Why Log Rotation is Necessary
When running a web server like Lighttpd, access logs (access.log) continuously grow, potentially generating hundreds of MB or even GB of data daily. Without management, a single log file can become extremely large, making analysis difficult, consuming significant disk space, and potentially impacting server performance. Therefore, regularly rotating, archiving, and cleaning logs is a fundamental server administration task.
Logrotate: The Built-in Linux Log Management Tool
Many users tend to write custom scripts or use third-party tools for log rotation, but Linux systems include a powerful and flexible built-in tool: Logrotate. It runs automatically via cron jobs, rotating logs based on time (daily, weekly, monthly) or file size, and supports compression, archiving, and deletion of old logs.
How Logrotate Works
Logrotate is driven by a daily cron task, typically located at /etc/cron.daily/logrotate. This script calls the main configuration file /etc/logrotate.conf and includes all service-specific configurations from the /etc/logrotate.d/ directory.
Key Logrotate Configuration Parameters
Most service log configurations reside in /etc/logrotate.d/. Common directives include:
- daily/weekly/monthly/yearly: Specifies rotation frequency.
- rotate <count>: Number of archived log files to keep (e.g.,
rotate 7keeps the last 7 days). - dateext: Appends a date suffix (format -YYYYMMDD) to rotated files instead of a simple number.
- compress: Compresses old logs with gzip.
- delaycompress: Used with
compressto delay compression of the most recent rotation for easier real-time viewing. - missingok: Ignores errors if the log file is missing.
- notifempty: Skips rotation if the log file is empty.
- create <mode> <owner> <group>: Creates a new empty log file with specified permissions, owner, and group after rotation.
- copytruncate: Copies the current log file then truncates it, instead of renaming. Useful for programs that don't support reopening logs after a rename.
- postrotate/endscript: Commands executed after rotation, often to notify the service to reload its log file (e.g., sending a HUP signal).
- sharedscripts: Ensures
postrotatescript runs only once for configurations matching multiple log files.
Configuring Logrotate for Lighttpd
After installation, Lighttpd typically generates a default configuration file (e.g., lighttpd) in /etc/logrotate.d/.
Optimized Configuration Example
Modify the configuration for a production-ready strategy: daily rotation, keep one week of logs, enable compression.
/var/log/lighttpd/*log {
daily
dateext
rotate 7
compress
delaycompress
missingok
notifempty
create 644 root root
sharedscripts
postrotate
# Send HUP signal to lighttpd to reopen log files
/usr/bin/killall -HUP lighttpd &>/dev/null || :
endscript
}This configuration achieves:
1. Daily rotation.
2. Date-suffixed archive names.
3. Keep the last 7 archives.
4. Enable compression, but delay compression of the latest archive.
5. Create a new empty log file with proper permissions after rotation.
6. Notify Lighttpd to reload its log file via the postrotate script.
Testing and Manual Execution
Debug Configuration
Use debug mode (-d) to check configuration without performing actual rotation:
sudo logrotate -d -f /etc/logrotate.d/lighttpdForce Immediate Rotation
To rotate logs immediately (e.g., after configuration changes or for testing), use the -f (force) option:
sudo logrotate -f /etc/logrotate.d/lighttpdAfter execution, you'll see archived files like access.log-20231015.gz in /var/log/lighttpd/, and a new access.log file will be created.
Summary
Using the system's built-in Logrotate to manage Lighttpd logs is an efficient, reliable, and dependency-free solution. A simple configuration file automates log rotation, compression, archiving, and cleanup, greatly simplifying server log administration. Adjust the rotate count and compression strategy based on your actual disk space and log analysis needs.