Manage log growth and retention with logrotate by defining a custom rotation policy for a sample application log. Force a rotation run, validate rotated artifacts, and review global defaults so you know what’s inherited vs overridden.
You need to manage log growth and retention using logrotate. Your task is to create a custom rotation policy for a
sample log file and apply it manually so you can validate rotation and compression behavior before it runs on a schedule.
Uncontrolled log growth is a common cause of disk pressure. A clean rotation policy reduces risk while preserving evidence for incident response and troubleshooting.
/var/log./etc/logrotate.d.logrotate -f./etc/logrotate.conf.apt, dnf, or pacman.
/etc/logrotate.d.
weekly, rotate, compress,
missingok, notifempty.
# Pick the command that matches your distro:
# Debian/Ubuntu
sudo apt install logrotate -y
# RHEL/Fedora
sudo dnf install logrotate -y
# Arch
sudo pacman -S logrotatelogrotate is typically run on a schedule (often daily) to rotate logs according to policy. Installation ensures the binary, global config, and drop-in directory are present.
# Example outcomes (varies by distro):
logrotate is already the newest version.
# or
Nothing to do. Complete!sudo touch /var/log/testapp.log
This creates a log target that mimics an application log under /var/log. You’ll attach a custom policy to this file
in the next step.
# Confirm the file exists:
ls -l /var/log/testapp.logtestapp.log.
sudo nano /etc/logrotate.d/testapp
# or
sudo vim /etc/logrotate.d/testapp
Drop-in policies under /etc/logrotate.d keep application-specific rules separated from global defaults. This one
rotates weekly, keeps 4 archives, compresses rotated output, ignores missing files, and skips empty logs.
/var/log/testapp.log {
weekly
rotate 4
compress
missingok
notifempty
}sudo logrotate -f /etc/logrotate.d/testapp
The -f flag forces rotation regardless of whether the normal threshold has been met. This is how you validate a
policy safely during setup or troubleshooting.
# If nothing prints, that can still mean success.
# Use -v for verbose output if you want to see actions:
# sudo logrotate -vf /etc/logrotate.d/testappls /var/log/testapp.log*
You should see the active log and at least one rotated file. With compress enabled, rotated output is typically gzip
compressed (.gz).
/var/log/testapp.log
/var/log/testapp.log.1.gz/etc/logrotate.conf.
cat /etc/logrotate.conf
Global configuration sets baseline defaults and commonly includes /etc/logrotate.d for per-app rules. Knowing what’s
global helps you predict rotation behavior and troubleshoot retention issues.
# Example snippet (varies by distro):
weekly
rotate 4
create
include /etc/logrotate.d
If the log is empty and you used notifempty, rotation may be skipped. Add a line to the log (for example
echo "test" | sudo tee -a /var/log/testapp.log) and force rotation again.
Re-run with verbose output: sudo logrotate -vf /etc/logrotate.d/testapp. Use this during validation and remove it
from automation.
sudo rm -f /etc/logrotate.d/testappsudo rm -f /var/log/testapp.log*logrotate: Rotate, compress, and retire log files according to policy./etc/logrotate.conf: Global logrotate defaults (often includes /etc/logrotate.d)./etc/logrotate.d/: Per-application rotation policies.logrotate -f <config>: Force a rotation run.
-f: force rotation-v: verbose outputweekly: Rotate logs weekly.rotate <n>: Retain n archives before removing the oldest.compress: Compress rotated logs (typically gzip).missingok: Do not error if the log file is missing.notifempty: Do not rotate empty logs.