3

I found out that few files seem to pile up in size using this command:

find / -size +50M

Most of them are log files, so I would like to know if it's safe to delete the log files. the log files in question are:

/var/log/httpd/mySite.com-access.log.1
/var/log/httpd/access_log.1
/var/log/httpd/mySite.com-access.log
/var/log/maillog.4.gz
/var/log/maillog

The server os version is: cat /etc/centos-release CentOS release 6.2 (Final)

And if it is ok to delte - how do I do it? Do I just delete the file with rm, or should I "clear it's contents" by doing for example:

cat /dev/null > access_log.1
Nikola
  • 847
  • 4
  • 13
  • 22

4 Answers4

7

Is it safe to delete them? Most likely yes. Some files such as you mail log you may just wish to concat them via cat /dev/null > somefile. Most often files ending in .1 have been rotated out by log rotate, check it's config file as well as often log rotate will delete older files as well. Thus often log files ending in .1 can be deleted.

Weather or not it is a good idea to delete the log files is a different issue all together. Depending on who's server this is and so forth there may be potential legal ramifications for deleting files you are obligated to keep for specified periods of time. If it is your server then it's good to keep the files for as long as you deem them necessary. However before deleting the files it is often good to have a look into some of them looking for commonly repeated message and or the phrases "error", "deny", and "abort".

Red Tux
  • 2,074
  • 13
  • 14
2

logrotate is normally set up by default to rotate weekly and keep 4 old logs. You can get more consistent space usage by changing this to daily and keeping 28 old logs. You are still retaining the same time period but now 26 out of the last 28 days will always be compressed rather than varying between 27 and 21 days as the week wears on. You can make this 27 out of the last 28 days by removing the delaycompress option in the logrotate config.

The configs for logrotate are in /etc/logrotate.d/. There's usually one file in there for each service that produces logs.

As far as deleting is concerned, it doesn't matter much for old log files that have already been rotated (the ones ending in .1 or .4.gz) but for log files that are being written to, using rm can cause an odd situation where the file doesn't exist in that directory any more but the process still has it open and is writing to it. You won't have freed up any disk space and you won't be able to get to the logs that are being written. Each service has a different method for notifying it that it should start a new log file and these are usually codified in the postrotate section of the logrotate config files.

Ladadadada
  • 26,337
  • 7
  • 59
  • 90
0

If you don't need them (check really well if you do, there might have been errors, security breaches etc. in them), you can delete them. After deleting (or echoing "" into them), for safety, restart the service that produces those log files.

If you have constant issues with log file sizes, consider installing a "logrotate" implementation, which itself zips, archives and deletes log files after a specified amount of time.

mulaz
  • 10,682
  • 1
  • 31
  • 37
0

Why delete log files at all?

If you're that starved for space, burn them to CD or DVD, or redirect them to a USB flash drive, so you'll at least have them somewhere if you need them.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
  • 1
    Fast forward 10 years when search teams are called in to climb over piles of CDs full of log files to search for the OP who has become lost... It's always best to have a data retention policy that include deleting data, this includes one's own personal life. :-) – Red Tux Jun 19 '12 at 12:38