40

Can I delete everything in /var/log? Or should I only delete files (recursively) in /var/log but leave folders?

Does anyone have a good rm command line? (My admin skills leave me nervous.)

Note: I am using Debian. I am not sure what version.

Aaron Copley
  • 12,525
  • 5
  • 47
  • 68
  • 3
    Deleting log files is a bad idea (you'll also need to find every running process that has it's own log file and "kill -HUP" it, a soft restart that will result in the program recreating any necessary log files). I would strongly advise against deleting log files, rely on utilities like logrotate to manage the contents of /var/log for you automatically (it does stuff like HUP the processes) If I may I'd like to tackle this from a different angle. What problem are you trying to resolve that's led you to consider this? – Twirrim Sep 29 '10 at 17:34

10 Answers10

31

Delete all files:

find /var/log -type f -delete

Delete all .gz and rotated file

find /var/log -type f -regex ".*\.gz$"
find /var/log -type f -regex ".*\.[0-9]$"

Try run command without "-delete", to test it.

bindbn
  • 5,211
  • 2
  • 26
  • 24
31

Instead of deleting the files you should rotate them, e. g. using logrotate.

You never know when you'll actually need the logs from some time ago, so it's better to archive them (up to a reasonable age, e. g. 3 months).

logrotate can compress your old log files so they don't occupy a lot of disk space.

joschi
  • 21,387
  • 3
  • 47
  • 50
  • 5
    logrotate can also delete the oldest files. – Kevin M Sep 28 '10 at 12:13
  • 12
    Well, IMHO deleting all logs can make perfect sense in some cases. For example I want to build a Virtial Machine image to be used for new deployments. Needless to say I would like it to be a really clean system without any logs, histories, caches etc. saved. – Ivan Oct 15 '12 at 18:54
  • 3
    Sorry, but looking at three months old log files is archeology. If you collect logs to identify problems, then evaluate them quickly. – countermode Aug 14 '14 at 14:40
  • 9
    @countermode You are never in the mood for nostalgia? Like looking at the 3 month old log files thinking about good ol' times? – Broco Aug 14 '14 at 14:51
  • OK, I see the command. How to use it? man logrotate says use it in cron. I suppose with the -f option? – SDsolar Aug 13 '17 at 23:30
  • @countermode there are plenty of times when old logs can be useful. For example your client can claim you didn't process one of his files and you can see whether that file ever came in. – Gnudiff Jan 14 '18 at 08:16
  • @Gnudiff: This is a very concrete use case, and a valid one (presenting evidence for _particular_ events to third parties). I deal with many customers, and almost always logs are collected as by the vendor provoded default policy (in various places and formats, of course) and are never looked at unless something unexpected happens. I simply claim that you could delete such logs as well with only little loss of information. – countermode Jan 14 '18 at 22:38
21

If you delete everything in /var/log, you will most likely end up with tons of error messages in very little time, since there are folders in there which are expected to exist (e.g. exim4, apache2, apt, cups, mysql, samba and more). Plus: there are some services or applications that will not create their log files, if they don't exist. They expect at least an empty file to be present. So the direct answer to your question actually is "Do not do this!!!".

As joschi has pointed out, there is no reason to do this. I have debian servers running that haven't had a single log file deleted in years.

wolfgangsz
  • 8,847
  • 3
  • 30
  • 34
  • I didnt realize that. good to know. +1 + changed my accept. –  Sep 28 '10 at 21:31
  • 1
    I have just done this. Wish! I had read this answer earlier – VarunAgw May 30 '15 at 18:41
  • 1
    There are valid reasons to remove log files, IMHO. For instance, you are exporting a virtual machine for use by others, but you don't want the virtual machine image to contain details of everything that has happened before exporting. – a3nm Nov 16 '17 at 20:43
  • One reason could be, in a scenario where you're trying to cover the tracks of a system intrusion, although I think this would make a lot of noise. – bl3ssedc0de Jun 30 '22 at 03:07
  • A reason could also be to simply optimize the space before exporting a virtual machine. This then results in a smaller template file. – finrod Mar 14 '23 at 10:34
12

I'm cloning virtual machines from a master. It makes perfect sense to clear the log on the master so that when you boot the clones you won't get the master's log. I did in tcsh:

cd /var/log
foreach ii ( `find . -type f` )
foreach? cp /dev/null $ii
foreach? end

which clears the logs but keeps the files.

