Linux USES logrotate to cut log files

In order to understand the running state of the program when it is running, it will output log files. After a long time, the log files will become very large and even reach the level of GB. I use the logrus package to log in golang application, which is very convenient to configure and use. However, there is no log segmentation function. After running the application online for one month, the log files have reached hundreds of megabytes. Then I discovered logrotate, which is the log splitting tool that comes with centos, and it can be timed to split logs without installing additional components.

1. Operating principle

logrotate cron run by the system, the position in/etc/cron daily/logrotate

#!/bin/sh
/usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
 /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0

Can see the entrance to the configuration file is/etc logrotate conf, in turn, run/etc/logrotate conf. Found in the configuration file if d configuration logrotate no execution, might check if there is an open system under crond service

2. The configuration

If you have nginx installed, you can refer to the configuration example in nginx

/var/log/nginx/*log {
 create 0644 nginx nginx
 daily
 rotate 10
 missingok
 notifempty
 compress
 sharedscripts
 postrotate
  /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
 endscript
}

Line 1 defines the path to the log file, which can be matched with * wildcard, and 1 can be defined as *.log to match all the log files. You can also specify multiple files, separated by Spaces, for example

/var/log/nginx/access.log /var/log/nginx/error.log {
 
}

Inside the curly braces are the parameters related to log cutting. Below are the commonly used cutting parameters

Whether compress is on compression, the compression format gzip Unturned compression compresscmd custom compression command compressexty compressed filename suffix compressoptions compression option copy copy 1 file create, followed by mode owner group, sets the permissions for the new log file daily is divided by the day weekly is divided by week monthly is divided by month rotate is followed by a number indicating that the history of a file needs to be kept, and if the number is exceeded, it will be deleted or sent by email size is split after the file size, such as 100k, 100M missingok ignores nonexistent files and makes no errors notifempty does not split empty files sharedscripts works with postrotate and prerotate to make them execute only once After the postrotate/endscript file is split, execute the command between postrotate and endscript Before the prerotate/endscript file is split, execute the command between prerotate and endscript

Let's look at some examples

/var/log/httpd/error.log {
 rotate 5
 mail i@wuyuans.com
 size=100k
 sharedscripts
 postrotate
  /sbin/killall -HUP httpd
 endscript
}

Cutting/var/log/httpd/error log log files, and more than 100 k after cutting, keep the latest five history, more than 5 email to fss@qq.com, postrotate command is to let httpd reopen the log file.

/var/lib/mysql/mysqld.log {
 # create 600 mysql mysql
 notifempty
 daily
 rotate 3
 missingok
 compress
 postrotate
 # just if mysqld is really running
 if test -x /usr/bin/mysqladmin && \
 /usr/bin/mysqladmin ping &>/dev/null
 then
 /usr/bin/mysqladmin --local flush-error-log \
    flush-engine-log flush-general-log flush-slow-log
 fi
 endscript
}

This is a cut of the mysql log, 1 copy per day, ignore empty files, keep the latest 3 copies, and use gzip compression

/home/wuyuan/log/*.log {
 su wuyuan wuyuan
 create 0777 wuyuan wuyuan
 daily
 rotate 10
 olddir /home/wuyuan/log/old
 missingok
 postrotate
 endscript
 nocompress
}

This is the configuration item I am using, cutting all the log files, log files, 1 copy per day, keeping 10 copies, setting permissions 777 for new files, keeping the historical files in old directory for easy viewing. Because the application's logrus USES append to write to the log, there is no need to reopen the log file, which logrus does quite well.

3. The test

After writing the configuration file, you can manually execute it to verify that it is available.

logrotate -f /etc/logrotate.d/wuyuan

Where -f stands for enforcement, other commands can be viewed with help

logrotate --help
 usage : logrotate [OPTION...] <configfile>
 -d, --debug Don't do anything, just test (implies -v)
 -f, --force Force file rotation
 -m, --mail=command Command to send mail (instead of `/bin/mail')
 -s, --state=statefile Path of state file
 -v, --verbose Display messages during rotation
 -l, --log=STRING Log file
 --version Display version information
Help options:
 -?, --help Show this help message
 --usage Display brief usage message

If there is no problem, the log will be moved to the old directory with the date, and the previous log file will be emptied