Log Rotation – Benefits and Best Practices

logginglogrotate

I have been using logrotation for years and never thought too much of it being a problem until I came across a question on stackoverflow (https://stackoverflow.com/questions/1508734/disable-java-log-rotation/) where someone wants to disable log rotation.

To me with experience in having build server and even production servers cleaned up manually because logs are not rotated and discs are running out and suddenly machines come to a halt that all seems crazy, but it occurred to me that maybe it is not so obvious after all.

So what are the benefits of log rotation? And what are the drawbacks (e.g. more difficult to debug/analyze maybe)? What tools do you find useful for working with rotated log files? Splunk I assume, but what else?

Best Answer

I think the benefits of log rotation are clear:

  1. You get easily managed smaller log files instead of one huge log file.
  2. You don't run out of disk space suddenly if you configure it appropriately according to your capacity limits. (size option)
  3. Older log files can be compressed so that log files get even smaller in size, and thus saving more disk space. (compress option).
  4. You can rotate the files in a specific way / time. For example, each log file contains only information related to a specific day. This will make the search easier given that you know the date. When you don't know the date, you can just search all files or a subset of them. (daily, monthly, etc).
  5. You automatically get rid of very old files. For example, you can keep 30 files at max. (rotate 30).
  6. You can add the extension you like such as rotation date. (dateext).
  7. You can execute specific scripts before/after rotation. (prerotate, postrotate).

EDIT: I added more items to the list and included the options when applicable. For more details, man logrotate can be consulted.

Related Topic