Rotating logs on debian

By default there is a relatively sensible setup in debian for the rotating of logs, most are done daily, and kept for 7 days, before being discarded. Which for most of us, is quite sensible. It annoys me tho, I like to have logs for longer. Soooo, when I setup a box I find myself wanting to change this setting. However I can never remember what needs changing and where. Sooo, I am sticking it all in here so I can remember. Debian probably provide good docs on this, and google probably can too. But by sticking this here, I can find the information when I need it. So, before any of you moan about duplication of documention, this is for my own benifit, if you find it useful great, else I don't care :p .

What logrotate does

Some packages are rotated and managed by log rotate, this is all pretty simple, and explained in the man page, so I wont go into it here. A few files are not rotated by log rotate by default on debian. Sooo, where are they?


It appears that most of the stuff logged by syslog are infact delt with not by logrotate, but by the syslogd cron job run once a day (by default at 0625). This is abit of a pita to find. By default the file looks like:

	#! /bin/sh

	# sysklogd      Cron script to rotate system log files daily.
	#               If you want to rotate other logfiles daily, edit
	#               this script.  An easy way is to add files manually,
	#               to add -a (for all log files) to syslogd-listfiles and
	#               add some grep stuff, or use the -s pattern argument to
	#               specify files that must not be listed.
	#               This is a configration file.  You are invited to edit
	#               it and maintain it on your own.  You'll have to do
	#               that if you don't like the default policy
	#               wrt. rotating logfiles (i.e. with large logfiles
	#               weekly and daily rotation may interfere).  If you edit
	#               this file and don't let dpkg upgrade it, you have full
	#               control over it.  Please read the manpage to
	#               syslogd-listfiles.
	#               Written by Martin Schulze .
	#               $Id: cron.daily,v 1.12 2004-03-31 16:18:15 joey Exp $

	test -x /usr/sbin/syslogd-listfiles || exit 0
	test -x /sbin/syslogd || exit 0
	test -f /usr/share/sysklogd/dummy || exit 0

	set -e

	cd /var/log
	for LOG in `syslogd-listfiles`
		if [ -s $LOG ]; then
			savelog -g adm -m 640 -u root -c 7 $LOG >/dev/null

	for LOG in `syslogd-listfiles --auth`
		if [ -f $LOG ]; then
			chown root:adm $LOG
			chmod o-rwx $LOG

	# Restart syslogd
	/etc/init.d/sysklogd reload-or-restart > /dev/null


As the comment so rightly points out, you need to play with this. Its not entirely intuative that logrotating should be hidden in two places, one sensibly named logrotate, and one in this file. But ah well.

To rotate for more than 7 days, the bit to change is the number after the -c, so change it from 7 to whatever, I use 10000, as its probably enough. I also tend to add a -a to the syslogd-listfiles command too, so it does this for all of them.

This page last modified Friday, 27-Feb-2009 08:15:22 CET.