:1
"/var/log/daemon.log" 2022-3-23-6:0:0
"/var/log/chrony/*.log" 2022-3-23-6:0:0
"/var/log/wtmp" 2022-3-1-6:25:1
"/var/log/mail.warn" 2022-3-23-6:0:0
"/var/log/btmp" 2022-3-1-6:25:1
"/var/log/lpr.log" 2022-3-23-6:0:0
"/var/log/mail.err" 2022-3-23-6:0:0
"/var/log/unattended-upgrades/unattended-upgrades-dpkg.log" 2022-3-23-6:0:0
"/var/log/user.log" 2022-3-23-6:0:0
"/var/log/mail.info" 2022-3-23-6:0:0
"/var/log/lxd/lxd.log" 2022-3-23-6:0:0
"/var/log/cron.log" 2022-3-23-6:0:0
"/var/log/messages" 2022-3-23-6:0:0
配置文件
默认配置 配置说明,此文件主要是提供自定以配置的相关默认值,例如weekly配置执行周期为每周,rotate配置日志文件在被删除或邮寄到mail指令中指定的地址之前会被循环计数;如果计数为0,旧版本将被删除而不是旋转。
页面include /etc/logrotate.d 语句是引入自定配置文件的命令,如下rsyslog/nginx为例都是在/etc/logrotate.d 目录下配置的。
root@ecs-349586-0001:~# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# use the syslog group by default, since this is the owning group
# of /var/log/syslog.
su root syslog
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}
# system-specific logs may be configured here
Rsyslog
root@ecs-349586-0001:~# cat /etc/logrotate.d/rsyslog
/var/log/syslog
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
/usr/lib/rsyslog/rsyslog-rotate
endscript
}
自定义nginx脚本为例
daily
dateext
missingok
rotate 7
notifempty
create 644 root root
sharedscripts
postrotate
[ ! -f /usr/local/nginx/logs/nginx.pid ] || kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`
endscript
}
命令格式
logrotate [OPTION...] <configfile>
-d, --debug :debug 模式,测试配置文件是否有错误。
-f, --force :强制转储文件。
-m, --mail=command :压缩日志后,发送日志到指定邮箱。
-s, --state=statefile :使用指定的状态文件。
-v, --verbose :显示转储过程。
手动运行
一般写好配置文件之后,最好使用logrotate -d /etc/logrotate.d/nginx 进行验证是否正确,因为debug模式不是真正的执行,只是会打印出执行的步骤。
debug 模式:指定 [-d|--debug]
并不会真正进行 rotate 或者 compress 操作,但是会打印出整个执行的流程,和调用的脚本等详细信息。
logrotate -d <configfile>
verbose 模式: 指定 [-v|--verbose]
会真正执行操作,打印出详细信息(debug 模式,默认是开启 verbose)
logrotate -v <configfile>
参考
- logrotate(8) - Linux man page (die.net)
- Linux 日志切割神器 logrotate 原理介绍和配置详解 | HelloDog (wsgzao.github.io)
- 被遗忘的Logrotate | 火丁笔记 (huoding.com)
- 登录文件的轮替 logrotate | Linux 系统教程(笔记) (zq99299.github.io)
- supervisor+logrotate 守护进程和管理日志 (vitalyoung.github.io)
- python supervisor 日志_supervisord + logrotate实现程序日志按天备份 - CodeAntenna
