What is Log Rotation
Log rotation is a process of removing/storing old logs while not affecting the latest/newer logs. Almost every single application generates meaningful logs, and if not properly handled, logs can eat up all the space on your disk. Here comes Logrotate!!
Logrotate helps to administer logs, compress them, remove them or even email them after a certain time period, let's say daily, weekly, monthly etc.
Installation
Most of the linux distributions come with logrotate by default. If that’s not the case it can be installed easily with these commands:
RHEL/CentOS
yum install logrotateDebian/Ubuntu
apt-get install logrotateFedora
dnf install logrotateHow it works?
Logrotate has a configuration file in which we can mention all the files we want to rotate. It needs a time period unit i.e, daily, weekly, monthly etc, and rotate count i.e, 3, 4, 5 for each rotation. Log files are rotated count times before being removed. The default rotate count is 0, which means old version of logs will be removed rather than rotated. So, if your logs are being saved in a file named my-application.log then after a rotation a new file will be created with name my-application.1.log, and so on.
For a deep dive into managing logs within Kubernetes, our blog on Logging in Kubernetes: From Container to Visualization provides valuable insights.
Configuration File
Logrotate configuration file is located in /etc/logrotate.conf. A sample configuration file contains blocks like this
/var/lib/docker/containers/*/*.log {
rotate 5
copytruncate
missingok
notifempty
compress
maxsize 200M
daily
}Explanation
/var/lib/docker/containers/*/*.logIt represents the path where logrotate will monitor all the files with .log type
rotate 5Store logs till 5 rotations, which means it will store maximum 5 files of old logs when rotation hits, and will discard oldest logs when there are already 5 files.
copytruncateTruncate the original log file to zero size in place after creating a copy, instead of moving the old log file and optionally creating a new one. It can be used when some program cannot be told to close its log file and thus might continue writing (appending) to the previous log file forever. Note that there is a very small time slice between copying the file and truncating it, so some logging data might be lost
missingokIf the log file is missing, do not generate an error, and move on the next file.
notifemptyDo not rotate the log if it is empty
compressOld version of logs are compressed with gzip format.
maxsize 200MRotate the log file if it exceeds 200 mb in size, regardless of the rotation time unit.
dailyRotation should happen daily.
For complete details about logrotate configuration, open the terminal and type in the following command:
man logrotateFor more details on managing logs and optimizing your Kubernetes setup, check out our Kubernetes Platform Assessment services.
Comments