How To Securely Manage Secrets with HashiCorp Vault on Ubuntu 16.04


Logrotate is a method energy that manages the rotation that is automatic compression of log files. If log files were not rotated, compressed, and periodically pruned, they could eventually consume all disk that is available on a method.

Logrotate is set up automatically on Ubuntu 16.04, and it is put up to take care of the log rotation requirements of set up packages, including rsyslog, the standard system log processor.

In this short article, we’ll explore the standard Logrotate setup, then configure log rotation for a fictional customized application.


This guide assumes you’ve got an Ubuntu 16.04 host, with a non-root user that is sudo-enabled as described in Initial Server Setup with Ubuntu 16.04.

Logrotate can be acquired on a great many other Linux distributions also, however the standard setup might quite various. Other parts of this guide will nevertheless long apply as as your form of Logrotate resembles Ubuntu 16.04’s. Follow step one to ascertain your Logrotate variation.

Log into the host as your user that is sudo-enabled to.

Confirming Your Logrotate Variation

If you are utilizing a server that is non-Ubuntu first make certain Logrotate is set up by requesting its variation information:


logrotate 3.8.7

If Logrotate isn't set up you're getting one. Please install the program making use of your Linux circulation's package supervisor.

If Logrotate is set up however the variation quantity is dramatically various, you have problems with a few of the setup talked about inside guide. Reference the documents for the version that is specific of by reading its man web page:

Next we are going to check Logrotate's standard setup framework on Ubuntu.

Exploring the Logrotate Configuration

Logrotate's setup information can generally speaking be located in 2 places on Ubuntu:

  • /etc/logrotate.conf: this file contains some standard settings and creates rotation for a logs that are few are maybe not owned by any system packages. Additionally utilizes an include declaration to pull in setup from any file within the /etc/logrotate.d directory.
  • /etc/logrotate.d/: this is when any packages you install that require assistance with log rotation will put their Logrotate setup. On a install that is standard should curently have files right here for fundamental system tools like apt, dpkg, rsyslog and so forth.

By standard, logrotate.conf will configure log that is weekly (weekly), with log files owned by the root individual therefore the syslog team (su root syslog), with four log files being held (rotate 4), and brand new empty log files being produced following the present one is rotated (create).

Let's take a good look at a package's Logrotate setup file in /etc/logrotate.d. cat the apply for the apt package energy:


/var/log/apt/term.log { turn 12 monthly compress missingok notifempty } /var/log/apt/history.log { turn 12 monthly compress missingok notifempty }

This file contains setup obstructs for 2 log that is different in the /var/log/apt/ directory: term.log and history.log. They both have the options that are same. Any choices maybe not emerge these setup obstructs will inherit the standard values or those emerge /etc/logrotate.conf. The choices set the apt logs are:

  • rotate 12: keep twelve old log files.
  • monthly: turn as soon as a.( month*********************)
  • compress: compress the files that are rotated. this utilizes gzip automatically and leads to files closing in .gz. The compression demand may be changed utilising the compresscmd choice.
  • missingok: do not compose one message in the event that log file is lacking.
  • notifempty: do not turn the log file when it is empty.

There are many others setup solutions. You are able to learn about them all by typing man logrotate regarding demand line to create up Logrotate's handbook web page.

Next, we are going to set a configuration file up to take care of logs for a fictional solution.

Setting Up a good example Config

To manage log files for applications not in the pre-packaged and system that is pre-configured, we now have two choices:

  1. Create a logrotate that is new file and put it in /etc/logrotate.d/. This is run every day while the root individual along side all of those other standard Logrotate jobs.
  2. Create a configuration that is new and run it outside of Ubuntu's default Logrotate setup. This is only really necessary if you want to rotate logs more frequently than daily (an hourly configuration in /etc/logrotate.d/ would be ineffective, because the system's Logrotate setup only runs once a day).( if you need to run Logrotate as a non-root user, or*********************)

Let's stroll through those two choices with a few instance setups.

Adding setup to /etc/logrotate.d/

We desire to configure log rotation for a web that is fictional that sets an access.log and error.log into /var/log/example-app/. It operates while the www-data individual and team.

To atart exercising . setup to /etc/logrotate.d/, first open a fresh file here:

  • sudo nano /etc/logrotate.d/example-app

listed here is a good example file that is config could manage these logs:


/var/log/example-app/*.log {
    every day
    turn 14
    create 0640 www-data www-data
        systemctl reload example-app

Some associated with the configuration that is new inside file are:

  • create 0640 www-data*******) that is www-data( this produces a fresh empty log file after rotation, using the certain permissions (0640), owner (www-data), and team (additionally www-data).
  • sharedscripts: this banner means any scripts included with the setup are run only one time per run, in place of for every single file rotated. The script specified in postrotate would run twice without this option.( since this configuration would match two log files in the example-app directory*********************)
  • postrotate to endscript: this block contains a script to perform following the log file is rotated. Inside full situation we are reloading our instance application. This really is often required to get the application to change up to the newly produced log file.
    Remember that postrotate operates before logs are compressed. Compression could simply take a time that is long and your software should switch to the new logfile immediately. Thelastaction block instead.( for tasks that need to run after logs are compressed, use*********************)

After customizing the config to suit your requirements and saving it in /etc/logrotate.d, you can attempt it by doing a dry run:

  • sudo logrotate /etc/logrotate.conf --debug

This telephone calls logrotate, tips it on configuration that is standard, and turns on debug mode.

