15

for some reason the old log files are not deleted. Example with apache

What the conf file says:

$ cat /etc/logrotate.d/apache2
/var/log/apache2/*.log {
    weekly
    missingok
    rotate 2
    compress
    delaycompress
    notifempty
    create 640 root adm
    sharedscripts
    postrotate
            /etc/init.d/apache2 reload > /dev/null
    endscript
}

The (cropped) content of the log folder:

# ls /var/log/apache2/
access.log       error.log.26.gz                other_vhosts_access.log.20.gz  access-ssl.log.14.gz
access.log.1     error.log.27.gz                other_vhosts_access.log.21.gz  access-ssl.log.15.gz
access.log.2.gz  error.log.28.gz                other_vhosts_access.log.22.gz  access-ssl.log.16.gz
access.log.3.gz  error.log.2.gz                 other_vhosts_access.log.23.gz  access-ssl.log.17.gz
[...]

Actually there are lots of them:

# ls /var/log/apache2/ | wc -l
85

The logrotate command with --verbose gives me this:

# /usr/sbin/logrotate --verbose  /etc/logrotate.conf
[...]
reading config file apache2
reading config info for /var/log/apache2/*.log
[...]
rotating pattern: /var/log/apache2/*.log  weekly (2 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/apache2/access.log
  log does not need rotating
considering log /var/log/apache2/error.log
  log does not need rotating
considering log /var/log/apache2/other_vhosts_access.log
  log does not need rotating
considering log /var/log/apache2/pbpdhg-ssl.log
  log does not need rotating
not running postrotate script, since no logs were rotated
[...]

What is wrong here ? The logs are rotated but not removed? What am I missing?

SamK
  • 1,356
  • 3
  • 14
  • 28

2 Answers2

17

your configuration says: rotate 2

that means log files are rotated 2 times before being removed, so logrotate only cares about 2 files.

my guess is that the configuration was changed at some point, because previously more log files were kept, maybe it was something like rotate 28. these older files you have to remove manually.

johnshen64
  • 5,865
  • 24
  • 17
  • I cannot prove the answer so I guess it's right. However I don't understand why `access.log.3.gz` is still present. – SamK Apr 10 '12 at 08:39
  • 2
    Because rotate 2 only handles 2 files, i.e., .1.gz and .2.gz, and ignores other files. – johnshen64 Apr 10 '12 at 13:15
  • 1
    I've changed the rotate 365 to rotate 90, and the access.log.90.gz is the latest changed so far. The access.log.91.gz has been removed (as logrotate keeps only 90), but not the > 91. So johnshen64 is right, you have to remove anything > 2. – Yvan Feb 19 '15 at 11:05
  • Here's a tip on how to deal with this automatically, i.e. via config management on many servers: http://serverfault.com/a/636883/9082 – Martijn Heemels May 27 '15 at 13:36
-3

The logs with suffix .gz are not considered because you specified: /var/log/apache2/*.log

So 2 .log and all .gz files remain.

To change this put there

/var/log/apache2/**log* or some regular expression.

Neg88
  • 1
  • Sorry just one asterisk before log – Neg88 Jun 19 '16 at 14:11
  • 2
    For the asterisk problem, you can edit your post. More generally, why do you think the accepted answer is wrong? logrotate wants the base name files and deals with .gz additions as needed. – Law29 Jun 19 '16 at 14:27
  • This answer is actually harmful as there's a risk it could result in files getting rotated over and over again, at least with some logrotate versions. It will compress the files first, then match the compressed files and keep on rotating them. – Richlv Sep 18 '18 at 21:16