Dror
  • 241
  • 2
  • 4
11

Cleaning all logs on a Linux system without deleting the files:

for CLEAN in $(find /var/log/ -type f)
do
    cp /dev/null  $CLEAN
done

Samba (/var/www/samba) creates log file-names with ip addresses, you may want to delete them:

for CLEAN in $(find /var/log/samba -type f)
do
    rm -rf $CLEAN
done
Pedro Lobito
  • 479
  • 1
  • 5
  • 13
2

You can use the option ctime to find old files... for example:

find -ctime +30

As bindbn explain, first try the find fetch files and after use the option delete :D

Felipe Cardoso Martins
  • 131
  • 4
2

/var/log often has permissions of drwxrwxr-x, so is not user writable unless the user is root or belongs to a privileged group. That means new log files cannot be created by non-privileged users.

Applications that expect to log to a point within /var/log will often touch a file into existence somewhere in the /var/log hierarchy during install time (which often occurs with elevated privileges), and will chmod and possibly chown it at that time to permissions appropriate for the unprivileged users who will be using the application.

Apache logs, for example, are usually written to by nobody, who is a user with as few privileges as possible for Apache to get its job done without putting the system at undue risk. But even a more run-of-the-mill application often expects to be able to write to a logfile in /var/log.

So what happens if the logfile, and the path to the logfile don't exist? That's entirely up to the application. Some applications will quietly skip logging. Others will create a lot of warnings. And others will simply bail out. There's no hard-fast rule; it's up to the vigilance of the application developer, as well as how critical the developer considers its ability to log. At best the application will attempt to either write to, or possibly create and then write to a log file at a destination within /var/log, and will find itself unable to do so because it's being run by a user who doesn't have privileges to write into that part of the filesystem.

So the short answer is no, don't delete everything in /var/log -- it breaks the contract users with sufficient privileges to do such things have with the applications that run on their system, and will cause some noise, some silent failure to log, and some all-out breakage.

The appropriate action to take is to set up logrotate with appropriate config files. Typically rotation will be associated with a cron job. Rotation can be interval based, or size based, or both. It's even possible to set up rules that avoid interval based rotation if the logfile is still empty when the interval expires. Rotation can include mailing of logfiles, compression, deletion, shredding, and so on.

The average user wouldn't need to be too concerned about log rotation. Developers would probably want to ensure that logs they use have rotation rules established. In fact, it is likely good manners on the part of developers to set up log rotation at install time for any software-specific logs that software will be creating and writing.

DavidO
  • 151
  • 4
1

I've implemented a simple cleaner here:

https://github.com/Lin-Buo-Ren/Coward-Unix-Log-Cleaner

It simply:

  • Deletes file names with the following logrotated filename patterns under /var/log
    • ^.*/.+\.[[:digit:]]+(\.[[:alpha:]]+)?$
    • ^.*/.+\.old$ (case-insensitive)
  • Truncate/Empty files with filenames with the following log filename patterns under /var/log
    • ^.*/.+\.log$ (case-insensitive)
Buo-ren Lin
  • 13
  • 3
-1

Yes you can.

To delete all logs automatically, edit edit the file .bashrc. In your terminal type any of the below

nano ~/.bashrc - 
leafpad ~/.bashrc - Then save
gedit ~/.bashrc - Then save

For nano click ctl + O to save and ctrl + x to exit edit mode


Add the following to the bottom of the file contents 
rm -r /var/log # Deletes logs directory
clear # Clear the terminal

This file is executed every time you log in or launch a terminal instance, thus your logs will always be deleted.

You can also delete them based on time. E.g 3 days ago

find /yourlog/path -mindepth 1 -mtime +3 -delete
  • -mindepth 1 means process all files except the command line arguments.
  • -mtime +3 will check for the files that were modified 3 days ago.
  • -delete will delete them
David Kariuki
  • 109
  • 5
-1
function goodbyelogs {
find /var/log -type f
}

for i in return $(goodbyelogs);
do sudo cat /dev/null > $i;
echo "Log $i has been cleared";
done

make an executable script and try run as root if sudo isnt working for you

assayag.org
  • 119
  • 1