Information will print down about which log files Logrotate is managing and just what it could have inked for them. If all appears well, you are done. The conventional Logrotate work will run daily and can include your brand-new setup.

Next, we are going to take to a setup that does not make use of Ubuntu's standard setup anyway.

Creating a completely independent Logrotate Configuration

In this instance we now have a software operating as our individual sammy, producing logs which are kept in /home/sammy/logs/. You want to turn these logs hourly, so we have to set this up not in the /etc/logrotate.d framework supplied by Ubuntu.

First, we are going to produce a setup file inside our house directory. Start it in a text editor:

  • nano /home/sammy/logrotate.conf

Then paste within the configuration that is following*****)


/home/sammy/logs/*.log {
    turn 24

Save and shut the file. We have seen each one of these choices in past actions, but let us summarize: this setup will turn the files hourly, compressing and maintaining twenty-four old logs and producing a log that is new to displace the rotated one.

Youwill need to personalize the setup to fit your application, but that is a start that is good

To test it works, let us make a log file:

  • cd ~
  • mkdir logs
  • touch logs/access.log

Now we have actually a log that is blank within the right spot, let us run the logrotate demand.

Because the logs are owned by sammy we do not need certainly to make use of sudo. We do need certainly to specify a state file however. This file records just what logrotate saw and did final time it went, therefore it runs that it knows what to do the next time. This is handled it can be found at /var/lib/logrotate/status), but we need to do it manually now.( for us when using the Ubuntu Logrotate setup

We'll have Logrotate place the state file right inside our house directory with this instance. I will get anywhere that is available and ( that are convenient*****)

logrotate /home/sammy/logrotate.conf --state /home/sammy/logrotate-state --verbose


reading config file /home/sammy/logrotate.conf Managing 1 logs rotating pattern: /home/sammy/logs/*.log per hour (24 rotations) empty log files are rotated, old logs are eliminated considering log /home/sammy/logs/access.log log doesn't have rotating

--verbose will print down step-by-step information regarding just what Logrotate is performing. Inside full case it looks like it didn't rotate anything. This is Logrotate's first time seeing this log file, so as far it shouldn't be rotated.( as it knows, the file is zero hours old and*****)

If we consider the state file, we are going to note that Logrotate recorded some information regarding the run:

  • cat /home/sammy/logrotate-state


logrotate state -- variation 2 "/home/sammy/logs/access.log" 2017-11-7-19:0:0

Logrotate noted the logs for rotation that it saw and when it last considered them. If we run this command that is same hour later on, the log will undoubtedly be rotated needlessly to say.

(it otherwise would not have, use the --force flag:

If you want to force Logrotate to rotate the log file when*****)

  • logrotate /home/sammy/logrotate.conf --state /home/sammy/logrotate-state --verbose --force

This pays to whenever evaluating postrotate along with other scripts.

Finally, we have to set a cron job up to perform Logrotate hourly. Start your individual's crontab:

This will start a up a text file. There could be some opinions currently within the file that give an explanation for syntax that is basic. Move the cursor down to a new blank line at the end of the file and add the ( that is following*****)


14 * * * * /usr/sbin/logrotate /home/sammy/logrotate.conf --state /home/sammy/logrotate-state

This task will operate on the 14th moment of each and every hour, each day. It operates simply the exact same logrotate demand we went formerly, though we expanded logrotate to its path that is full of******)/usr/sbin/logrotate just to be safe. It's good practice to be as explicit as possible when cron that is writing.

Save the file and exit. This may install the crontab and our task shall operate on the specified routine.

(we should find the rotated and compressed log file access.log.1.gz

If we revisit our log directory in about an hour*******) (or .2.gz in the event that you went Logrotate using the --force banner).


In this guide we verified our Logrotate variation, explored the standard Ubuntu Logrotate setup, and put up two various kinds of customized designs. For more information concerning the demand configuration and line solutions for Logrotate, you are able to read its manual web page by operating man logrotate within terminal.

Just how to Install Ubuntu 16 04 LTS Xenial Xerus day-to-day develop VMWare Workstation

Previous article

Are Digital cameras buying that is still worth?

Next article

You may also like


Leave a Reply

More in Linux